The check subscriptions endpoint requires using an App access token, so if you’re getting a 401 then it’s likely you’re just using a Client ID rather than an App token.
Checking your GET request and comparing it to mine, only main differences I see is the content type, as mine responds with ‘application/json’, although I’m not sure if that will be an issue, check the check subscriptions endpoint with an app token first as if that’s showing a subscription then your GET is fine.
Also, you don’t need to respond with your client-id in the header. It’s not a security issue as it’s just a client id, but something to keep in mind if you switch to subscribing to webhooks with an App token instead and start exposing that then it’ll be a big issue.