diff --git a/etc/nginx/sites-enabled/mail b/etc/nginx/sites-enabled/mail
index 17020f3..9e77fef 100644
--- a/etc/nginx/sites-enabled/mail
+++ b/etc/nginx/sites-enabled/mail
@@ -45,7 +45,6 @@ server {
 	add_header Referrer-Policy no-referrer always;
 	add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), geolocation=(), fullscreen=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=(), otp-credentials=()" always;
 	add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always;
-	add_header Expect-CT "max-age=86400, enforce" always;
 	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 	add_header Cross-Origin-Embedder-Policy require-corp always;
 	add_header Cross-Origin-Opener-Policy same-origin always;
@@ -70,7 +69,6 @@ server {
 		add_header Referrer-Policy no-referrer always;
 		add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), geolocation=(), fullscreen=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=(), otp-credentials=()" always;
 		add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always;
-		add_header Expect-CT "max-age=86400, enforce" always;
 		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 		add_header Cross-Origin-Embedder-Policy require-corp always;
 		add_header Cross-Origin-Opener-Policy same-origin always;
@@ -82,7 +80,6 @@ server {
 	location ~ \.php$ {
 		add_header Referrer-Policy no-referrer always;
 		add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always;
-		add_header Expect-CT "max-age=86400, enforce" always;
 		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 		include snippets/fastcgi-php.conf;
 		fastcgi_pass unix:/run/php/php8.2-fpm.sock;
diff --git a/etc/nginx/sites-enabled/mta-sts b/etc/nginx/sites-enabled/mta-sts
new file mode 100644
index 0000000..3192b87
--- /dev/null
+++ b/etc/nginx/sites-enabled/mta-sts
@@ -0,0 +1,18 @@
+server {
+    listen [::]:443 ssl http2;
+    server_name mta-sts.danwin1210.de;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+	ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+	ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+    location / {
+        return 404;
+    }
+	location = /.well-known/mta-sts.txt {
+		default_type text/plain;
+		return 200 "version: STSv1
+mode: enforce
+mx: danwin1210.de
+max_age: 86400
+";
+	}
+}
\ No newline at end of file
diff --git a/etc/nginx/sites-enabled/openpgpkey b/etc/nginx/sites-enabled/openpgpkey
index 835e034..9ec6587 100644
--- a/etc/nginx/sites-enabled/openpgpkey
+++ b/etc/nginx/sites-enabled/openpgpkey
@@ -1,6 +1,5 @@
 server {
-	listen [::]:443 ssl proxy_protocol http2;
-	add_header Expect-CT "max-age=86400, enforce" always;
+	listen [::]:443 ssl http2;
 	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 	root /var/www/html;
 	location / {
diff --git a/etc/prosody/prosody.cfg.lua b/etc/prosody/prosody.cfg.lua
index 1ec42bd..20fdae8 100644
--- a/etc/prosody/prosody.cfg.lua
+++ b/etc/prosody/prosody.cfg.lua
@@ -247,7 +247,7 @@ contact_info = {
   security = { "https://danwin1210.de/contact.php", "mailto:daniel@danwin1210.de" };
   support = { "https://danwin1210.de/contact.php", "mailto:daniel@danwin1210.de" };
 }
-data_path = "/srv/var/lib/prosody"
+data_path = "/var/lib/prosody"
 legacy_ssl_ports = {5223}
 external_services = {
     {