diff --git a/modules/commerce/modules/checkout/includes/commerce_checkout.admin.inc b/modules/commerce/modules/checkout/includes/commerce_checkout.admin.inc
index cc5ac2b..2b85d2f 100644
--- a/modules/commerce/modules/checkout/includes/commerce_checkout.admin.inc
+++ b/modules/commerce/modules/checkout/includes/commerce_checkout.admin.inc
@@ -72,6 +72,20 @@ function commerce_checkout_builder_form($form, &$form_state) {
     );
   }
 
+  // Select checkout access denied response.
+  $form['checkout_access_response_type'] = array(
+    '#type' => 'select',
+    '#title' => t('Checkout access denied response'),
+    '#description' => t('Select the required response for users that attempt to
+      view a checkout page for which they don\'t have access.'),
+    '#default_value' => variable_get('commerce_checkout_access_response_type', MENU_NOT_FOUND),
+    '#weight' => 1,
+    '#options' => array(
+      MENU_NOT_FOUND => '404',
+      MENU_ACCESS_DENIED => '403',
+    ),
+  );
+
   $form['actions'] = array(
     '#type' => 'actions',
     '#tree' => FALSE,
@@ -147,6 +161,12 @@ function commerce_checkout_builder_form_save_submit($form, &$form_state) {
     }
   }
 
+  // Save checkout access denied response.
+  variable_set(
+    'commerce_checkout_access_response_type',
+    $form_state['values']['checkout_access_response_type']
+  );
+
   drupal_set_message(t('Checkout pane positions saved.'));
 }
 
diff --git a/modules/commerce/modules/checkout/includes/commerce_checkout.pages.inc b/modules/commerce/modules/checkout/includes/commerce_checkout.pages.inc
index bbb2a06..ab96d0e 100644
--- a/modules/commerce/modules/checkout/includes/commerce_checkout.pages.inc
+++ b/modules/commerce/modules/checkout/includes/commerce_checkout.pages.inc
@@ -17,11 +17,9 @@ function commerce_checkout_router($order, $checkout_page = NULL) {
     $checkout_page = reset($checkout_pages);
   }
 
-  // If the user does not have access to checkout the order, return a 404. We
-  // could return a 403, but then the user would know they've identified a
-  // potentially valid checkout URL.
+  // Return either a 404 or 403 to users without access to the checkout URL.
   if (!commerce_checkout_access($order)) {
-    return MENU_NOT_FOUND;
+    return intval(variable_get('commerce_checkout_access_response_type', MENU_NOT_FOUND));
   }
 
   // If the user is attempting to access an inaccessible page for their order,