diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php
index bc3f4609d1f..4229a6def80 100644
--- a/htdocs/admin/system/security.php
+++ b/htdocs/admin/system/security.php
@@ -173,7 +173,7 @@ print '<br>';
 print '<strong>'.$langs->trans("XDebug").'</strong>: ';
 $test = !function_exists('xdebug_is_enabled') && !extension_loaded('xdebug');
 if ($test) {
-	print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
+	print img_picto('', 'tick').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
 } else {
 	print img_picto('', 'warning').' '.$langs->trans("ModuleActivatedMayExposeInformation", $langs->transnoentities("XDebug"));
 	print ' - '.$langs->trans("MoreInformation").' <a href="'.DOL_URL_ROOT.'/admin/system/xdebug.php">XDebug admin page</a>';
@@ -480,30 +480,57 @@ print load_fiche_titre($langs->trans("Modules"), '', 'folder');
 
 // Module log
 print '<strong>'.$langs->trans("Syslog").'</strong>: ';
-$test = !isModEnabled('syslog');
-if ($test) {
-	print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
+$test = isModEnabled('syslog');
+if (!$test) {
+	print img_picto('', 'tick').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
 } else {
 	if (getDolGlobalInt('SYSLOG_LEVEL') > LOG_NOTICE) {
 		print img_picto('', 'warning').' '.$langs->trans("ModuleActivatedWithTooHighLogLevel", $langs->transnoentities("Syslog"));
 	} else {
-		print img_picto('', 'tick.png').' '.$langs->trans("ModuleSyslogActivatedButLevelNotTooVerbose", $langs->transnoentities("Syslog"), getDolGlobalInt('SYSLOG_LEVEL'));
+		print img_picto('', 'tick').' '.$langs->trans("ModuleSyslogActivatedButLevelNotTooVerbose", $langs->transnoentities("Syslog"), getDolGlobalInt('SYSLOG_LEVEL'));
 	}
 	//print ' '.$langs->trans("MoreInformation").' <a href="'.DOL_URL_ROOT.'/admin/system/xdebug.php'.'">XDebug admin page</a>';
 }
 print '<br>';
 
+print '<br>';
+
 // Module debugbar
 print '<strong>'.$langs->trans("DebugBar").'</strong>: ';
-$test = empty($conf->debugbar->enabled);
-if ($test) {
-	print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
+$test = isModEnabled('debugbar');
+if (!$test) {
+	print img_picto('', 'tick').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
 } else {
 	print img_picto('', 'error').' '.$langs->trans("ModuleActivatedDoNotUseInProduction", $langs->transnoentities("DebugBar"));
 	//print ' '.$langs->trans("MoreInformation").' <a href="'.DOL_URL_ROOT.'/admin/system/xdebug.php'.'">XDebug admin page</a>';
 }
 print '<br>';
 
+print '<br>';
+
+// Modules for Payments
+$test = isModEnabled('stripe');
+if ($test) {
+	print '<strong>'.$langs->trans("Stripe").'</strong>: ';
+	if (!getDolGlobalString('PAYMENT_SECURITY_TOKEN_UNIQUE')) {
+		print img_picto('', 'error').' '.$langs->trans("OptionXShouldBeEnabledInModuleY", $langs->transnoentities("SecurityTokenIsUnique"), $langs->transnoentities("Stripe"));
+	} else {
+		print img_picto('', 'tick').' '.$langs->trans("OptionXIsCorrectlyEnabledInModuleY", $langs->transnoentities("SecurityTokenIsUnique"), $langs->transnoentities("Stripe"));
+	}
+	print '<br>';
+} else {
+	$test = isModEnabled('paypal');
+	if ($test) {
+		print '<strong>'.$langs->trans("Paypal").'</strong>: ';
+		if (!getDolGlobalString('PAYMENT_SECURITY_TOKEN_UNIQUE')) {
+			print img_picto('', 'error').' '.$langs->trans("OptionXShouldBeEnabledInModuleY", $langs->transnoentities("SecurityTokenIsUnique"), $langs->transnoentities("Paypal"));
+		} else {
+			print img_picto('', 'tick').' '.$langs->trans("OptionXIsCorrectlyEnabledInModuleY", $langs->transnoentities("SecurityTokenIsUnique"), $langs->transnoentities("Paypal"));
+		}
+		print '<br>';
+	}
+}
+
 
