Only PeterTyson will know for sure. You can make an application return whatever you want. 403 is intended to return for resources that exist but that you do not have access to, and a good application should handle that gracefully. But who knows.
I’m never a fan of returning 403 on purpose as that is to me like waving a flag like some juicy data exists at that endpoint but your aren’t allowed to access it. Would be my inner hacker that is drawn to it to try and bypass those controls