Just to remind ourselves of basic and common security recommendations for most of the cases.
1. Use HTTPS (and HTTP/2) whenever possible.
With services like Let’s Encrypt you don’t have an excuse anymore. It won’t affect much your performance/resources/budgets either. Don’t believe me? Have a look at a (really old now) study from Google.
2. Disable obsolete TLS v1.0/1.1 and insecure algorithms.
This might be…