# Pages are rendered exclusively via index.php (includes/main-content.php
# include()s them); they must never be reachable as direct HTTP targets.
# Direct access would run auto-prepend auth but SKIP check_page_permission(),
# which is only enforced for index.php requests.
Require all denied
