add HSTS as new security parameter in the Manager ?
HSTS can be configured in the Apache/Nginx vhost:
Header set Strict-Transport-Security "max-age=15768000"
Maybe it can be useful to have it at the same place as other security options?
It's just an idea, it requires to check if it's relevant...