How does one control server-side-enforced timeout behavior for "Anonymous" type Authentication services since they don't have the options other types have?

They have neither the "Use PegaRULES Timeout" option that Kerberos/Custom types have, nor the "Use access group timeout" option that other type of Authentication services have. Are the equivalent of either of these flags assumed to be true?

We are aware we can embed the pxSessionTimer gadget, and we do, but it relies on the UI tab remaining active and is not guaranteed on all devices configurations.

We would like to know the default and configurable server-side timeout behavior for Anonymous type Authentication Services.