diff --git a/CHANGELOG.md b/CHANGELOG.md
index d12969c..c3d0096 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,9 @@
+# v0.21 2018-08-14
+
+* Add trusted URL and browser-policy optios.
+
+Thanks to GitHub user xet7 for contributions.
+
 # v0.20 2018-08-10
 
 * Add note to beginning of docker-compose.yml that
diff --git a/docker-compose.yml b/docker-compose.yml
index a8193ea..290c1c8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -133,6 +133,12 @@ services:
       ## The option that allows matomo to retrieve the username:
       # - MATOMO_WITH_USERNAME='true'
       #---------------------------------------------------------------
+      # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
+      # Setting this to false is not recommended, it also disables all other browser policy protections
+      # and allows all iframing etc. See wekan/server/policy.js
+      - BROWSER_POLICY_ENABLED=true
+      # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside.
+      - TRUSTED_URL=''
     depends_on:
       - wekandb