I'll echo the other sentiments here that I wouldn't consider this "static HTML", and I was expecting something about .htaccess. That said, this seems to be a strengthening of what used to be somewhat common "protection", namely variations consisting of:
- Password in plaintext in the source e.g. "if(password=='hunter2') ..."
- No correlation between password and page contents (either the content is merely hidden and shown when the password check succeeds, or lightly obfuscated/encrypted using key independent of knowing the password)
- Hiding content by using "display:none" or similar
why not? this could be served on a server which does not have any dynamic execution capabilities, and does not require the server to handle any other request other than just the HTML.
- Password in plaintext in the source e.g. "if(password=='hunter2') ..."
- No correlation between password and page contents (either the content is merely hidden and shown when the password check succeeds, or lightly obfuscated/encrypted using key independent of knowing the password)
- Hiding content by using "display:none" or similar