I would recommend that a '403: Forbidden' status code would be the most acceptible in this situation. Wikipedia says
"A typical request that may receive a 403 Forbidden response is a GET for a web page, performed by a web browser to retrieve the page for display to a user in a browser window. The web server may return a 403 Forbidden status for other types of requests as well."