diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 402d7b4c..12ad7a27 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -274,6 +274,30 @@ minimal:
       - ./*.log
       - tests/*.log
 
+# Build a minimal version with every optional feature disable
+# --disable-compression currently not supported due to issue #291
+Ubuntu18.04-minimal:
+  stage: testing
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU18_BUILD
+  script:
+  - git submodule update --init
+  - autoreconf -fvi
+  - ./configure --without-protobuf --without-root-tests --without-docker-tests --without-nuttcp-tests --without-libtalloc-prefix --without-libnl --without-maxmind --without-geoip --without-libreadline-prefix --without-liboath --without-libc-prefix --without-pam --without-radius --without-libcrypt-prefix --without-utmp --without-libutil-prefix --without-libwrap --without-libwrap-prefix --without-libseccomp-prefix --without-libsystemd-prefix --without-http-parser --without-lz4 --without-gssapi --without-pcl-lib --disable-rpath --disable-seccomp --disable-anyconnect-compat 
+  - make -j$JOBS
+  - make check -j$JOBS
+  tags:
+  - shared
+  - linux
+  except:
+  - tags
+  - schedules
+  artifacts:
+    expire_in: 1 week
+    when: on_failure
+    paths:
+      - ./*.log
+      - ./tests/*.log
+
 # We do not compile with PAM under address sanitizer since we are using co-routines
 # without instrumentation for sanitizer.
 .asan/Fedora:
diff --git a/src/config.c b/src/config.c
index bbe8842c..b58f5cdc 100644
--- a/src/config.c
+++ b/src/config.c
@@ -829,8 +829,10 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, co
 			READ_NUMERIC(config->rate_limit_ms);
 	} else if (strcmp(name, "ocsp-response") == 0) {
 		READ_STRING(config->ocsp_response);
+#ifdef ANYCONNECT_CLIENT_COMPAT
 	} else if (strcmp(name, "user-profile") == 0) {
 		READ_STRING(config->xml_config_file);
+#endif 
 	} else if (strcmp(name, "default-domain") == 0) {
 		READ_STRING(config->default_domain);
 	} else if (strcmp(name, "crl") == 0) {
@@ -1256,6 +1258,7 @@ static void check_cfg(vhost_cfg_st *vhost, vhost_cfg_st *defvhost, unsigned sile
 		}
 	}
 
+#ifdef ANYCONNECT_CLIENT_COMPAT
 	if (vhost->perm_config.cert && vhost->perm_config.cert_hash == NULL) {
 		vhost->perm_config.cert_hash = calc_sha1_hash(vhost->pool, vhost->perm_config.cert[0], 1);
 	}
@@ -1278,6 +1281,7 @@ static void check_cfg(vhost_cfg_st *vhost, vhost_cfg_st *defvhost, unsigned sile
 			exit(1);
 		}
 	}
+#endif
 
 	if (config->priorities == NULL) {
 		/* on vhosts assign the main host priorities */
diff --git a/src/main-sec-mod-cmd.c b/src/main-sec-mod-cmd.c
index ef0129ed..ffa065aa 100644
--- a/src/main-sec-mod-cmd.c
+++ b/src/main-sec-mod-cmd.c
@@ -371,9 +371,11 @@ void apply_default_config(main_server_st *s, proc_st *proc, GroupCfgSt *gc)
 		gc->cgroup = vhost->perm_config.config->cgroup;
 	}
 
+#ifdef ANYCONNECT_CLIENT_COMPAT
 	if (!gc->xml_config_file) {
 		gc->xml_config_file = vhost->perm_config.config->xml_config_file;
 	}
+#endif 
 
 	if (!gc->has_rx_per_sec) {
 		gc->rx_per_sec = vhost->perm_config.config->rx_per_sec;
diff --git a/src/sup-config/file.c b/src/sup-config/file.c
index b892cf3f..09b64c67 100644
--- a/src/sup-config/file.c
+++ b/src/sup-config/file.c
@@ -185,8 +185,10 @@ static int group_cfg_ini_handler(void *_ctx, const char *section, const char *na
 		/* net-priority will contain the actual priority + 1,
 		 * to allow having zero as uninitialized. */
 		 READ_RAW_PRIO_TOS(msg->config->net_priority, msg->config->has_net_priority);
+#ifdef ANYCONNECT_CLIENT_COMPAT
 	} else if (strcmp(name, "user-profile") == 0) {
 		READ_RAW_STRING(msg->config->xml_config_file);
+#endif		
 	} else if (strcmp(name, "restrict-user-to-ports") == 0) {
 		ret = cfg_parse_ports(pool, &msg->config->fw_ports, &msg->config->n_fw_ports, value);
 		if (ret < 0) {
diff --git a/src/vpn.h b/src/vpn.h
index 8da0eb6b..95367532 100644
--- a/src/vpn.h
+++ b/src/vpn.h
@@ -323,8 +323,10 @@ struct cfg_st {
 	char *cgroup;
 	char *proxy_url;
 
+#ifdef ANYCONNECT_CLIENT_COMPAT
 	char *xml_config_file;
 	char *xml_config_hash;
+#endif
 
