The Pugpig Drupal module does not actually protect any content - it relies on something in front of the module to do this. For example, there is a Varnish integration which provides this function. The module communicates with the external component by means of HTTP components.
For more detail on this see Varnish Edge Authentication
Outbound HTTP Headers
These headers are set by the module for use by the upstream system, for example Varnish:
X-Pugpig-Entitlement- the entitlement required to access this resource.