csp.allowFramingconfig option, which controls whether embedding a HedgeDoc instance in other webpages is allowed. We strongly recommend disabling this option to reduce the risk of XSS attacks
csp.allowPDFEmbedconfig option, which controls whether embedding PDFs inside HedgeDoc notes is allowed. We recommend disabling this option if you don’t use the feature, to reduce the attack surface of XSS attacks
secureflag, if HedgeDoc is loaded via HTTPS
Do you need help with installation or upgrade? Read our docs!