> OPTIONS /rest/api/2/user/search HTTP/2
> Host: uat.jira.atlassian.com
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:144.0) Gecko/20100101 Firefox/144.0
> Accept: */*
> Accept-Language: en-US,en;q=0.5
> Accept-Encoding: gzip, deflate, br, zstd
> Access-Control-Request-Method: GET
> Access-Control-Request-Headers: authorization
> Referer: http://localhost:8080/
> Origin: http://localhost:8080
> Connection: keep-alive
> Sec-Fetch-Dest: empty
> Sec-Fetch-Mode: cors
> Sec-Fetch-Site: cross-site
> Priority: u=4
> Pragma: no-cache
> Cache-Control: no-cache
> TE: trailers 

HTTP/2 401 
< vary: Accept
< www-authenticate: OAuth realm="https%3A%2F%2Fuat.jira.atlassian.com"
< cache-control: no-transform
< content-type: application/xml;charset=UTF-8
< access-control-allow-credentials: true
< content-security-policy: sandbox
< strict-transport-security: max-age=31536000
< access-control-expose-headers: Authorization, Origin, Content-Type
< date: Sun, 09 Nov 2025 18:54:41 GMT
< server-timing: threadId;desc=106555
< x-arequestid: 1134x49641x1
< x-xss-protection: 1; mode=block
< x-ausername: anonymous
< access-control-allow-origin: http://localhost:8080
< x-content-type-options: nosniff
< set-cookie: atlassian.xsrf.token=AFO8-U7KY-AFO8-1PET_17as852a54a2dbca2c072a973f88cd38958f0f5164a_lout; Path=/; Secure; SameSite=None
< x-anodeid: jira-uat-atlassian-ap2
< x-frame-options: SAMEORIGIN
< referrer-policy: strict-origin-when-cross-origin
< content-length: 174
< 
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><status><status-code>401</status-code><message>Client must be authenticated to access this resource.</message></status>