If your website cannot be delivered, nothing else on the site matters.
This simple tennant
has some interesting consequences.
The first is that you should encrypt your entire website. If the site is not encrypted then what your visitor sees might not actually be your site. It defeats the entire point of having a site. Worse, it will tarnish your good name.
The second insight it the minimum level of encryption. TLS v1.0 and TLS v1.1 are compromised. That means our baseline should be TLS v1.2.
This means any browser old enough to not support TLS v1.2