diff --git a/.jshintrc b/.jshintrc
index c95e9dbc4..761c69159 100644
--- a/.jshintrc
+++ b/.jshintrc
@@ -12,6 +12,7 @@
     "unused": true,
     "futurehostile":true,
     "browser": true,
+    "esversion": 6,
     "predef": [
         "console",
         "define",
diff --git a/docs/example.nginx.conf b/docs/example.nginx.conf
index 817b20527..a84849790 100644
--- a/docs/example.nginx.conf
+++ b/docs/example.nginx.conf
@@ -64,7 +64,7 @@ server {
     add_header Permissions-Policy interest-cohort=();
 
     set $coop '';
-    if ($uri ~ ^\/(sheet|presentation|doc|convert)\/.*$) { set $coop 'same-origin'; }
+    #if ($uri ~ ^\/(sheet|presentation|doc|convert)\/.*$) { set $coop 'same-origin'; }
 
     # Enable SharedArrayBuffer in Firefox (for .xlsx export)
     add_header Cross-Origin-Resource-Policy cross-origin;
@@ -120,7 +120,7 @@ server {
     # the following assets are loaded via the sandbox domain
     # they unfortunately still require exceptions to the sandboxing to work correctly.
     if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; }
-    if ($uri ~ ^\/common\/onlyoffice\/.*\/index\.html.*$) { set $unsafe 1; }
+    if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; }
 
     # everything except the sandbox domain is a privileged scope, as they might be used to handle keys
     if ($host != $sandbox_domain) { set $unsafe 0; }
diff --git a/server.js b/server.js
index 49385d74d..ddd2fcb88 100644
--- a/server.js
+++ b/server.js
@@ -85,9 +85,10 @@ var setHeaders = (function () {
     if (Object.keys(headers).length) {
         return function (req, res) {
             // apply a bunch of cross-origin headers for XLSX export in FF and printing elsewhere
+            /*
             applyHeaderMap(res, {
                 "Cross-Origin-Opener-Policy": /^\/(sheet|presentation|doc|convert)\//.test(req.url)? 'same-origin': '',
-            });
+            });*/
 
             if (Env.NO_SANDBOX) { // handles correct configuration for local development
             // https://stackoverflow.com/questions/11531121/add-duplicate-http-response-headers-in-nodejs
@@ -108,7 +109,7 @@ var setHeaders = (function () {
 
             // targeted CSP, generic policies, maybe custom headers
             const h = [
-                    /^\/common\/onlyoffice\/.*\/index\.html.*/,
+                    /^\/common\/onlyoffice\/.*\.html.*/,
                     /^\/(sheet|presentation|doc)\/inner\.html.*/,
                     /^\/unsafeiframe\/inner\.html.*$/,
                 ].some((regex) => {
diff --git a/www/checkup/main.js b/www/checkup/main.js
index d3841b8bd..fd0b41a27 100644
--- a/www/checkup/main.js
+++ b/www/checkup/main.js
@@ -685,6 +685,7 @@ define([
         });
     });
 
+/*
     assert(function (cb, msg) {
         var url = '/sheet/inner.html';
         msg.appendChild(h('span', [
@@ -703,6 +704,7 @@ define([
             cb(content === 'same-origin');
         });
     });
+*/
 
     var safariGripe = function () {
         return h('p.cp-notice-other', 'This is expected because Safari and platforms that use its engine lack commonly supported functionality.');
@@ -802,10 +804,10 @@ define([
     });
 
     [
-        'sheet',
-        'presentation',
-        'doc',
-        'convert',
+        //'sheet',
+        //'presentation',
+        //'doc',
+        //'convert',
     ].forEach(function (url) {
         assert(function (cb, msg) {
             var header = 'cross-origin-opener-policy';
@@ -830,7 +832,7 @@ define([
         });
     });
 
-    assert(function (cb, msg) { // XXX
+    assert(function (cb, msg) {
         // check that the sandbox domain is included in connect-src
         msg.appendChild(h('span', [
             "This instance's ",
diff --git a/www/common/boot2.js b/www/common/boot2.js
index d143da87d..097d76489 100644
--- a/www/common/boot2.js
+++ b/www/common/boot2.js
@@ -54,11 +54,6 @@ define([
         };
     }
 
-    // RPC breaks if you don't support Number.MAX_SAFE_INTEGER
-    if (Number && !Number.MAX_SAFE_INTEGER) {
-        Number.MAX_SAFE_INTEGER = 9007199254740991;
-    }
-
     var failStore = function () {
         console.error(new Error('wut'));
         require(['jquery'], function ($) {
diff --git a/www/common/onlyoffice/inner.js b/www/common/onlyoffice/inner.js
index 07a45df92..dd085a9dc 100644
--- a/www/common/onlyoffice/inner.js
+++ b/www/common/onlyoffice/inner.js
@@ -58,8 +58,8 @@ define([
         urlArgs: Util.find(ApiConfig, ['requireConf', 'urlArgs'])
     };
 
