do i have to pass

Authorization

header to check health via HTTP gateway, or it could be done anonymously?