When I start checking my script, I'm getting this error: WWW-Authenticate: Bearer error="invalid_token"
This Bearer token is probably coming from a previous server response. Have you tried to extract it and reuse it in that header?
Also i saw that you managed the cookie values with NeoLoad variables. If it's server cookies it's not necessary to do that since NeoLoad will automatically take care of them. Actually your variables are not used if NeoLoad is configured to manage them.