-    var CHECKPOINT_INTERVAL = 20; // XXX
-    var FORCE_CHECKPOINT_INTERVAL = 50; // XXX
+    var CHECKPOINT_INTERVAL = 100;
+    var FORCE_CHECKPOINT_INTERVAL = 10000;
     var DISPLAY_RESTORE_BUTTON = false;
     var NEW_VERSION = 4; // version of the .bin, patches and ChainPad formats
     var PENDING_TIMEOUT = 30000;
diff --git a/www/common/onlyoffice/v4/sdkjs/slide/sdk-all-min.js b/www/common/onlyoffice/v4/sdkjs/slide/sdk-all-min.js
index d3536366d..430a6cec0 100644
--- a/www/common/onlyoffice/v4/sdkjs/slide/sdk-all-min.js
+++ b/www/common/onlyoffice/v4/sdkjs/slide/sdk-all-min.js
@@ -2004,8 +2004,8 @@ function(){this.WordControl.m_oLogicDocument.bringForward()};asc_docs_api.protot
 function(slideNum){this.sendEvent("asc_onDemonstrationSlideChanged",slideNum)};asc_docs_api.prototype.StartDemonstration=function(div_id,slidestart_num,reporterStartObject){if(window.g_asc_plugins)window.g_asc_plugins.stopWorked();var is_reporter=reporterStartObject&&!this.isReporterMode;if(is_reporter)this.DemonstrationReporterStart(reporterStartObject);if(is_reporter&&(this.reporterWindow||window["AscDesktopEditor"]))this.WordControl.DemonstrationManager.StartWaitReporter(div_id,slidestart_num,
 true);else this.WordControl.DemonstrationManager.Start(div_id,slidestart_num,true);if(undefined!==this.EndShowMessage){this.WordControl.DemonstrationManager.EndShowMessage=this.EndShowMessage;this.EndShowMessage=undefined}};asc_docs_api.prototype.EndDemonstration=function(isNoUseFullScreen){if(this.windowReporter)this.windowReporter.close();this.WordControl.DemonstrationManager.End(isNoUseFullScreen)};asc_docs_api.prototype.DemonstrationReporterStart=function(startObject){this.reporterStartObject=
 startObject;this.reporterStartObject["translate"]=AscCommon.translateManager.mapTranslate;if(window["AscDesktopEditor"]){window["AscDesktopEditor"]["startReporter"](window.location.href);this.reporterWindow={};return}var dualScreenLeft=window.screenLeft!=undefined?window.screenLeft:screen.left;var dualScreenTop=window.screenTop!=undefined?window.screenTop:screen.top;var width=window.innerWidth?window.innerWidth:document.documentElement.clientWidth?document.documentElement.clientWidth:screen.width;
-var height=window.innerHeight?window.innerHeight:document.documentElement.clientHeight?document.documentElement.clientHeight:screen.height;var w=800;var h=600;var left=width/2-w/2+dualScreenLeft;var top=height/2-h/2+dualScreenTop;var _windowPos="width="+w+",height="+h+",left="+left+",top="+top;var _url="index.reporter.html";if(this.locale)_url+="?lang="+this.locale;this.reporterWindow=window.open(_url,"_blank","resizable=yes,status=0,toolbar=0,location=0,menubar=0,directories=0,scrollbars=0,"+_windowPos);
-if(!this.reporterWindow)return;var w=this.reporterWindow;require(["/common/outer/worker-channel.js","/common/common-util.js"],function(Channel,Util){var msgEv=Util.mkEvent();window.addEventListener("message",function(msg){if(msg.source!==w)return;msgEv.fire(msg)});var postMsg=function(data){w.postMessage(data,"*")};Channel.create(msgEv,postMsg,function(chan){var send=function(obj){chan.event("CMD",obj)};chan.on("CMD",function(obj){if(obj.type!=="auth")return;send({type:"authChanges",changes:[]});
+var height=window.innerHeight?window.innerHeight:document.documentElement.clientHeight?document.documentElement.clientHeight:screen.height;var w=800;var h=600;var left=width/2-w/2+dualScreenLeft;var top=height/2-h/2+dualScreenTop;var _windowPos="width="+w+",height="+h+",left="+left+",top="+top;var urlArgs=window.parent&&window.parent.APP&&window.parent.APP.urlArgs||"";var _url="index.reporter.html?"+urlArgs;if(this.locale)_url+="&lang="+this.locale;this.reporterWindow=window.open(_url,"_blank","resizable=yes,status=0,toolbar=0,location=0,menubar=0,directories=0,scrollbars=0,"+
+_windowPos);if(!this.reporterWindow)return;var w=this.reporterWindow;require(["/common/outer/worker-channel.js","/common/common-util.js"],function(Channel,Util){var msgEv=Util.mkEvent();window.addEventListener("message",function(msg){if(msg.source!==w)return;msgEv.fire(msg)});var postMsg=function(data){w.postMessage(data,"*")};Channel.create(msgEv,postMsg,function(chan){var send=function(obj){chan.event("CMD",obj)};chan.on("CMD",function(obj){if(obj.type!=="auth")return;send({type:"authChanges",changes:[]});
 send({type:"auth",result:1,sessionId:"06348ca8f861a0af3548ae38360aa617",participants:[],locks:[],changes:[],changesIndex:0,indexUser:0,buildVersion:"5.2.6",buildNumber:2,licenseType:3});send({type:"documentOpen",data:{"type":"open","status":"ok","data":{"Editor.bin":editor.reporterStartObject.url}}})})})});this.reporterWindowCounter=0;if(!AscCommon.AscBrowser.isSafariMacOs)this.reporterWindow.onbeforeunload=function(){window.editor.EndDemonstration()};this.reporterWindow.onunload=function(){window.editor.reporterWindowCounter++;
 if(1<window.editor.reporterWindowCounter)window.editor.EndDemonstration()};if(this.reporterWindow.attachEvent)this.reporterWindow.attachEvent("onmessage",this.DemonstrationReporterMessages);else this.reporterWindow.addEventListener("message",this.DemonstrationReporterMessages,false)};asc_docs_api.prototype.DemonstrationReporterEnd=function(){if(window["AscDesktopEditor"]){window["AscDesktopEditor"]["endReporter"]();this.reporterWindow=null;return}try{this.reporterWindowCounter=0;if(!this.reporterWindow)return;
 if(this.reporterWindow.attachEvent)this.reporterWindow.detachEvent("onmessage",this.DemonstrationReporterMessages);else this.reporterWindow.removeEventListener("message",this.DemonstrationReporterMessages,false);this.reporterWindow.close();this.reporterWindow=null;this.reporterStartObject=null}catch(err){this.reporterWindow=null;this.reporterStartObject=null}};asc_docs_api.prototype.DemonstrationReporterMessages=function(e){var _this=window.editor;if(e.data=="i:am:ready"){var bin=editor.asc_nativeGetFile();
diff --git a/www/common/sframe-boot2.js b/www/common/sframe-boot2.js
index 66a93545f..647a520af 100644
--- a/www/common/sframe-boot2.js
+++ b/www/common/sframe-boot2.js
@@ -13,11 +13,6 @@ define([
         };
     }
 
