Short answer: Don’t bother. Humans who use elderly browsers can decide for themselves whether a given site is worth it if some of its features don't behave properly. Robots can be blocked on other grounds.

Besides, “HTML 5” isn’t a discrete set of properties that a browser either does or does not support, en masse. It is far more useful to consult sources like caniuse dot com and look at the support percentages for specific features--whether CSS or HTML--that you’d like to use.

Well I am hoping to validate an email address is in proper format before the visitor can submit a form. Using html5 the email tag works without need for js. Which is what I am trying to limit through the csp without having to have unsafe inline or using a nonce.

Not to mention imho a visitor with very outdated software is typically sniffing for errors. Which makes no sense to allow an outdated browsers in the first place. I am sure I would lose some traffic because of this decision. Which is why I am hoping to use an error message for the outdated browsers. But overall I feel the security risk out weighs the negatives.

Just my opinion though.

Do that and you will be blocking a lot of search engines.

Do that and you will be blocking a lot of search engines.

I can see a lot of problems, but this need not be one of them. Define your blocking criteria, and then make exemptions for known, named search engines, either by name or by IP.