Server side validation and processing?

I’m building a government website and they have strict standards for security.

They specify that: “validation of user input must occur server-side” and “process completion must not rely on client-side scripting or embedded objects”.

I can’t find any reference to this in the Contact Form 7 documentation and am wondering if someone can confirm this for me before I go ahead and install.

The guidelines say:

More information

Form validation is to take place on the server regardless of any client-side capacity. Client-side validation can be easily bypassed and some users may not have client-side script available or enabled in their browser.

Client-side validation can be used to supplement server-side validation. Use of client-side validation is encouraged as it can result in more timely feedback to users and a more responsive user experience. It is important to ensure that any client-side validation algorithms are consistent with the definitive server-side validation algorithms.

It should also be noted that modal presentation of error messages is strongly discouraged as they are likely to break the user’s train of thought and offer limited opportunity for the user to review the error messages while trying to address them.

and

More information

The use of scripting to improve the user experience is encouraged; however users must be able to complete any process with client-side scripting disabled. Techniques of progressive enhancement support a richer experience without compromising accessibility.

This requirement also ensures universal access by all users, browsers and devices (including mobile devices).

Thanks!