Hello Rahul,
Yes its a valid error.
When u consume/fire any service in GW Client ( T-Code -> /iwfnd/gw_client ) u need not to explicitly send the token value in the HTTP header.
GW Client itself will internally handle sending of CSRF Token. Hence no need of sending.
U need to explicitly send the CSRF Token value in the HTTP Header when u r consuming/firing from the Browser. i.e., when u fire service from FireFox Rest Client or Chrome POST Man / Advanced REST Client.
U can use the metadata URL of ur UPDATE service only to get the CSRF Token 
U need not to fire GET Service at all. This just an additional info.
Regards,
Ashwin