Thank you for reaching out.
I understand you wish to know why Azure application gateway rate limit returns a 403 response instead of 429 response.
Currently 403 response is by design and the product team is aware of this scenario. The team will be releasing a feature for this scenario where customers will be able to customize the http response code for rate-limit on their own. I currently do not have a fixed ETA to share about when this feature will be released but request you to keep an eye out on Azure updates for Application Gateway.
Hope this helps! Please let me know if you have any questions. Thank you!