For big web applications or an API, even if they are build in static language you still cannot just remove an endpoint. Maybe something is calling that endpoint once a month and you don't see it, maybe even less, then you only will get to know a lot later.
No matter what, you could only ever hope to verify things that you know can only ever be called by the very code being analyzed. Proving the negative is what you're really trying to do. So static languages can exhaustively prove "deadness" for any non-exported definitions, but external APIs - be they functions or web endpoints or otherwise - are outside the scope of the problem.
