Currently CloudFlare ServerShield is implemented using partial (CNAME) setup. What is the point in a partial setup when you can benefit from full DNS? You get anycast DNS with CloudFlare on full DNS.

It is not possible to add an ip manually to fail2ban trough Plesk interface. Sometimes you detect an offending ip address which you want to ban from your system, before it is detected by recidive rule.

A carddav and caldav Server

It would be great to have ftp account with an expire date.
A sort of temporary ftp accounts.

This becomes really usefull when you need to share your ftp details temporary with a webdeveloper, or somebody else to maintain of check an website.

I always make a new FTP account for this sort of events, but then forget to delete them. It would be real nice if you could set a expire date that the account automaticly blocks itself after that date is past.

Add description/comment field to trusted ip address on fail2ban

Have the ability to provide more Nginx builds/packages. For example, offer a 'nginx-full'-package with more modules.

For example, I need the Nginx headers more module. Since this need to be built-in at compile time, it isn't possible to add this later on. So that would mean replace the Plesk version of Nginx with the distro-default. (Heck, why does Plesk need it's own Nginx-build, anyway?)

No, passing headers from Apache is not an option, especially when I'm using the Nginx - PHP-FPM setup.

as brotli seams to be a up to 20% better comression library than gzip and used by many CDN Providers it should be possible to switch on in plesk.

Ability to renew a subscription based on the subscription plan's configured subscription expiry date.

So if a subscription expires in ten days from now and it's subscription plan is set to expire in one year, I would like to be able to click a Renew button to extend the subscription with one more expiry unit (1 year in this case, 2 years if the subscription plan would have been set to expire every two years).

Also show renewal date in the list and sort by renewal date

This would allow you to see mailboxes that are no longer in use.

Many times I find that some subscriptions won't sync because they are locked. I'd really like to know why they are locked. So far, I've been able to unlock & sync with no noticeable changes. But I'm left wondering what caused the lock in the first place. And I'm afraid that I'll realize later something no longer works as expected.

In Fail2ban (great idea to include it in plesk!) settings you can set "Time interval for detection of subsequent attacks" (findtime) in general. But it would be interesting this setting per Jail.
Why?
you could have 2 jail with same filter but different findtime. Example:
Jail 1) 5 failures in 600 seconds: 1800 seconds ban
Jail 2) 30 failures in 86400 seconds: 604800 seconds ban

There are bots that detect if you have some protection fail2ban or similar and it will adapt, login attempt every 300 seconds for example. Jail 1 no detect this attack, but Jail 2 yes.

Add support of TLS 1.3 to Plesk interface's web server. TLS 1.3. improves security.

Please compile nginx with these extra options to provide even faster time-to-first-byte responses on modern kernels:

./configure ... --with-cc-opt='-DTCP_FASTOPEN=23'

Background information and complete guide: https://www.masv.io/enabling-tcp-fast-open-nginx-centos-7/

The implementation of the centralized smartermail in plesk onyx for windows is good, but it should also be possible to integrate this feature into the linux edition.

Many hosters provide both windows and linux hosting with ONE centralised mail solution. Since the integration for winodws is already done I suppose it shouldn't be too hard to integrate it into the linux version as well since smartermail is completely API based.

SPF information is so far entered through the TXT record. Adding the emerging new SPF record would make sense.