Humane Web Toolkit

A calm, self‑hosted reference for building kind, non‑hostile websites.

No tracking. No CAPTCHAs. No lockouts. Just people‑first design.

Principles

Humane web checklist

Use this as a quick audit before you ship a page or feature.

  • Respect privacy: no analytics, no hidden trackers, no fingerprinting.
  • Stay accessible: readable contrast, keyboard‑friendly, clear language.
  • Be forgiving: no lockouts, no hard rate limits, no hostile messages.
  • Minimize friction: avoid puzzles, CAPTCHAs, and unnecessary hurdles.
  • Explain gently: when something fails, say why in calm, human terms.
Patterns

Gentle error & bot‑handling patterns

These are text patterns you can reuse in forms, APIs, and UIs.

Soft 401 / 403 message

“You don’t have access to this area yet. If you believe this is a mistake, you’re welcome to contact the maintainer so we can sort it out together.”

Soft 500 message

“Something went wrong on our side. Your request was not lost. Please try again in a moment, or reach out if this keeps happening.”

Honeypot triggered (bot detected)

“It looks like an automated script may have filled in a hidden field. Please submit the form again, leaving any invisible or ‘do not fill’ fields empty.”

Turnstile / background checks

“We run quiet, background checks to keep this space safe from automated abuse. These checks are designed to stay invisible and never block genuine visitors.”

Template

Humane contact form (server‑side only)

This form is designed to work with server‑side processing only. No JavaScript, no tracking, and a honeypot that never accuses humans.

You can leave this blank if you prefer to stay unnamed.

Only used to reply to you. No mailing lists, no tracking.

Share feedback, ideas, or concerns. Plain text is perfect.

Server‑side suggestion: if the honeypot field website is filled, respond with a gentle message like:
“Bot detected! Please fill the form again, leaving hidden fields empty.”

Hosting notes

Self‑hosting & Cloudflare notes

  • Self‑hosted: keep this file on a private server or behind auth for trusted people.
  • No indexing: the <meta name="robots" content="noindex, nofollow"> tag discourages search engines.
  • Cloudflare Pages: if you choose to make it public there, you can remove that meta tag.
  • No JavaScript required: all behavior is server‑side; this file stays HTML + CSS only.