diff --git a/src/forward.rs b/src/forward.rs
index b7bd56c..8ce2650 100644
--- a/src/forward.rs
+++ b/src/forward.rs
@@ -317,7 +317,7 @@ pub async fn forward_register(
         .content_type("text/html")
         .set_header(
             "Set-Cookie",
-            format!("sncf_admin_token={}; HttpOnly; SameSite=Strict", &token),
+            format!("sncf_admin_token={}; HttpOnly; Secure; SameSite=Strict", &token),
         )
         .body(
             TplLink {
@@ -381,7 +381,7 @@ pub async fn index(req: HttpRequest) -> Result<HttpResponse, TrainCrash> {
         .set_header(
             "Set-Cookie",
             format!(
-                "sncf_csrf_cookie={}; HttpOnly; SameSite=Strict",
+                "sncf_csrf_cookie={}; HttpOnly; Secure; SameSite=Strict",
                 base64::encode_config(&csrf_cookie.value(), base64::URL_SAFE_NO_PAD)
             ),
         )