diff --git a/actions/admin/settings/185.spf.php b/actions/admin/settings/185.spf.php
index 41d925adcb..f4064177d7 100644
--- a/actions/admin/settings/185.spf.php
+++ b/actions/admin/settings/185.spf.php
@@ -43,7 +43,8 @@
 					'settinggroup' => 'spf',
 					'varname' => 'spf_entry',
 					'type' => 'text',
-					'default' => '"v=spf1 a mx -all"',
+					'string_regexp' => '/^v=spf[a-z0-9:~?\s\.-]+$/i',
+					'default' => 'v=spf1 a mx -all',
 					'save_method' => 'storeSettingField'
 				]
 			]
diff --git a/lib/Froxlor/Install/Install.php b/lib/Froxlor/Install/Install.php
index ebed9fdb07..1e97e00c68 100644
--- a/lib/Froxlor/Install/Install.php
+++ b/lib/Froxlor/Install/Install.php
@@ -304,7 +304,7 @@ public function checkSystem(array $validatedData): void
 			throw new Exception(lng('error.invalidip', [$serveripv4]));
 		} elseif (!empty($serveripv6) && (!Validate::validate_ip2($serveripv6, true, '', false, true) || IPTools::is_ipv6($serveripv6) == false)) {
 			throw new Exception(lng('error.invalidip', [$serveripv6]));
-		} elseif (!Validate::validateDomain($servername) && !Validate::validateLocalHostname($servername)) {
+		} elseif (!Validate::validateDomain($servername)) {
 			throw new Exception(lng('install.errors.servernameneedstobevalid'));
 		} elseif (posix_getpwnam($httpuser) === false) {
 			throw new Exception(lng('install.errors.websrvuserdoesnotexist'));
diff --git a/lib/Froxlor/UI/Form.php b/lib/Froxlor/UI/Form.php
index e21fc727b5..694fd3d941 100644
--- a/lib/Froxlor/UI/Form.php
+++ b/lib/Froxlor/UI/Form.php
@@ -193,10 +193,14 @@ public static function getFormFieldOutput($fieldname, $fielddata): array
 				if (!$do_show) {
 					$fielddata['note'] = lng('serversettings.option_requires_otp');
 					if (!$otp_enabled_system) {
+						$fielddata['disabled'] = true;
 						$fielddata['note'] .= '<br>' . lng('2fa.2fa_not_activated');
 					} elseif (!$otp_enabled_user) {
+						$fielddata['disabled'] = true;
 						$fielddata['note'] .= '<br>' . lng('2fa.2fa_not_activated_for_user');
 					}
+					// show field in any case
+					$do_show = true;
 				}
 			}
 
