Security Statement

The site uses semantic server-rendered PHP, no database, no third-party JavaScript, a strict Content Security Policy, route allowlisting, direct-access denial for application/content directories, and escaped Markdown rendering.

No database does not mean the site is secure. Hosting configuration, PHP version, file permissions, TLS, backups, server logs, deployment workflow, and operator credentials remain security-critical.