Actually some subset of this functionality is possible with static or semi-static pages but actually the problem is not so much about a page being static or dynamic but about being read-only vs getting user input. As soon as you need to deal with user input, there are inherent security issues.
You can go around these by having some presets in the profile and providing cached results for the most common search types but this is more or less as far as you can go.
Strictly speaking, you are correct. But in this case dealing with user input such as headers and their modifications is the responsibility of the server just like dealing with potentially malformed HTTP replies is the responsibility of the browser. What we are talking here though is the possibility of interaction with the remaining elements of the system (application, database). If these are read-only, the attacker loses these attack vectors.
You can go around these by having some presets in the profile and providing cached results for the most common search types but this is more or less as far as you can go.