 // APIs
 
diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php
index b60054b9701..f6d354d9431 100644
--- a/htdocs/core/lib/security2.lib.php
+++ b/htdocs/core/lib/security2.lib.php
@@ -572,19 +572,20 @@ function dolJSToSetRandomPassword($htmlname, $htmlnameofbutton = 'generate_token
 	if (!empty($conf->use_javascript_ajax)) {
 		print "\n".'<!-- Js code to suggest a security key -->';
 		print '<script nonce="'.getNonce().'" type="text/javascript">';
-		print '$(document).ready(function () {
-            $("#'.dol_escape_js($htmlnameofbutton).'").click(function() {
-				console.log("We click on the button '.dol_escape_js($htmlnameofbutton).' to suggest a key. We will fill '.dol_escape_js($htmlname).'");
-            	$.get( "'.DOL_URL_ROOT.'/core/ajax/security.php", {
+		print 'jQuery(document).ready(function () {
+            jQuery("#'.dol_escape_js($htmlnameofbutton).'").click(function() {
+				var currenttoken = jQuery("meta[name=anti-csrf-currenttoken]").attr("content");
+				console.log("We click on the button '.dol_escape_js($htmlnameofbutton).' to suggest a key. anti-csrf-currentotken is "+currenttoken+". We will fill '.dol_escape_js($htmlname).'");
+				jQuery.get( "'.DOL_URL_ROOT.'/core/ajax/security.php", {
             		action: \'getrandompassword\',
             		generic: '.($generic ? '1' : '0').',
-					token: \''.dol_escape_js(newToken()).'\'
+					token: currenttoken
 				},
 				function(result) {
-					if ($("input#'.dol_escape_js($htmlname).'").attr("type") == "password") {
-						$("input#'.dol_escape_js($htmlname).'").attr("type", "text");
+					if (jQuery("input#'.dol_escape_js($htmlname).'").attr("type") == "password") {
+						jQuery("input#'.dol_escape_js($htmlname).'").attr("type", "text");
 					}
-					$("#'.dol_escape_js($htmlname).'").val(result);
+					jQuery("#'.dol_escape_js($htmlname).'").val(result);
 				});
             });
 		});'."\n";
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 36fd9425943..81b89898250 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -2382,4 +2382,6 @@ MAIN_CHECKBOX_LEFT_COLUMN=Show the column for field and line selection on the le
 NotAvailableByDefaultEnabledOnModuleActivation=Not created by default. Created on module activation only.
 CSSPage=CSS Style
 Defaultfortype=Default
-DefaultForTypeDesc=Template used by default when creating a new email for the template type
\ No newline at end of file
+DefaultForTypeDesc=Template used by default when creating a new email for the template type
+OptionXShouldBeEnabledInModuleY=Option "<b>%s</b>" should be enabled into module <b>%s</b>
+OptionXIsCorrectlyEnabledInModuleY=Option "<b>%s</b>" is enabled into module <b>%s</b>
diff --git a/htdocs/paypal/admin/paypal.php b/htdocs/paypal/admin/paypal.php
index 68759eeb5e3..6c14ef41a7c 100644
--- a/htdocs/paypal/admin/paypal.php
+++ b/htdocs/paypal/admin/paypal.php
@@ -367,7 +367,7 @@ if (!empty($conf->use_javascript_ajax)) {
 	print '$(document).ready(function () {
 	            $("#apidoc").hide();
 	            $("#apidoca").click(function() {
-					console.log("We click on apidoca show/hide");
+					console.log("We click on apidoca so we show/hide");
 	                $("#apidoc").show();
 	            	$("#apidoca").hide();
 					return false;