Https health monitor required authentication to work but back-end servers do not need authentication

I'm guessing the only way to know for sure is to watch the traffic. Since this is SSL you'll need to either run ssldump from the command line (with the server's SSL private key):

ssldump -k [path to server's private key] -AdNn -i 0.0 port 443 and host [server's IP]

or dump to a file and inspect in wireshark (also with the server's private key):

tcpdump -lnni 0.0 -s0 port 443 and host [server's IP] -w [path to write file.pcap]

I'm a bit curious about the -L option in your first cURL statement. That option allows cURL to follow 30x redirects. Does your application send a redirect from this initial /startPage?