pfSense

The files tree.js and tree.css in /usr/local/www/tree/ are used by the traffic shaper to draw the interface/queue trees. The full library distribution is there along with index.html which explains its usage. Given that it's a static js/css library and not private, it's not the end of the world for it to be unprotected but having that index.html there explaining the library's usage looks unusual and can be a red flag for automated scanners.

At the very least the index.html should be blanked out, might even be better to move/relocate the library and only keep the exact files needed. Or if there is a better library to use for this that integrates better with bootstrap it could be replaced.