-    // RPC breaks if you don't support Number.MAX_SAFE_INTEGER
-    if (Number && !Number.MAX_SAFE_INTEGER) {
-        Number.MAX_SAFE_INTEGER = 9007199254740991;
-    }
-
     var mkFakeStore = function () {
         var fakeStorage = {
             getItem: function (k) { return fakeStorage[k]; },
diff --git a/www/convert/main.js b/www/convert/main.js
index 04ab76846..1d74f26b8 100644
--- a/www/convert/main.js
+++ b/www/convert/main.js
@@ -17,7 +17,7 @@ define([
             category = window.location.hash.slice(1);
             window.location.hash = '';
         }
-        var addRpc = function (sframeChan) {
+        var addRpc = function (sframeChan, CryptPad, Utils) {
             // X2T
             sframeChan.on('Q_OO_CONVERT', function (obj, cb) {
                 obj.modal = 'x2t';
diff --git a/www/unsafeiframe/inner.js b/www/unsafeiframe/inner.js
index 34a13cbe1..73374182b 100644
--- a/www/unsafeiframe/inner.js
+++ b/www/unsafeiframe/inner.js
@@ -6,10 +6,10 @@ define([
     '/common/common-interface.js',
     '/common/common-ui-elements.js',
     '/common/common-util.js',
-    '/common/common-hash.js',
-    '/common/hyperscript.js',
-    'json.sortify',
-    '/customize/messages.js',
+    //'/common/common-hash.js',
+    //'/common/hyperscript.js',
+    //'json.sortify',
+    //'/customize/messages.js',
 ], function (
     $,
     Crypto,
@@ -17,19 +17,19 @@ define([
     SFCommon,
     UI,
     UIElements,
-    Util,
+    Util /*,
     Hash,
     h,
     Sortify,
-    Messages)
+    Messages */)
 {
     var APP = window.APP = {};
 
     var andThen = function (common) {
-        var metadataMgr = common.getMetadataMgr();
+        //var metadataMgr = common.getMetadataMgr();
         var sframeChan = common.getSframeChannel();
-        var $body = $('body');
-        var displayed;
+        //var $body = $('body');
+        //var displayed;
 
         var create = {};
 
diff --git a/www/unsafeiframe/main.js b/www/unsafeiframe/main.js
index c36d4f641..fc2669d91 100644
--- a/www/unsafeiframe/main.js
+++ b/www/unsafeiframe/main.js
@@ -4,8 +4,8 @@ define([
     '/api/config',
     'jquery',
     '/common/requireconfig.js',
-    '/customize/messages.js',
-], function (nThen, ApiConfig, $, RequireConfig, Messages) {
+    //'/customize/messages.js',
+], function (nThen, ApiConfig, $, RequireConfig /*, Messages */) {
     var requireConfig = RequireConfig();
 
     var ready = false;