diff --git a/volumes/conf.d/4netplayers.zinomedia.de.conf b/volumes/conf.d/4netplayers.zinomedia.de.conf
index c0567b1..5cbf49a 100644
--- a/volumes/conf.d/4netplayers.zinomedia.de.conf
+++ b/volumes/conf.d/4netplayers.zinomedia.de.conf
@@ -1,15 +1,26 @@
+# HTTPS Server Block
 server {
-    root /usr/share/nginx/html/4netplayers.zinomedia.de;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name 4netplayers.zinomedia.de;
+
+    root /usr/share/nginx/html/4netplayers.zinomedia.de;
     index index.php;
 
     client_max_body_size 32m;
 
-    listen [::]:443 ssl;
-    listen 443 ssl;
     ssl_certificate /etc/letsencrypt/live/4netplayers.zinomedia.de/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/4netplayers.zinomedia.de/privkey.pem;
 
+    # SSL Optimizations
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    ssl_prefer_server_ciphers on;
+
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;" always;
+
     location ~ /(\.user\.ini|debug\.log) {
         deny all;
     }
@@ -19,7 +30,6 @@ server {
         set $upstream "4netplayers-wordpress:80";
 
         try_files $uri $uri/ /index.php?$args;
-        add_header Content-Security-Policy "font-src * data: blob: 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';" always;
 
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-Host $host:$server_port;
@@ -44,17 +54,11 @@ server {
         expires max;
         log_not_found off;
     }
-
-    if (!-e $request_filename) {
-        rewrite /wp-admin$ $scheme://$host$uri/ permanent;
-        rewrite ^(/[^/]+)?(/wp-.*) $2 last;
-        rewrite ^(/[^/]+)?(/.*\.php) $2 last;
-    }
 }
 
 server {
-    server_name 4netplayers.zinomedia.de;
     listen 80;
     listen [::]:80;
+    server_name 4netplayers.zinomedia.de;
     return 301 https://$host$request_uri;
-}
\ No newline at end of file
+}