Helix requires a token. (As does a fair chunk of v5 but legacy apps had clientID only access for an extended period iirc)
To access data in a front end scneario use implict auth.
To access public data in a server scenario use an App Access/Client Credentails token.
For a website the website should call the backend and use the relevant token to talk to twitch.
Or move to EventSub for live status/etc and server side caching for data rather than direct API calls, which could also be considered good practice.