diff --git a/ajax/load-more-videos.php b/ajax/load-more-videos.php
index 37a045f..3bfc18b 100644
--- a/ajax/load-more-videos.php
+++ b/ajax/load-more-videos.php
@@ -9,6 +9,20 @@ if (!isset($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQ
     exit;
 }
 
+// Vérifier l'origine de la requête
+if (!validateAjaxOrigin()) {
+    http_response_code(403);
+    echo json_encode(['error' => 'Origine non autorisée']);
+    exit;
+}
+
+// Vérifier le token CSRF
+if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
+    http_response_code(403);
+    echo json_encode(['error' => 'Token CSRF invalide']);
+    exit;
+}
+
 // Récupérer les paramètres
 $type = isset($_GET['type']) ? $_GET['type'] : '';
 $page = isset($_GET['page']) ? intval($_GET['page']) : 1;
@@ -83,9 +97,9 @@ switch ($type) {
 $html = '';
 
 foreach ($videos as $video) {
-    $html .= '<div class="video-card" data-video-id="' . $video['id'] . '">';
+    $html .= '<div class="video-card" data-video-id="' . htmlspecialchars($video['id']) . '">';
     $html .= '    <div class="video-thumbnail">';
-    $html .= '        <img src="' . $video['thumbnail'] . '" alt="' . htmlspecialchars($video['title']) . '">';
+    $html .= '        <img src="' . htmlspecialchars($video['thumbnail']) . '" alt="' . htmlspecialchars($video['title']) . '">';
     $html .= '        <div class="video-play-icon">';
     $html .= '            <i class="fas fa-play-circle"></i>';
     $html .= '        </div>';
diff --git a/video.php b/video.php
index 650ceb2..83362e7 100644
--- a/video.php
+++ b/video.php
@@ -4,12 +4,16 @@ require_once 'includes/config.php';
 // Inclure le convertisseur Markdown
 require_once 'includes/lib/markdown.php';
 
+// Appliquer les en-têtes de sécurité
+setSecurityHeaders();
+
 // Récupérer l'ID de la vidéo depuis l'URL
 $videoId = isset($_GET['id']) ? $_GET['id'] : '';
 
-// Vérifier si l'ID est valide
-if (empty($videoId)) {
-    // Rediriger vers la page d'accueil si aucun ID n'est spécifié
+// Valider l'ID de la vidéo
+$videoId = validateVideoId($videoId);
+if ($videoId === false) {
+    // Rediriger vers la page d'accueil si l'ID est invalide
     header('Location: index.php');
     exit;
 }
@@ -105,7 +109,7 @@ if (empty($videoData) || isset($videoData['error'])) {
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title><?php echo !empty($video['title']) ? $video['title'] . ' - ' : ''; ?>kaubuntu.re</title>
+    <title><?php echo !empty($video['title']) ? htmlspecialchars($video['title']) . ' - ' : ''; ?>kaubuntu.re</title>
     <link rel="stylesheet" href="css/styles.css">
     <link rel="stylesheet" href="css/video-page.css">
     <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css">
@@ -157,13 +161,13 @@ if (empty($videoData) || isset($videoData['error'])) {
         <div class="video-page">
             <div class="video-player-container">
                 <div class="video-player">
-                    <iframe src="<?php echo $video['url']; ?>?warningTitle='0'" frameborder="0" allowfullscreen="allowfullscreen" allow="autoplay; fullscreen" title="<?php echo htmlspecialchars($video['title']); ?>"></iframe>
+                    <iframe src="<?php echo htmlspecialchars($video['url']); ?>?warningTitle='0'" frameborder="0" allowfullscreen="allowfullscreen" allow="autoplay; fullscreen" title="<?php echo htmlspecialchars($video['title']); ?>"></iframe>
                 </div>
             </div>
             
             <div class="video-content">
                 <div class="video-primary-info">
-                    <h1 class="video-title"><?php echo $video['title']; ?></h1>
+                    <h1 class="video-title"><?php echo htmlspecialchars($video['title']); ?></h1>
                     
                     <div class="video-info">
                         <div class="video-metadata">
@@ -461,7 +465,7 @@ if (empty($videoData) || isset($videoData['error'])) {
                 <div class="share-link-container">
                     <p>Lien de la vidéo :</p>
                     <div class="share-link-box">
-                        <input type="text" id="share-link" value="<?php echo (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; ?>" readonly>
+                        <input type="text" id="share-link" value="<?php echo htmlspecialchars((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"); ?>" readonly>
                         <button id="copy-link-btn" class="copy-btn" title="Copier le lien">
                             <i class="fas fa-copy"></i>
                         </button>
@@ -470,7 +474,7 @@ if (empty($videoData) || isset($videoData['error'])) {
                 
                 <p class="share-platforms-title">Partager sur :</p>
                 <div class="share-platforms">
-                    <a href="mailto:?subject=<?php echo urlencode($video['title']); ?>&body=<?php echo urlencode($video['title'] . ' - ' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"); ?>" class="share-platform-btn" title="Partager par e-mail">
+                    <a href="mailto:?subject=<?php echo urlencode(htmlspecialchars($video['title'])); ?>&body=<?php echo urlencode(htmlspecialchars($video['title']) . ' - ' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"); ?>" class="share-platform-btn" title="Partager par e-mail">
                         <i class="fas fa-envelope"></i>
                         <span>E-mail</span>
                     </a>
@@ -480,12 +484,12 @@ if (empty($videoData) || isset($videoData['error'])) {
                         <span>Facebook</span>
                     </a>
                     
-                    <a href="https://twitter.com/intent/tweet?text=<?php echo urlencode($video['title']); ?>&url=<?php echo urlencode((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"); ?>" target="_blank" class="share-platform-btn" title="Partager sur X/Twitter">
+                    <a href="https://twitter.com/intent/tweet?text=<?php echo urlencode(htmlspecialchars($video['title'])); ?>&url=<?php echo urlencode((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"); ?>" target="_blank" class="share-platform-btn" title="Partager sur X/Twitter">
                         <i class="fab fa-x-twitter"></i>
                         <span>X</span>
                     </a>
                     
-                    <a href="https://wa.me/?text=<?php echo urlencode($video['title'] . ' - ' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"); ?>" target="_blank" class="share-platform-btn" title="Partager sur WhatsApp">
+                    <a href="https://wa.me/?text=<?php echo urlencode(htmlspecialchars($video['title']) . ' - ' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"); ?>" target="_blank" class="share-platform-btn" title="Partager sur WhatsApp">
                         <i class="fab fa-whatsapp"></i>
                         <span>WhatsApp</span>
                     </a>