diff --git a/nginx/conf.d/instances.nadeko.net b/nginx/conf.d/instances.nadeko.net
new file mode 100644
index 0000000..efeb503
--- /dev/null
+++ b/nginx/conf.d/instances.nadeko.net
@@ -0,0 +1,34 @@
+server {
+	access_log /var/log/nginx/instances.zzls.xyz.access.log;
+	error_log /var/log/nginx/instances.zzls.xyz.error.log;
+	server_name instances.zzls.xyz instances.nadeko.net;
+	include configs/general.conf;
+	include configs/security.conf;
+	include configs/robotsNone.conf;
+
+	location / {
+		proxy_pass https://fijxu.github.io/justlog-instances-uptime;
+		include configs/proxy.conf;
+	}
+
+	# QUIC
+	include configs/http3.conf;
+
+	listen 443 ssl;
+	http2 on;
+
+}
+server {
+	set $x "";
+	if ($host = instances.zzls.xyz) {
+		set $x 1;
+	}   
+	if ($host = instances.nadeko.net) {
+		set $x 1;
+	}
+	if ($x = 1) {
+		return 301 https://$host$request_uri;
+	}
+	listen 80;
+	server_name instances.zzls.xyz instances.nadeko.net;
+}
diff --git a/nginx/conf.d/logs.zzls.xyz.conf b/nginx/conf.d/logs.zzls.xyz.conf
index c281733..1d0e781 100644
--- a/nginx/conf.d/logs.zzls.xyz.conf
+++ b/nginx/conf.d/logs.zzls.xyz.conf
@@ -26,6 +26,10 @@ server {
 			return 401 "lol";
 		}
 
+		location ~* ^/(channel/.*/user/8nunni|channelid/.*/user/8nunni|channel/.*/userid/1011023847|channelid/.*/userid/1011023847){
+			return 401 "lol";
+		}
+
 		error_page 501 502 503 /50x.html;
 		proxy_intercept_errors on;
 	}
diff --git a/nginx/conf.d/mail.zzls.xyz.conf b/nginx/conf.d/mail.zzls.xyz.conf
index e7d63e1..6576a33 100644
--- a/nginx/conf.d/mail.zzls.xyz.conf
+++ b/nginx/conf.d/mail.zzls.xyz.conf
@@ -1,6 +1,8 @@
+# mail.nadeko.net
+
 server {
-	access_log /var/log/nginx/mail.zzls.xyz.log combined;
-	error_log /var/log/nginx/mail.zzls.xyz.error;
+	access_log /var/log/nginx/mail.nadeko.net.log combined;
+	error_log /var/log/nginx/mail.nadeko.net.error;
 	server_name mail.nadeko.net;
 	include configs/general.conf;
 	include configs/robotsNone.conf;
@@ -16,6 +18,10 @@ server {
 		alias /var/www/mail/favicon.png;
 	}
 
+#	location ^~ /.well-known/mta-sts.txt {
+#		return 200 "version: STSv1\nmode: enforce\nmax_age: 1296000\nmx: mail.nadeko.net\r\n";
+#	}
+
 	# QUIC
 	include configs/http3.conf;
 
@@ -34,3 +40,34 @@ server {
 	listen 80;
 	return 404;
 }
+
+# mta-sts.nadeko.net
+
+server {
+	access_log /var/log/nginx/mta-sts.nadeko.net.log combined;
+	error_log /var/log/nginx/mta-sts.nadeko.net.error;
+	server_name mta-sts.nadeko.net;
+	include configs/general.conf;
+	include configs/robotsNone.conf;
+	include configs/security.conf;
+
+	location ^~ /.well-known/mta-sts.txt {
+		return 200 "version: STSv1\nmode: enforce\nmax_age: 1296000\nmx: mail.nadeko.net\r\n";
+	}
+
+	listen 443 ssl;
+	http2 on;
+}
+
+server {
+	set $x "";
+	if ($host = mta-sts.nadeko.net) {
+		set $x 1;
+	}
+	if ($x = 1) {
+		return 301 https://$host$request_uri;
+	}
+	server_name mta-sts.nadeko.net;
+	listen 80;
+	return 404;
+}
diff --git a/nginx/conf.d/zzls.xyz.conf b/nginx/conf.d/zzls.xyz.conf
index ee347e2..7700783 100644
--- a/nginx/conf.d/zzls.xyz.conf
+++ b/nginx/conf.d/zzls.xyz.conf
@@ -2,7 +2,7 @@ server {
 	access_log /var/log/nginx/zzls.xyz.log;
 	root /var/www/website;
 	index index.html;
-	server_name _ zzls.xyz www.zzls.xyz www.nadeko.net nadeko.net;
+	server_name zzls.xyz www.zzls.xyz www.nadeko.net nadeko.net;
 	include configs/general.conf;
 	include configs/security.conf;
 
@@ -20,7 +20,6 @@ server {
 
 	location / {
 		try_files $uri $uri/ =404;
-		add_header Access-Control-Allow-Origin *;
 		expires	1h;
 	}
 
@@ -38,20 +37,6 @@ server {
 	http2 on;
 }
 
-server {
-	access_log /var/log/nginx/zzls.i2p.log;
-	listen 30001;
-	server_name zzlst7dauwprptpu2y7cxpetz4fl4jw73tivxhtnm7dla7m6teyq.b32.i2p;
-
-	root /var/www/website;
-	index index.html;
-
-	location / {
-		try_files $uri $uri/ =404;
-	}
-
-}
-
 server {
 	if ($host = www.zzls.xyz) {
 		return 301 https://$host$request_uri;
diff --git a/nginx/configs/security.conf b/nginx/configs/security.conf
index 09a6a28..4222e61 100644
--- a/nginx/configs/security.conf
+++ b/nginx/configs/security.conf
@@ -1,8 +1,8 @@
 # security headers
-add_header X-XSS-Protection          "1; mode=block" always;
+add_header X-XSS-Protection          "0" always;
 add_header X-Content-Type-Options    "nosniff" always;
 add_header X-Frame-Options           "sameorigin" always;
-add_header Referrer-Policy           "no-referrer-when-downgrade" always;
+add_header Referrer-Policy           "same-origin" always;
 #add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
 add_header Permissions-Policy        "interest-cohort=()" always;
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
diff --git a/nginx/configs/ssl.conf b/nginx/configs/ssl.conf
index 5e5cffa..85bf7e4 100644
--- a/nginx/configs/ssl.conf
+++ b/nginx/configs/ssl.conf
@@ -1,3 +1,9 @@
-ssl_certificate /etc/ssl/certs/fullchain.pem;
-ssl_certificate_key /etc/ssl/private/privkey.pem;
+# ECDSA
+ssl_certificate /etc/ssl/nadeko.net/fullchain.ec.crt;
+ssl_certificate_key /etc/ssl/nadeko.net/nadeko.net.ec.key;
+
+# RSA
+#ssl_certificate /etc/ssl/fullchain.crt;
+#ssl_certificate_key /etc/ssl/nadeko.net.key;
+
 include configs/sslConfig.conf;