Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum, Google+ community and Facebook page
For additional information, see Documentation and Knowledge Base
Follow us on Twitter for more news on Plesk development
Off-topic posts will be removed from here
-
Support for HTTP Strict Transport Security / HSTS
I'm wondering if Plesk also will implent HTTP Strict Transport (or HSTS) Security in the GUI. It's an extra layer of security for sites who need to be extra secure.
It's being done with a special header (mod_headers for Apache) and a TLS connection. The client (browser) can then verify if the server is the real server and not a man-in-the-middle server/attack.
It's as simple as adding the following code to the vhost config (HTTPS only!):
Apache:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"Nginx:
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";229 votes
- Don't see your idea?