Hi Murali,
No, most of them are sent for both protected and unprotected resources.
Few headers that I know which are sent only for protected resources are :
HTTP_SM_REALM
Indicates the CA Single Sign-On realm in which the resource exists.
HTTP_SM_REALMOID
Indicates the realm object ID that identifies the realm where the resource exists. This ID is may be used by third party applications to make calls to the Policy Server.
Is there any specific headers that you are looking for ?
Regards,
Ujwol