curl 'https://api.hevyapp.com/user_profile/brielikethecheese' -X OPTIONS -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0' -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' -H 'Access-Control-Request-Method: GET' -H 'Access-Control-Request-Headers: auth-token,x-api-key' -H 'Referer: https://www.hevy.com/' -H 'Origin: https://www.hevy.com' -H 'Connection: keep-alive' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: cross-site'

You can see your OPTIONS. 

# http  'https://api.hevyapp.com/user_profile/brielikethecheese'
HTTP/1.1 401 Unauthorized
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, x-api-key, auth-token, session-token
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Connection: keep-alive
Content-Length: 12
Content-Type: text/html; charset=utf-8
Date: Thu, 01 Sep 2022 23:44:55 GMT
Etag: W/"c-dAuDFQrdjS3hezqxDTNgW7AOlYk"
Server: Cowboy
Via: 1.1 vegur
X-Powered-By: Express
X-Ratelimit-Limit: 1000
X-Ratelimit-Remaining: 994
X-Ratelimit-Reset: 1662075942

Unauthorized