diff --git a/config.js b/config.js
index b7429fe55f..8c05f0000e 100644
--- a/config.js
+++ b/config.js
@@ -896,7 +896,7 @@ config.NSFS_NC_CONFIG_DIR_BACKEND = '';
 config.NSFS_NC_STORAGE_BACKEND = '';
 config.ENDPOINT_PORT = Number(process.env.ENDPOINT_PORT) || 6001;
 config.ENDPOINT_SSL_PORT = Number(process.env.ENDPOINT_SSL_PORT) || 6443;
-config.ENDPOINT_SSL_STS_PORT = Number(process.env.ENDPOINT_SSL_STS_PORT) || -1;
+config.ENDPOINT_SSL_STS_PORT = Number(process.env.ENDPOINT_SSL_STS_PORT) || (process.env.NC_NSFS_NO_DB_ENV === 'true' ? -1 : 7443);
 config.ENDPOINT_SSL_IAM_PORT = Number(process.env.ENDPOINT_SSL_IAM_PORT) || -1;
 config.ALLOW_HTTP = false;
 // config files should allow access to the owner of the files
diff --git a/src/endpoint/endpoint.js b/src/endpoint/endpoint.js
index c4c817500e..49b9d7937a 100755
--- a/src/endpoint/endpoint.js
+++ b/src/endpoint/endpoint.js
@@ -197,9 +197,8 @@ async function main(options = {}) {
         // START S3, STS & IAM SERVERS & CERTS
         const http_port_s3 = options.http_port || config.ENDPOINT_PORT;
         const https_port_s3 = options.https_port || config.ENDPOINT_SSL_PORT;
-        const https_port_sts = options.https_port_sts || Number(process.env.ENDPOINT_SSL_PORT_STS) || 7443; // || (process.env.NC_NSFS_NO_DB_ENV === 'true' ? -1 : 7443);
+        const https_port_sts = options.https_port_sts || config.ENDPOINT_SSL_STS_PORT;
         const https_port_iam = options.https_port_iam || config.ENDPOINT_SSL_IAM_PORT;
-
         await start_server_and_cert(SERVICES_TYPES_ENUM.S3, init_request_sdk,
             { ...options, https_port: https_port_s3, http_port: http_port_s3, virtual_hosts, bucket_logger, notification_logger });
         await start_server_and_cert(SERVICES_TYPES_ENUM.STS, init_request_sdk, { https_port: https_port_sts, virtual_hosts });
diff --git a/src/endpoint/s3/s3_rest.js b/src/endpoint/s3/s3_rest.js
index 48ce6a00b4..0c5f081d77 100755
--- a/src/endpoint/s3/s3_rest.js
+++ b/src/endpoint/s3/s3_rest.js
@@ -112,7 +112,7 @@ async function handle_request(req, res) {
     http_utils.set_cors_headers_s3(req, res, cors);
 
     if (req.method === 'OPTIONS') {
-        dbg.log1('OPTIONS!');
+        dbg.log1('s3_rest : S3 request method is ', req.method);
         const error_code = req.headers.origin && req.headers['access-control-request-method'] ? 403 : 400;
         const res_headers = res.getHeaders(); // We will check if we found a matching rule - if no we will return error_code
         res.statusCode = res_headers['access-control-allow-origin'] && res_headers['access-control-allow-methods'] ? 200 : error_code;
@@ -334,7 +334,7 @@ function _get_arn_from_req_path(req) {
 // we will reintreduce it together with bucket site support.
 function parse_bucket_and_key(req) {
     const { url, headers, virtual_hosts } = req;
-    const host = headers.host.split(':')[0]; // cutting off port
+    const host = headers?.host?.split(':')[0]; // cutting off port
 
     let virtual_host = null;
     if (host && host !== 'localhost' && !net.isIP(host)) {