diff --git a/htdocs/admin/bank.php b/htdocs/admin/bank.php
index 8ed1e3cd9ac..afe60acff2e 100644
--- a/htdocs/admin/bank.php
+++ b/htdocs/admin/bank.php
@@ -166,7 +166,7 @@ $linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php">'.$langs->trans("BackToM
 print load_fiche_titre($langs->trans("BankSetupModule"),$linkback,'title_setup');
 
 $head = bank_admin_prepare_head(null);
-dol_fiche_head($head, 'general', $langs->trans("BankSetupModule"), 0, 'account');
+dol_fiche_head($head, 'general', $langs->trans("BankSetupModule"), -1, 'account');
 
 $var=true;
 
diff --git a/htdocs/admin/bank_extrafields.php b/htdocs/admin/bank_extrafields.php
index 2d03c51e34d..794483350f1 100644
--- a/htdocs/admin/bank_extrafields.php
+++ b/htdocs/admin/bank_extrafields.php
@@ -71,7 +71,7 @@ print load_fiche_titre($langs->trans("BankSetupModule"),$linkback,'title_setup')
 
 $head = bank_admin_prepare_head(null);
 
-dol_fiche_head($head, 'attributes', $langs->trans("BankSetupModule"), 0, 'account');
+dol_fiche_head($head, 'attributes', $langs->trans("BankSetupModule"), -1, 'account');
 
 require DOL_DOCUMENT_ROOT.'/core/tpl/admin_extrafields_view.tpl.php';
 
diff --git a/htdocs/admin/chequereceipts.php b/htdocs/admin/chequereceipts.php
index fd1da0c328b..bc55eb4b9f6 100644
--- a/htdocs/admin/chequereceipts.php
+++ b/htdocs/admin/chequereceipts.php
@@ -27,6 +27,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/bank.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/compta/paiement/cheque/class/remisecheque.class.php';
 
@@ -71,7 +72,7 @@ if ($action == 'updateMask')
 
 if ($action == 'setmod')
 {
-	dolibarr_set_const($db, "CHEQUERECEIPTS_ADDON",$value,'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "CHEQUERECEIPTS_ADDON",$value, 'chaine', 0, '', $conf->entity);
 }
 
 if ($action == 'set_BANK_CHEQUERECEIPT_FREE_TEXT')
@@ -105,7 +106,7 @@ $linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php">'.$langs->trans("BackToM
 print load_fiche_titre($langs->trans("BankSetupModule"),$linkback,'title_setup');
 
 $head = bank_admin_prepare_head(null);
-dol_fiche_head($head, 'checkreceipts', $langs->trans("BankSetupModule"), 0, 'account');
+dol_fiche_head($head, 'checkreceipts', $langs->trans("BankSetupModule"), -1, 'account');
 
 /*
  *  Numbering module
diff --git a/htdocs/admin/commande.php b/htdocs/admin/commande.php
index a4680f4d16e..d60144a3492 100644
--- a/htdocs/admin/commande.php
+++ b/htdocs/admin/commande.php
@@ -32,6 +32,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/order.lib.php';
 
diff --git a/htdocs/admin/contract.php b/htdocs/admin/contract.php
index 37c0b9bccde..4c0a9572761 100644
--- a/htdocs/admin/contract.php
+++ b/htdocs/admin/contract.php
@@ -24,6 +24,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/contract.lib.php';
 
diff --git a/htdocs/admin/expedition.php b/htdocs/admin/expedition.php
index d31b788a1ab..3c89960ede6 100644
--- a/htdocs/admin/expedition.php
+++ b/htdocs/admin/expedition.php
@@ -30,6 +30,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/expedition.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php';
 
diff --git a/htdocs/admin/expensereport.php b/htdocs/admin/expensereport.php
index b8626827595..eefe5747abd 100644
--- a/htdocs/admin/expensereport.php
+++ b/htdocs/admin/expensereport.php
@@ -30,6 +30,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/expensereport.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
 
diff --git a/htdocs/admin/facture.php b/htdocs/admin/facture.php
index d89c9711e3f..77230dc3f68 100644
--- a/htdocs/admin/facture.php
+++ b/htdocs/admin/facture.php
@@ -29,6 +29,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/invoice.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
 
diff --git a/htdocs/admin/fichinter.php b/htdocs/admin/fichinter.php
index d99fd9456d9..3ce82ce59cb 100644
--- a/htdocs/admin/fichinter.php
+++ b/htdocs/admin/fichinter.php
@@ -30,6 +30,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/fichinter.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/fichinter/class/fichinter.class.php';
 
diff --git a/htdocs/admin/livraison.php b/htdocs/admin/livraison.php
index 143c54ec24d..74081266f43 100644
--- a/htdocs/admin/livraison.php
+++ b/htdocs/admin/livraison.php
@@ -30,6 +30,7 @@
  */
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/expedition.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/livraison/class/livraison.class.php';
 
