When a user attempts to access a resource on an application but is unauthorized due to the application's lack of correct authentication credentials, which HTTP status code should the application return to the user's browser?
401 Unauthorized
400 Bad Request
404 Not Found
500 Internal Server Error