I have been having the same issue, and it seemed to start this week. We are running Kibana local and connecting to Compose Elastic Search, and it appears that Kibana isn't passing the authorization header to Compose Elastic in some cases. I was able to get it working by adding this to kibana.yml:
elasticsearch.customHeaders: { Authorization: Basic XXXXXXXetc }
where XXXXXXXetc is the Base64 encoding of the string id:password
I continue to let elasticsearch.requestHeadersWhitelist default. I haven't thoroughly tested but the first few pages that were receiving 401 status codes are now rendering correctly; hope this works for you.