A MITM can intercept the SYNs to port 80 and send their own SYN+ACK.

Not serving on port 80 means a passive viewer won't see any content, but if you were just serving a redirect, there's not much content to see.

IMHO, if you use HSTS preload and you prime HSTS by serving your favicon with https and HSTS, you can go ahead and serve your (unauthenticated) content with http. A modern browser will switch over to https; a MITM could fetch your https pages and return them over http; and you'll be accessible on ancient browsers that can't manage modern TLS.