diff --git a/arkindex/project/config.py b/arkindex/project/config.py
index 8607f8a508c59342ce316e97ef298c27d83cb7fc..9c2f6c8f1b6ed26c5cf38bcd3466adda8a493134 100644
--- a/arkindex/project/config.py
+++ b/arkindex/project/config.py
@@ -88,12 +88,14 @@ def get_settings_parser(base_dir):
     csrf_parser = parser.add_subparser('csrf', default={})
     csrf_parser.add_option('cookie_name', type=str, default='arkindex.csrf')
     csrf_parser.add_option('cookie_domain', type=str, default=None)
+    csrf_parser.add_option('cookie_secure', type=bool, default=False)
     csrf_parser.add_option('cookie_samesite', type=CookieSameSiteOption, default=CookieSameSiteOption.Lax)
     csrf_parser.add_option('trusted_origins', type=str, many=True, default=[])
 
     session_parser = parser.add_subparser('session', default={})
     session_parser.add_option('cookie_name', type=str, default='arkindex.auth')
     session_parser.add_option('cookie_domain', type=str, default=None)
+    session_parser.add_option('cookie_secure', type=bool, default=False)
     session_parser.add_option('cookie_samesite', type=CookieSameSiteOption, default=CookieSameSiteOption.Lax)
 
     cors_parser = parser.add_subparser('cors', default={})
diff --git a/arkindex/project/settings.py b/arkindex/project/settings.py
index 31fedc7fb22c340abaf14babee861f72235fd191..efcd72caddc1a87c0a91c4c13019ad891d6b0ce0 100644
--- a/arkindex/project/settings.py
+++ b/arkindex/project/settings.py
@@ -396,11 +396,13 @@ else:
 CSRF_COOKIE_NAME = conf['csrf']['cookie_name']
 CSRF_COOKIE_DOMAIN = conf['csrf']['cookie_domain']
 CSRF_COOKIE_SAMESITE = conf['csrf']['cookie_samesite'].value
+CSRF_COOKIE_SECURE = conf['csrf']['cookie_secure']
 CSRF_TRUSTED_ORIGINS = conf['csrf']['trusted_origins']
 
 SESSION_COOKIE_NAME = conf['session']['cookie_name']
 SESSION_COOKIE_DOMAIN = conf['session']['cookie_domain']
 SESSION_COOKIE_SAMESITE = conf['session']['cookie_samesite'].value
+SESSION_COOKIE_SECURE = conf['session']['cookie_secure']
 # Required for authentication over websockets
 SESSION_COOKIE_HTTPONLY = False
 
diff --git a/arkindex/project/tests/config_samples/defaults.yaml b/arkindex/project/tests/config_samples/defaults.yaml
index f2850a47c86eee21abc80b4d1532bdd921440e8a..6133c1053f714891ef5b9809b54d5771a8eb1fe2 100644
--- a/arkindex/project/tests/config_samples/defaults.yaml
+++ b/arkindex/project/tests/config_samples/defaults.yaml
@@ -16,6 +16,7 @@ csrf:
   cookie_domain: null
   cookie_name: arkindex.csrf
   cookie_samesite: lax
+  cookie_secure: false
   trusted_origins: []
 database:
   host: localhost
@@ -68,6 +69,7 @@ session:
   cookie_domain: null
   cookie_name: arkindex.auth
   cookie_samesite: lax
+  cookie_secure: false
 static:
   cdn_assets_url: null
   frontend_version: null
diff --git a/arkindex/project/tests/config_samples/override.yaml b/arkindex/project/tests/config_samples/override.yaml
index d9695aa22424d490ec51f63e9448766efad604f8..19b0c84aa94c46cd1a2c93d647aa095ec78c6962 100644
--- a/arkindex/project/tests/config_samples/override.yaml
+++ b/arkindex/project/tests/config_samples/override.yaml
@@ -18,6 +18,7 @@ csrf:
   cookie_domain: something.com
   cookie_name: csrfcookie
   cookie_samesite: strict
+  cookie_secure: true
   trusted_origins:
   - trust-no-one
 database:
@@ -83,6 +84,7 @@ session:
   cookie_domain: cookie-dolmen
   cookie_name: stonehenge
   cookie_samesite: false
+  cookie_secure: true
 static:
   cdn_assets_url: http://cdn.teklia.horse/
   frontend_version: 1.2.3-alpha4