diff --git a/README.md b/README.md
index 6e2e710..38dc52d 100644
--- a/README.md
+++ b/README.md
@@ -145,9 +145,10 @@ Environment variables (will overwrite other server configs)
 | HMD_LDAP_SEARCHFILTER | `(uid={{username}})` | LDAP filter to search with |
 | HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with |
 | HMD_LDAP_TLS_CA | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) |
-| HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider | 
+| HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider |
 | HMD_IMGUR_CLIENTID | no example | Imgur API client id |
 | HMD_EMAIL | `true` or `false` | set to allow email signin |
+| HMD_ALLOW_PDF_EXPORT | `true` or `false` | Enable or disable PDF exports |
 | HMD_ALLOW_EMAIL_REGISTER | `true` or `false` | set to allow email register (only applied when email is set, default is `true`) |
 | HMD_IMAGE_UPLOAD_TYPE | `imgur`, `s3` or `filesystem` | Where to upload image. For S3, see our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) |
 | HMD_S3_ACCESS_KEY_ID | no example | AWS access key id |
diff --git a/app.json b/app.json
index 1de6b7d..d1804c5 100644
--- a/app.json
+++ b/app.json
@@ -127,6 +127,10 @@
         "HMD_IMGUR_CLIENTID": {
             "description": "Imgur API client id",
             "required": false
+        },
+        "HMD_ALLOW_PDF_EXPORT": {
+            "description": "Enable or disable PDF exports",
+            "required": false
         }
     },
     "addons": [
diff --git a/lib/config/default.js b/lib/config/default.js
index f4c45e3..e7e2e4b 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -94,5 +94,6 @@ module.exports = {
     tlsca: undefined
   },
   email: true,
-  allowemailregister: true
+  allowemailregister: true,
+  allowpdfexport: true
 }
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 40b7e09..6f33d14 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -69,5 +69,6 @@ module.exports = {
     tlsca: process.env.HMD_LDAP_TLS_CA
   },
   email: toBooleanConfig(process.env.HMD_EMAIL),
-  allowemailregister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER)
+  allowemailregister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER),
+  allowpdfexport: toBooleanConfig(process.env.HMD_ALLOW_PDF_EXPORT)
 }
diff --git a/lib/config/index.js b/lib/config/index.js
index bea5a6a..dfad28e 100644
--- a/lib/config/index.js
+++ b/lib/config/index.js
@@ -1,3 +1,4 @@
+
 'use strict'
 
 const fs = require('fs')
@@ -90,6 +91,7 @@ config.isEmailEnable = config.email
 config.isGitHubEnable = config.github.clientID && config.github.clientSecret
 config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret
 config.isLDAPEnable = config.ldap.url
+config.isPDFExportEnable = config.allowpdfexport
 
 // generate correct path
 config.sslcapath = path.join(appRootPath, config.sslcapath)
@@ -106,7 +108,7 @@ config.errorpath = path.join(appRootPath, config.errorpath)
 config.prettypath = path.join(appRootPath, config.prettypath)
 config.slidepath = path.join(appRootPath, config.slidepath)
 
-// maek config readonly
+// make config readonly
 config = deepFreeze(config)
 
 module.exports = config
diff --git a/lib/response.js b/lib/response.js
index a22d1e7..9e39ffb 100755
--- a/lib/response.js
+++ b/lib/response.js
@@ -69,6 +69,7 @@ function showIndex (req, res, next) {
     ldap: config.isLDAPEnable,
     email: config.isEmailEnable,
     allowemailregister: config.allowemailregister,
+    allowpdfexport: config.allowpdfexport,
     signin: req.isAuthenticated(),
     infoMessage: req.flash('info'),
     errorMessage: req.flash('error')
@@ -98,7 +99,8 @@ function responseHackMD (res, note) {
     google: config.isGoogleEnable,
     ldap: config.isLDAPEnable,
     email: config.isEmailEnable,
-    allowemailregister: config.allowemailregister
+    allowemailregister: config.allowemailregister,
+    allowpdfexport: config.allowpdfexport
   })
 }
 
@@ -382,7 +384,12 @@ function noteActions (req, res, next) {
         actionInfo(req, res, note)
         break
       case 'pdf':
-        actionPDF(req, res, note)
+        if (config.allowpdfexport) {
+          actionPDF(req, res, note)
+        } else {
+          logger.error('PDF export failed: Disabled by config. Set "allowpdfexport: true" to enable. Check the documentation for details')
+          response.errorForbidden(res)
+        }
         break
       case 'gist':
         actionGist(req, res, note)
diff --git a/public/views/hackmd/header.ejs b/public/views/hackmd/header.ejs
index bde9033..47b563a 100644
--- a/public/views/hackmd/header.ejs
+++ b/public/views/hackmd/header.ejs
@@ -70,8 +70,10 @@
                 </li>
                 <li role="presentation"><a role="menuitem" class="ui-download-raw-html" tabindex="-1" href="#" target="_self"><i class="fa fa-file-code-o fa-fw"></i> <%= __('Raw HTML') %></a>
                 </li>
-                <li role="presentation"><a role="menuitem" class="ui-download-pdf-beta" tabindex="-1" href="#" target="_self"><i class="fa fa-file-pdf-o fa-fw"></i> PDF (Beta)</a>
-                </li>
+                <% if(allowpdfexport) {%>
+                  <li role="presentation"><a role="menuitem" class="ui-download-pdf-beta" tabindex="-1" href="#" target="_self"><i class="fa fa-file-pdf-o fa-fw"></i> PDF (Beta)</a>
+                  </li>
+                <% } %>
                 <li class="divider"></li>
                 <li role="presentation"><a role="menuitem" class="ui-help" href="#" data-toggle="modal" data-target=".help-modal"><i class="fa fa-question-circle fa-fw"></i> Help</a>
                 </li>
@@ -169,8 +171,10 @@
                     </li>
                     <li role="presentation"><a role="menuitem" class="ui-download-raw-html" tabindex="-1" href="#" target="_self"><i class="fa fa-file-code-o fa-fw"></i> <%= __('Raw HTML') %></a>
                     </li>
-                    <li role="presentation"><a role="menuitem" class="ui-download-pdf-beta" tabindex="-1" href="#" target="_self"><i class="fa fa-file-pdf-o fa-fw"></i> PDF (Beta)</a>
-                    </li>
+                    <% if(allowpdfexport) {%>
+                      <li role="presentation"><a role="menuitem" class="ui-download-pdf-beta" tabindex="-1" href="#" target="_self"><i class="fa fa-file-pdf-o fa-fw"></i> PDF (Beta)</a>
+                      </li>
+                    <% } %>
                 </ul>
             </li>
         </ul>