In Jira, there are a number of URLs that are always accessable anonymously, including, but not limited to:
/secure/BrowseProjects.jspa
/secure/Dashboard.jspa
/secure/ManageFilters.jspa
/issues

Although there are a number of feature requests to allow blocking access to these, I would like to propose a single solution to all of these. there is already a good solution that has been proven to work in Confluence cloud:

Anonymous Access global permissions.

In Confluence, there is an anonymous access global permission which must be enabled, or all pages to the instance will be blocked to unauthenticated users.
I would like to propose that this be an option made available for Jira as it will greatly add to the peace of mind of our customers knowing that they have a one-click solution to guarantee control over access to their instance.