diff --git a/lib/init.php b/lib/init.php
index cd4db8820b..7c4d914df4 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -114,10 +114,10 @@
 /**
  * Show nice note if requested domain is "unknown" to froxlor and thus is being lead to its vhost
  */
-if ($_SERVER['HTTP_HOST'] != Settings::Get('system.hostname') &&
-		!filter_var($_SERVER['HTTP_HOST'], FILTER_VALIDATE_IP) && (
+if ($_SERVER['SERVER_NAME'] != Settings::Get('system.hostname') &&
+		!filter_var($_SERVER['SERVER_NAME'], FILTER_VALIDATE_IP) && (
 		empty(Settings::Get('system.froxloraliases')) ||
-		(!empty(Settings::Get('system.froxloraliases')) && !in_array($_SERVER['HTTP_HOST'], array_map('trim', explode(',', Settings::Get('system.froxloraliases')))))
+		(!empty(Settings::Get('system.froxloraliases')) && !in_array($_SERVER['SERVER_NAME'], array_map('trim', explode(',', Settings::Get('system.froxloraliases')))))
 )) {
 	// not the froxlor system-hostname, show info page for domains not configured in froxlor
 	$unconfiguredPath = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/templates/misc/unconfigured/index.html');
@@ -346,6 +346,7 @@
 	if (in_array($_SERVER['REQUEST_METHOD'], ['POST', 'PUT', 'PATCH', 'DELETE'])) {
 		$current_token = $_POST['csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
 		if ($current_token != CurrentUser::getField('csrf_token')) {
+			http_response_code(403);
 			Response::dynamicError('CSRF validation failed');
 		}
 	}
diff --git a/templates/Froxlor/assets/js/bootstrap.js b/templates/Froxlor/assets/js/bootstrap.js
index 6692d82ca9..101c70bf55 100644
--- a/templates/Froxlor/assets/js/bootstrap.js
+++ b/templates/Froxlor/assets/js/bootstrap.js
@@ -18,3 +18,4 @@ window.Chart = Chart;
 import axios from 'axios';
 window.axios = axios;
 window.axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
+window.axios.defaults.headers.common['X-CSRF-TOKEN'] = document.querySelector('meta[name="csrf-token"]').getAttribute('content');
diff --git a/templates/Froxlor/assets/js/jquery/customer.js b/templates/Froxlor/assets/js/jquery/customer.js
index 5aa83e473c..73ca39dc1b 100644
--- a/templates/Froxlor/assets/js/jquery/customer.js
+++ b/templates/Froxlor/assets/js/jquery/customer.js
@@ -31,6 +31,9 @@ export default function () {
 						planid: pid
 					},
 					dataType: "json",
+					beforeSend: function(request) {
+						request.setRequestHeader('X-CSRF-TOKEN', document.querySelector('meta[name="csrf-token"]').getAttribute('content'));
+					},
 					success: function (json) {
 						for (var i in json) {
 							if (i == 'email_imap' || i == 'email_pop3' || i == 'perlenabled' || i == 'phpenabled' || i == 'dnsenabled' || i == 'logviewenabled') {
diff --git a/templates/Froxlor/form/formfields.html.twig b/templates/Froxlor/form/formfields.html.twig
index 92c3106d64..dd654f56d0 100644
--- a/templates/Froxlor/form/formfields.html.twig
+++ b/templates/Froxlor/form/formfields.html.twig
@@ -144,7 +144,7 @@
 {% endmacro %}
 