diff --git a/htdocs/admin/propal.php b/htdocs/admin/propal.php
index 6a9884e263c..7c8413a28a6 100644
--- a/htdocs/admin/propal.php
+++ b/htdocs/admin/propal.php
@@ -30,6 +30,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/propal.lib.php';
 $langs->load("admin");
diff --git a/htdocs/admin/supplier_invoice.php b/htdocs/admin/supplier_invoice.php
index de128184d18..d408657ac8c 100644
--- a/htdocs/admin/supplier_invoice.php
+++ b/htdocs/admin/supplier_invoice.php
@@ -29,6 +29,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/fourn.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.class.php';
 require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php';
diff --git a/htdocs/admin/supplier_order.php b/htdocs/admin/supplier_order.php
index 030a507ce20..acce3a38c7c 100644
--- a/htdocs/admin/supplier_order.php
+++ b/htdocs/admin/supplier_order.php
@@ -29,6 +29,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/fourn.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.class.php';
 require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php';
diff --git a/htdocs/admin/supplier_proposal.php b/htdocs/admin/supplier_proposal.php
index 8fc0c4877c8..8a8d2a181a4 100644
--- a/htdocs/admin/supplier_proposal.php
+++ b/htdocs/admin/supplier_proposal.php
@@ -25,6 +25,7 @@
 
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/supplier_proposal.lib.php';
 $langs->load("admin");
diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php
index b6b8d4ddd72..3f41e74b7f6 100644
--- a/htdocs/core/lib/security2.lib.php
+++ b/htdocs/core/lib/security2.lib.php
@@ -156,7 +156,6 @@ function dol_loginfunction($langs,$conf,$mysoc)
 
 	// Note: $conf->css looks like '/theme/eldy/style.css.php'
 	$conf->css = "/theme/".(GETPOST('theme','alpha')?GETPOST('theme','alpha'):$conf->theme)."/style.css.php";
-	//$themepath=dol_buildpath((empty($conf->global->MAIN_FORCETHEMEDIR)?'':$conf->global->MAIN_FORCETHEMEDIR).$conf->css,1);
 	$themepath=dol_buildpath($conf->css,1);
 	if (! empty($conf->modules_parts['theme']))		// Using this feature slow down application
 	{
diff --git a/htdocs/core/lib/usergroups.lib.php b/htdocs/core/lib/usergroups.lib.php
index 3086e7d264a..1c919237f44 100644
--- a/htdocs/core/lib/usergroups.lib.php
+++ b/htdocs/core/lib/usergroups.lib.php
@@ -326,7 +326,6 @@ function show_theme($fuser,$edit=0,$foruserprofile=false)
 
     $formother = new FormOther($db);
 
-    //$dirthemes=array(empty($conf->global->MAIN_FORCETHEMEDIR)?'/theme':$conf->global->MAIN_FORCETHEMEDIR.'/theme');
     $dirthemes=array('/theme');
     if (! empty($conf->modules_parts['theme']))		// Using this feature slow down application
     {
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index da9e65f47ce..26f455131cd 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -1005,8 +1005,18 @@ function top_httphead($contenttype='text/html')
 
     if ($contenttype == 'text/html' ) header("Content-Type: text/html; charset=".$conf->file->character_set_client);
     else header("Content-Type: ".$contenttype);
-    header("X-Content-Type-Options: nosniff");
-    header("X-Frame-Options: SAMEORIGIN");
+    // Security options
+    header("X-Content-Type-Options: nosniff");  // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on)
+    header("X-Frame-Options: SAMEORIGIN");      // Frames allowed only if on same domain (stop some XSS attacks)
+    if (! empty($conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY))
+    {
+        // For example, to restrict script, object, frames or img to some domains
+        // script-src https://api.google.com https://anotherhost.com; object-src https://youtube.com; child-src https://youtube.com; img-src: https://static.example.com  
+        // For example, to restrict everything to one domain, except object, ...
+        // default-src https://cdn.example.net; object-src 'none'
+        header("Content-Security-Policy: ".$conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY);
+    }
+      
     
     // On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
     /*if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) {
@@ -1121,7 +1131,6 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs
             
         print '<!-- Includes CSS for Dolibarr theme -->'."\n";
         // Output style sheets (optioncss='print' or ''). Note: $conf->css looks like '/theme/eldy/style.css.php'
-        //$themepath=dol_buildpath((empty($conf->global->MAIN_FORCETHEMEDIR)?'':$conf->global->MAIN_FORCETHEMEDIR).$conf->css,1);
         $themepath=dol_buildpath($conf->css,1);
         $themesubdir='';
         if (! empty($conf->modules_parts['theme']))	// This slow down
diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php
index 6530a4f8536..0e906fe0738 100644
--- a/htdocs/user/passwordforgotten.php
+++ b/htdocs/user/passwordforgotten.php
@@ -173,7 +173,6 @@ else
 
 // Note: $conf->css looks like '/theme/eldy/style.css.php'
 $conf->css = "/theme/".(GETPOST('theme','alpha')?GETPOST('theme','alpha'):$conf->theme)."/style.css.php";
-//$themepath=dol_buildpath((empty($conf->global->MAIN_FORCETHEMEDIR)?'':$conf->global->MAIN_FORCETHEMEDIR).$conf->css,1);
 $themepath=dol_buildpath($conf->css,1);
 if (! empty($conf->modules_parts['theme']))	// This slow down
 {