diff --git a/configs/docker_config.py b/configs/docker_config.py
index 6666fc2..ba0a233 100644
--- a/configs/docker_config.py
+++ b/configs/docker_config.py
@@ -2,6 +2,7 @@
 BIND_ADDRESS = '0.0.0.0'
 PORT = 80
 SQLALCHEMY_DATABASE_URI = 'sqlite:////data/powerdns-admin.db'
+CSRF_COOKIE_HTTPONLY = True
 
 legal_envvars = (
     'SECRET_KEY',
diff --git a/powerdnsadmin/default_config.py b/powerdnsadmin/default_config.py
index 16b8161..8737680 100644
--- a/powerdnsadmin/default_config.py
+++ b/powerdnsadmin/default_config.py
@@ -10,6 +10,7 @@ PORT = 9191
 HSTS_ENABLED = False
 OFFLINE_MODE = False
 FILESYSTEM_SESSIONS_ENABLED = False
+CSRF_COOKIE_HTTPONLY = True
 
 ### DATABASE CONFIG
 SQLA_DB_USER = 'pda'