 {% macro plain(id, field) %}
-	<input type="text" readonly class="form-control-plaintext" id="{{ id }}" name="{{ id }}" value="{{ field.value|raw|e }}">
+	<input type="text" readonly class="form-control-plaintext" id="{{ id }}" name="{{ id }}" value="{{ field.value|raw }}">
 	{% if field.next_to is defined %}
 		{% for nid, nfield in field.next_to %}
 			{% if nfield.next_to_prefix is defined %}
@@ -159,9 +159,9 @@
 	{% if field.next_to is defined %}
 		<div class="input-group">
 		{% endif %}
-		<input type="{{ field.type }}" {% if field.visible is defined and field.visible == false %} disabled {% endif %} {% if field.type == 'number' and field.min is defined %} min="{{ field.min }}" {% endif %} {% if field.type == 'number' and field.max is defined %} max="{{ field.max }}" {% endif %} {% if field.type != 'number' and field.maxlength is defined %} maxlength="{{ field.maxlength }}" {% endif %} id="{{ id }}" name="{{ id }}" value="{{ field.value|raw|e }}" class="form-control {% if field.valid is defined and field.valid == false %}is-invalid{% endif %}" {% if field.mandatory is defined and field.mandatory %} required {% endif %} {% if field.readonly is defined and field.readonly %} readonly {% endif %} {% if field.autocomplete is defined %} autocomplete="{{ field.autocomplete }}" {% endif %} {% if field.placeholder is defined %} placeholder="{{ field.placeholder }}" {% endif %} {% if field.type == 'file' and field.accept is defined %} accept="{{ field.accept }}" {% endif %} {% if field.pattern is defined %} pattern="{{ field.pattern }}" {% endif %}/>
+	<input type="{{ field.type }}" {% if field.visible is defined and field.visible == false %} disabled {% endif %} {% if field.type == 'number' and field.min is defined %} min="{{ field.min }}" {% endif %} {% if field.type == 'number' and field.max is defined %} max="{{ field.max }}" {% endif %} {% if field.type != 'number' and field.maxlength is defined %} maxlength="{{ field.maxlength }}" {% endif %} id="{{ id }}" name="{{ id }}" value="{{ field.value|raw }}" class="form-control {% if field.valid is defined and field.valid == false %}is-invalid{% endif %}" {% if field.mandatory is defined and field.mandatory %} required {% endif %} {% if field.readonly is defined and field.readonly %} readonly {% endif %} {% if field.autocomplete is defined %} autocomplete="{{ field.autocomplete }}" {% endif %} {% if field.placeholder is defined %} placeholder="{{ field.placeholder }}" {% endif %} {% if field.type == 'file' and field.accept is defined %} accept="{{ field.accept }}" {% endif %} {% if field.pattern is defined %} pattern="{{ field.pattern }}" {% endif %}/>
 		{% if field.type == 'hidden' and field.display is defined %}
-			<input type="text" readonly class="form-control-plaintext" value="{{ field.display|raw|e }}">
+			<input type="text" readonly class="form-control-plaintext" value="{{ field.display|raw }}">
 		{% endif %}
 		{% if field.next_to is defined %}
 			{% for nid, nfield in field.next_to %}
diff --git a/templates/Froxlor/login/enter2fa.html.twig b/templates/Froxlor/login/enter2fa.html.twig
index a185c9868a..b435bb0b55 100644
--- a/templates/Froxlor/login/enter2fa.html.twig
+++ b/templates/Froxlor/login/enter2fa.html.twig
@@ -27,7 +27,7 @@
 					<div class="card-body d-grid gap-2">
 						<input type="hidden" name="action" value="2fa_verify"/>
 						<input type="hidden" name="send" value="send"/>
-						<button class="btn btn-primary rounded-top-0" type="submit" name="2faverify">{{ lng('2fa.2fa_verify') }}</button>
+						<button class="btn btn-primary" type="submit" name="2faverify">{{ lng('2fa.2fa_verify') }}</button>
 					</div>
 				</div>
 			</form>
diff --git a/templates/Froxlor/login/fpwd.html.twig b/templates/Froxlor/login/fpwd.html.twig
index 3b5abad4e2..3405a7802f 100644
--- a/templates/Froxlor/login/fpwd.html.twig
+++ b/templates/Froxlor/login/fpwd.html.twig
@@ -38,7 +38,7 @@
 					</div>
 
 					<div class="card-body d-grid gap-2">
-						<button class="btn btn-primary rounded-top-0" type="submit" name="doremind">{{ lng('login.remind') }}</button>
+						<button class="btn btn-primary" type="submit" name="doremind">{{ lng('login.remind') }}</button>
 					</div>
 
 					<div class="card-footer">
diff --git a/templates/Froxlor/login/login.html.twig b/templates/Froxlor/login/login.html.twig
index 5f6636b9c8..c49de8c31b 100644
--- a/templates/Froxlor/login/login.html.twig
+++ b/templates/Froxlor/login/login.html.twig
@@ -39,7 +39,7 @@
 					</div>
 
 					<div class="card-body d-grid gap-2">
-						<button class="btn btn-primary rounded-top-0" type="submit" name="dologin">{{ lng('login.login') }}</button>
+						<button class="btn btn-primary" type="submit" name="dologin">{{ lng('login.login') }}</button>
 					</div>
 
 					{% if get_setting('panel.allow_preset') == '1' %}
diff --git a/templates/Froxlor/login/rpwd.html.twig b/templates/Froxlor/login/rpwd.html.twig
index ab300c74c6..37fe894ddb 100644
--- a/templates/Froxlor/login/rpwd.html.twig
+++ b/templates/Froxlor/login/rpwd.html.twig
@@ -30,7 +30,7 @@
 					</div>
 
 					<div class="card-body d-grid gap-2">
-						<button class="btn btn-primary rounded-top-0" type="submit" name="doremind">{{ lng('login.remind') }}</button>
+						<button class="btn btn-primary" type="submit" name="doremind">{{ lng('login.remind') }}</button>
 					</div>
 
