According to this DG-Auth and X-Auth-Token are equivalent. You need it to allow anonymous access, which does not exist locally (and by the way, also not when using a Dedicated Cluster with ACL activated on Cloud).
Client applications accessing the Dgraph Cloud cluster endpoint
/graphqlwith anonymous access not set on the requested operation, must present a valid client or admin API key in the
Dg-AuthorX-Auth-Tokenheader of every HTTP request.
I mean, that the X-Auth-Token value is a KEY and not a TOKEN (in terms of JWT) and thus this might be a bit confusing for some. It did for me but this relates to the fact that in earlier docs the X-Auth-Token was actually referred to as the @auth token.
However, the much more important issue is the forwarding of the X-Dgraph-AccessToken since without this, neither custom resolvers on the Cloud nor with the community version will work correctly.