Issue
Some security scan results may flag 'Unprotected Files' on the root level of Tableau Server that can be accessed without authentication.
For example, these HTML files (and their compressed/gzipped equivalents) may likely look like the following list:
https://tableau.<servername>.com:443/vizportal.min.js
https://tableau.<servername>.com:443/rsa.js
https://tableau.<servername>.com:443/console-polyfill.js
https://tableau.<servername>.com:443/vizportalMinLibs.js
https://tableau.<servername>.com:443/messageformat.js
https://tableau.<servername>.com:443/js.cookie.js
https://tableau.<servername>.com:443/Underscore.js
https://tableau.<servername>.com:443/jquery.js
https://tableau.<servername>.com:443/javascripts/api/tableau-2.0.2.min.js
https://tableau.<servername>.com:443/en/embeddedAuth.html
https://tableau.<servername>.com:443/en/textBox.html
https://tableau.<servername>.com:443/en/passwordBox.html
https://tableau.<servername>.com:443/en/signingIn.html
https://tableau.<servername>.com:443/en/signInLogo.html
https://tableau.<servername>.com:443/en/login.html