 					<div class="card-footer">
diff --git a/templates/Froxlor/user/2fa.html.twig b/templates/Froxlor/user/2fa.html.twig
index 331490a144..6779622015 100644
--- a/templates/Froxlor/user/2fa.html.twig
+++ b/templates/Froxlor/user/2fa.html.twig
@@ -45,13 +45,13 @@
 						<input type="hidden" name="page" value="{{ page }}"/>
 						<input type="hidden" name="send" value="send"/>
 						{% if userinfo.type_2fa == 0 %}
-							<button class="btn btn-primary rounded-top-0" type="submit" name="preadd">
+							<button class="btn btn-primary" type="submit" name="preadd">
 								{{ lng('2fa.2fa_add') }}</button>
 						{% elseif userinfo['2fa_unsaved'] is defined and userinfo['2fa_unsaved'] %}
-							<button class="btn btn-primary rounded-top-0" type="submit" name="add">
+							<button class="btn btn-primary" type="submit" name="add">
 								{{ lng('2fa.2fa_add') }}</button>
 						{% else %}
-							<button class="btn btn-warning rounded-top-0" type="submit" name="delete">
+							<button class="btn btn-warning" type="submit" name="delete">
 								{{ lng('2fa.2fa_delete') }}</button>
 						{% endif %}
 					</div>
diff --git a/templates/Froxlor/user/profile.html.twig b/templates/Froxlor/user/profile.html.twig
index 842120eb76..670a26f805 100644
--- a/templates/Froxlor/user/profile.html.twig
+++ b/templates/Froxlor/user/profile.html.twig
@@ -64,7 +64,7 @@
 						<input type="hidden" name="csrf_token" value="{{ csrf_token }}"/>
 						<input type="hidden" name="page" value="{{ page }}"/>
 						<input type="hidden" name="send" value="changepassword"/>
-						<button class="btn btn-primary rounded-top-0" type="submit" name="dosave">
+						<button class="btn btn-primary" type="submit" name="dosave">
 							<i class="fa-regular fa-floppy-disk"></i>
 							{{ lng('menue.main.changepassword') }}</button>
 					</div>
@@ -96,7 +96,7 @@
 							<input type="hidden" name="csrf_token" value="{{ csrf_token }}"/>
 							<input type="hidden" name="page" value="{{ page }}"/>
 							<input type="hidden" name="send" value="changetheme"/>
-							<button class="btn btn-primary rounded-top-0" type="submit" name="dosave">
+							<button class="btn btn-primary" type="submit" name="dosave">
 								<i class="fa-regular fa-floppy-disk"></i>
 								{{ lng('menue.main.changetheme') }}
 							</button>
@@ -130,7 +130,7 @@
 						<input type="hidden" name="csrf_token" value="{{ csrf_token }}"/>
 						<input type="hidden" name="page" value="{{ page }}"/>
 						<input type="hidden" name="send" value="changelanguage"/>
-						<button class="btn btn-primary rounded-top-0" type="submit" name="dosave">
+						<button class="btn btn-primary" type="submit" name="dosave">
 							<i class="fa-regular fa-floppy-disk"></i>
 							{{ lng('menue.main.changelanguage') }}</button>
 					</div>
diff --git a/templates/misc/unconfigured/index.html b/templates/misc/unconfigured/index.html
index 282ccf0f70..f1d3284d08 100644
--- a/templates/misc/unconfigured/index.html
+++ b/templates/misc/unconfigured/index.html
@@ -4,7 +4,7 @@
 	<meta charset="UTF-8">
 	<meta name="robots" content="noindex, nofollow">
 	<meta name="viewport" content="width=device-width, initial-scale=1.0">
-	<title>froxlor - Deactivated page</title>
+	<title>froxlor - Domain not configured</title>
 	<style>
 		:root{--primary:#1872a2;--fonts:ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}
 		body{display:flex;flex-direction:column;background:#f8f9fa;color:#4b5563;align-items:center;justify-content:center;font-family:var(--fonts)}