 	/* additional configuration files */
 	char *per_group_dir;
diff --git a/src/worker-auth.c b/src/worker-auth.c
index cae3a4b2..7eabd9cf 100644
--- a/src/worker-auth.c
+++ b/src/worker-auth.c
@@ -970,10 +970,15 @@ int post_common_handler(worker_st * ws, unsigned http_ver, const char *imsg)
 		success_msg_foot_size = strlen(success_msg_foot);
 	} else {
 		success_msg_head = oc_success_msg_head;
+		success_msg_foot = NULL;
+#ifdef ANYCONNECT_CLIENT_COMPAT
 		if (WSCONFIG(ws)->xml_config_file) {
 			success_msg_foot = talloc_asprintf(ws, OC_SUCCESS_MSG_FOOT_PROFILE,
 				WSCONFIG(ws)->xml_config_file, WSCONFIG(ws)->xml_config_hash);
-		} else {
+		} 
+#endif
+
+		if (success_msg_foot == NULL) {
 			success_msg_foot = talloc_strdup(ws, OC_SUCCESS_MSG_FOOT);
 		}
 
@@ -1062,6 +1067,7 @@ int post_common_handler(worker_st * ws, unsigned http_ver, const char *imsg)
 	if (ret < 0)
 		goto fail;
 
+#ifdef ANYCONNECT_CLIENT_COMPAT	
 	if (WSCONFIG(ws)->xml_config_file) {
 		ret =
 		    cstp_printf(ws,
@@ -1075,6 +1081,7 @@ int post_common_handler(worker_st * ws, unsigned http_ver, const char *imsg)
 			       "Set-Cookie: webvpnc=bu:/&p:t&iu:1/&sh:%s; path=/; Secure\r\n",
 			       WSPCONFIG(ws)->cert_hash);
 	}
+#endif
 
 	if (ret < 0)
 		goto fail;
diff --git a/src/worker-http-handlers.c b/src/worker-http-handlers.c
index a5a4e7b3..0d405798 100644
--- a/src/worker-http-handlers.c
+++ b/src/worker-http-handlers.c
@@ -216,6 +216,7 @@ int get_ca_der_handler(worker_st * ws, unsigned http_ver)
 	return ca_handler(ws, http_ver, 1);
 }
 
+#ifdef ANYCONNECT_CLIENT_COMPAT
 int get_config_handler(worker_st *ws, unsigned http_ver)
 {
 	int ret;
@@ -252,7 +253,6 @@ int get_config_handler(worker_st *ws, unsigned http_ver)
 	return 0;
 }
 
-#ifdef ANYCONNECT_CLIENT_COMPAT
 #define VPN_VERSION "0,0,0000\n"
 #define XML_START "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<vpn rev=\"1.0\">\n</vpn>\n"
 
diff --git a/src/worker-http.c b/src/worker-http.c
index 038936be..e257fd54 100644
--- a/src/worker-http.c
+++ b/src/worker-http.c
@@ -60,8 +60,8 @@ static const struct known_urls_st known_urls[] = {
 	LL("/cert.cer", get_cert_der_handler, NULL),
 	LL("/ca.pem", get_ca_handler, NULL),
 	LL("/ca.cer", get_ca_der_handler, NULL),
-	LL_DIR("/profiles", get_config_handler, NULL),
 #ifdef ANYCONNECT_CLIENT_COMPAT
+	LL_DIR("/profiles", get_config_handler, NULL),
 	LL("/1/index.html", get_empty_handler, NULL),
 	LL("/1/Linux", get_empty_handler, NULL),
 	LL("/1/Linux_64", get_empty_handler, NULL),
diff --git a/src/worker-privs.c b/src/worker-privs.c
index 835a7fc5..ddb46254 100644
--- a/src/worker-privs.c
+++ b/src/worker-privs.c
@@ -119,6 +119,7 @@ int disable_system_calls(struct worker_st *ws)
 	ADD_SYSCALL(getsockopt, 0);
 	ADD_SYSCALL(setsockopt, 0);
 
+#ifdef ANYCONNECT_CLIENT_COMPAT
 	/* we need to open files when we have an xml_config_file setup on any vhost */
 	list_for_each(ws->vconfig, vhost, list) {
 		if (vhost->perm_config.config->xml_config_file) {
@@ -128,6 +129,7 @@ int disable_system_calls(struct worker_st *ws)
 			break;
 		}
 	}
+#endif	
 
 	/* this we need to get the MTU from
 	 * the TUN device */
diff --git a/src/worker.h b/src/worker.h
index 837a0ec2..783466b1 100644
--- a/src/worker.h
+++ b/src/worker.h
@@ -312,7 +312,9 @@ int get_ca_der_handler(worker_st * ws, unsigned http_ver);
 
 int response_404(worker_st *ws, unsigned http_ver);
 int get_empty_handler(worker_st *server, unsigned http_ver);
+#ifdef ANYCONNECT_CLIENT_COMPAT
 int get_config_handler(worker_st *ws, unsigned http_ver);
+#endif
 int get_string_handler(worker_st *ws, unsigned http_ver);
 int get_dl_handler(worker_st *ws, unsigned http_ver);
 int get_cert_names(worker_st * ws, const gnutls_datum_t * raw);