Allow locked-down clients of end-users
Some end-users may have Javascript disabled for security, and requiring JS features exposes them to attacks from other websites.
If a user has a locked-down client that does not support all the features used by your application, consider allowing that user some access, instead of completely denying access, which may force the user to degrade the client’s security. This may help protect users and slow the propagation of malware.