diff --git a/htdocs/website/samples/wrapper.php b/htdocs/website/samples/wrapper.php
index fe55987a77a..eadc7c68a53 100644
--- a/htdocs/website/samples/wrapper.php
+++ b/htdocs/website/samples/wrapper.php
@@ -64,9 +64,21 @@ if (!empty($hashp)) {
 			if ($moduleparttocheck == $modulepart) {
 				// We remove first level of directory
 				$original_file = (($tmp[1] ? $tmp[1].'/' : '').$ecmfile->filename); // this is relative to module dir
-				//var_dump($original_file); exit;
+				//var_dump($original_file); exit(0);
 			} else {
+				// Security options
+
+				// X-Content-Type-Options
+				header("X-Content-Type-Options: nosniff");
+
+				// X-Frame-Options
+				if (!getDolGlobalString('WEBSITE_ALLOW_FRAMES_ON_ALL_PAGES')) {
+					header("X-Frame-Options: SAMEORIGIN");
+				}
+
+				http_response_code(401);
 				print 'Bad link. File is from another module part.';
+				exit(1);
 			}
 		} else {
 			$modulepart = $moduleparttocheck;
@@ -77,8 +89,19 @@ if (!empty($hashp)) {
 			$original_file = getImageFileNameForSize($original_file, $extname);
 		}
 	} else {
+		// Security options
+
+		// X-Content-Type-Options
+		header("X-Content-Type-Options: nosniff");
+
+		// X-Frame-Options
+		if (!getDolGlobalString('WEBSITE_ALLOW_FRAMES_ON_ALL_PAGES')) {
+			header("X-Frame-Options: SAMEORIGIN");
+		}
+
+		http_response_code(404);
 		print "ErrorFileNotFoundWithSharedLink";
-		exit;
+		exit(2);
 	}
 }
 
@@ -196,15 +219,19 @@ if ($rss) {
 				$error = 'Failed to rename '.$outputfiletmp.' into '.$outputfile;
 				dol_syslog("build_exportfile ".$error, LOG_ERR);
 				dol_delete_file($outputfiletmp, 0, 1);
+
+				http_response_code(500);
 				print $error;
-				exit(-1);
+				exit(3);
 			}
 		} else {
 			dol_syslog("build_exportfile build_xxxfile function fails to for format=".$format." outputfiletmp=".$outputfile, LOG_ERR);
 			dol_delete_file($outputfiletmp, 0, 1);
 			$langs->load("errors");
+
+			http_response_code(500);
 			print $langs->trans("ErrorFailToCreateFile", $outputfile);
-			exit(-1);
+			exit(4);
 		}
 	}
 
@@ -245,7 +272,7 @@ if ($rss) {
 		}
 
 		// header("Location: ".DOL_URL_ROOT.'/document.php?modulepart=agenda&file='.urlencode($filename));
-		exit;
+		exit(5);
 	}
 } elseif ($modulepart == "mycompany" && preg_match('/^\/?logos\//', $original_file)) {
 	// Get logos
@@ -265,8 +292,9 @@ if ($rss) {
 	// Security:
 	// Limit access if permissions are wrong
 	if (!$accessallowed) {
+		http_response_code(403);
 		print 'Access forbidden';
-		exit;
+		exit(6);
 	}
 
 	// For backward compatibility of old thumbs that were created with filename in lower case and with .png extension
@@ -284,8 +312,9 @@ if ($rss) {
 
 	// This test if file exists should be useless. We keep it to find bug more easily
 	if (!file_exists($fullpath_original_file_osencoded)) {
+		http_response_code(404);
 		print "ErrorFileDoesNotExists: ".dol_escape_htmltag($original_file);
-		exit;
+		exit(7);
 	}
 
 	// Permissions are ok and file found, so we return it