Not always, but censorship resistance should include accessibility for both spammers and people who want to block spammers

Every nostr client web app seems to use JavaScript and stuff to function on-device and take load off the server backend, so when I have the nprofile link, every client could by default load every post a spam bot has ever made if it has its own relay for the web app to connect to. That would be censorship-resistant 

Instead, even if it's a regular person instead of a bot, seeing all their posts might not work reliably across all apps. That's not censorship resistant