To further strengthen the non-javascript nature of this website, I have turned on a strict content security policy for this site.

Content-Security-Policy "default-src 'none'; img-src 'self'; style-src 'self'; report-uri https://csp.ramsay.xyz/report"

This security policy blocks all scripts on this site. ramsay.xyz has never directly used javascript (it had a ton of blogger scripts when it was hosted on Google’s blogger, and later a small Cloudflare script to protect emails when it was on github pages) and I have never wanted it to.