The Anonymous endpoint is a non-authenticated endpoint that is used by some authenticators to provide out-of-band access to the authenticator. A good example is the SMS authenticator that allows the user to click a hyperlink in the SMS to move the authentication forward. This requires the phone to access an endpoint without having a session or being in an authentication flow on that device. The SMS authenticator therefore exposes this link on the anonymous endpoint where no such requirements exist.