A log from the command with the -vv flag (eg output from rclone -vv copy /tmp remote:tmp)
2019/10/12 09:41:08 DEBUG : rclone: Version "v1.49.5" starting with parameters ["rclone" "-vv" "copyurl" "https://api.github.com/repos/jdrydn/yoem/zipball" "s3:backup-bucket/yoem.zip"]
2019/10/12 09:41:08 NOTICE: Config file "/Users/james/.config/rclone/rclone.conf" not found - using defaults
2019/10/12 09:41:09 ERROR : Attempt 1/3 failed with 1 errors and: CopyURL failed: 404 Not Found
2019/10/12 09:41:11 ERROR : Attempt 2/3 failed with 1 errors and: CopyURL failed: 404 Not Found
2019/10/12 09:41:12 ERROR : Attempt 3/3 failed with 1 errors and: CopyURL failed: 404 Not Found
2019/10/12 09:41:12 Failed to copyurl: CopyURL failed: 404 Not Found
That kind of indicates that Copy URL tried to copy the file but got a 404 not found.
I tried your example on v1.49.5 and the latest beta and it worked fine on both, though I didn't use the HTTP_HEADERS I just did it without auth.
If you run with -vv --dump bodies --log-file test.log then you can examine all the http transactions in the log. Hopefully that should shed some light - if not post them (redacting sensitive info if any) and I can take a look.
Aha, --dump bodies is a great debug option Looks like RCLONE_HTTP_HEADERS doesn't affect copyurl, just the HTTP remote. That is to say, the Authorization header isn't present in the log at all, which explains the 404 result! I guess something changed regarding this option between v1.48.0 and v1.49.5.
However I just realised I can get this to work by putting the token in the URL: