Please forgive me my near-off-topic answer:<p>Sure there are users out there without JS. There are still some IE6 users out there. But in most cases you need just look at your target: If you build a SaaS service you probably focus on the early adopters, first movers or whatever you call them.<p>Old browser or obscure security settings are a niche. If your product focus on that niche - great, consider it in your technical setup.<p>After attending a horrible freelance project as a ruby/rails guy in 2009 I finally made a decision for all of my hopefully upcoming projects:<p>* focus on the early adopters who may understand your product without a big introduction. these people usually have the best and modern browsers available.<p>* optimize for Safari/Mac, Firefox and maybe Chrome<p>* optimize only for iPhone<p>* <i></i>forget the rest until you have 100 paying customers. Then decide again<i></i>. (100 is just a number, maybe 50, maybe 1000 — you decided)<p>BUT: If you know <i>for sure</i>, that most of your taget customers are using IE6/have no javascript support/whatever: Support it. But I doubt it.<p>And don't think that your startup will have the same % amounts of browsers/settings like the big sites on the web. Also keep in mind that people need to be able and willing to spend money. I can imagine someone without javascript and cookies will never (be able to) enter her/his payment information over the web into a form.<p>They'll be very conservative and in my opinion it's not worth the time to try to "convert" them.<p>TL;DR<p>Try to focus the easiest reachable solution only.
Know your potential customer's setup.
Be selective.
To channel patio11: any stats on how many users have no idea what JavaScript is, let alone how to disable it?<p>Sorry for the slightly flippant response (but thank you to patio11 for training me to think that way). I just couldn't help myself, since you phrased it as 'disabled' rather than 'not JavaScript capable'. In regards to the latter, you might find this StackOverflow post useful: <a href="http://stackoverflow.com/questions/121108/how-many-people-disable-javascript" rel="nofollow">http://stackoverflow.com/questions/121108/how-many-people-di...</a>
I don't have many stats, but I believe some IT installations (where the browser is supposed to connect only to intranet sites) will severely restrict the allowed use of JS.<p>Also, I've had JS randomly break in firefox sometimes, and it doesn't get turned back on until the next install.<p>I think graceful degradation is still the key word here. Not just because it will allow non-JS users to access your site, but also because it helps force you to realize the semantic separation of the HTML versus JS layers.
Valid reasons? You mean other than to defend against the constant barrage of high profile XSS vulnerabilities reported to exist on large numbers of major websites?
I'm working for one of the world's biggest web hosting companies. The percentage of users accessing our pages with JavaScript disabled is around 0.2%. Couple years ago, it was around 1%. I assume this number might not be correct for all target groups (naturally, ours is rather tech affine).<p>And for your question: Personally, I wouldn't support non-JS users for most cases at all. There are security reasons to switch it off, but I hardly see any aspect of life where you get 100% security. JavaScript is an essential part of the web, if someone has a problem with that: don't surf and don't expect me to emulate things that I can solve easily in the client on the server (if at all possible).