What if there were two reasons to forbid the request?

Why can't apps modify the original HTTP error message, for example using "403 Not Enough Credit" instead of "403 Forbidden", in their first use case?

I like the idea but I wonder how it plays together with "human-friendly" APIs that return error codes and HTML. Should you use Accept: headers to signify that you want a machine-readable error message?