How to write a Custom X509 Authentication Signature Policy only on request and not on reply

How do i write a custom policy for X509 Authentication Signature only on request and not on reply.

My problem is the standard out of box policy(X509 Authentication Signature) applies policy both on request and response. Since my partner doesn’t send a signed response, it SOAP response is failing on my side with error:

SOAP header missing in SOAP response

I did talk to my partner about this and hes said that they cannot send a signed request, so my out of box policy will not work.

I m using designer 8.2.2