Some of security configuration requires GeoIP detection. It also useful for tracing and should be easy as adding '--with-http-geoip-module' option to configure command for the package.

As we have to use apache, i don't like to go for an aditional nginx proxy just to simulate HTTP/2 ;-)

I think apache is capable to handel HTTP/2 :-D

as brotli seams to be a up to 20% better comression library than gzip and used by many CDN Providers it should be possible to switch on in plesk.

Please add PHP Composer to chrooted Environments.
Many Customers Need PHP Composer to install various scripts, cms Systems and libaries.

A current big Problem is the new typo-neos System - you must use Composer to install at sources correctly

A other Problem are PHP API's and Libaries like Payment Companies like PAYMILL etc..

Have the ability to provide more Nginx builds/packages. For example, offer a 'nginx-full'-package with more modules.

For example, I need the Nginx headers more module. Since this need to be built-in at compile time, it isn't possible to add this later on. So that would mean replace the Plesk version of Nginx with the distro-default. (Heck, why does Plesk need it's own Nginx-build, anyway?)

No, passing headers from Apache is not an option, especially when I'm using the Nginx - PHP-FPM setup.

id like to see these tools implemented into plesk. To run server wide or domain wide, and via cron if required.

Alot of large organisations are using these tools. (facebook etc etc)

I like to see image optimization part of plesk admin panel. It will help servers run faster and optimize web delivery.

A customer would like to be able to assign different PHP versions for different directories inside one the the same webspace.
For example,
/var/www/vhosts/example.com/httpdocs - php5.3.3
/var/www/vhosts/example.com/httpdocs/test - php5.2.17
/var/www/vhosts/example.com/httpdocs/test2 - php5.6.12

am not understand, when i want to move a Domain, the system will delete all the content. The choice to leave the content, I think is essential. This has to be a must!!!

For debugging PHP-FPM can log slow scripts. It would be great if you could manage this feature via Plesk.

By default the HTTP header 'x-powered-by: PleskLin' is added to HTTP responses.
And with PHP, even the version number is included: 'x-powered-by: PHP/7.3.5'

For security it is better to not give such information, as it may expose you are using outdated software with known vulnerabilities.
Currently it is possible to remove these headers, but it requires some manual actions using SSH (https://support.plesk.com/hc/en-us/articles/115000385274)

My suggestion is to create page to be able to manage such header additions for all websites and services.

Application-Layer Protocol Negotiation (ALPN) Support where good.

To ensure the best possible compatibility of support would be very good here.
Of course, this is not a priority but would be good.
So could the future https, http, be http / 2 Easy granted.

I would like to compare HTTP to HTTPS traffic and IPv4 to IPv6 traffic. The data should be in the logs, but it is currently not displayed.

Please can you include a version of nginx compiled with the following modules (that are required for pseudostreaming support)

--with-http_secure_link_module
--with-http_mp4_module
--with-http_flv_module

Directions for nginx pseudostreaming compile at: https://gist.github.com/mikhailov/3174601 also indicate the following needed/should be included:

--with-pcre=/usr/src/pcre-8.32 --with-openssl-opt=no-krb5 --with-openssl=/usr/src/openssl-1.0.1g --with-http_ssl_module --with-http_stub_status_module

For reference, these are the modules included with the present Plesk 1.6 nginx module:

--with-ipv6 --with-file-aio --with-http_ssl_module --with-http_realip_module --with-http_sub_module --with-http_dav_module --with-http_gzip_static_module --with-http_stub_status_module

Add server-wide custom error pages configuration via Plesk UI.

Per-domain solution is her: https://support.plesk.com/hc/en-us/articles/213370209-How-to-enable-custom-error-pages-for-a-domain-in-Plesk

Implement client SSL certificates for authentication

I think you should add HTTP authentication to the Plesk panel itself - that way it is more secure and if there is ever a vulnerability that allows bypassing the Plesk panel login, someone would also have to find a vulnerability in HTTP authentication itself before even getting to the Plesk panel in the first place. To me it makes more sense to make the Plesk panel itself the most secure it can possibly be, not just websites/virtual hosts hosted by the Plesk panel.

Please, consider to implement some sort of cache purge functionality available from Plesk web interface, because if cache TTL gets extended to match Site needs, it gets complicated, i.e. need to go over Linux Terminal to purge it. A Wordpress integration would be just super fantastic, but I understand, it is not realistic to wish it.
Thank you!