- Proper cipher suites - Perfect forward secrecy - HSTS - Add to preload list? - Proper cert - The current one uses SHA1, but [Microsoft plans to deprecate move away from SHA1](http://technet.microsoft.com/en-us/security/advisory/2880823). See https://wiki.mozilla.org/Security/Server_Side_TLS
See https://wiki.mozilla.org/Security/Server_Side_TLS