Defence-in-depth no-indexing for the private app surfaces (admin dashboards, the FerrLabs-Cloud user app, auth flows for FerrTrack/FerrVault/FerrGrowth, FerrGames admin/app). Each app now ships three layers:
<meta name="robots" content="noindex,nofollow">inindex.html.public/robots.txtwithDisallow: /.- nginx
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always;.
Marketing sites (ferrlabs.com, ferrflow.com, etc.) stay fully indexable with their Allow: / robots.txt + sitemap. Only the staff-facing and post-auth surfaces are hidden from search engines.