diff --git a/default_config.py b/default_config.py
index 741533dec1b97be4181a2edd7159ce11a66acb38..4d3d06163730cda9b6e2838fcd5e344d9fee7e7e 100644
--- a/default_config.py
+++ b/default_config.py
@@ -8,3 +8,7 @@ OAUTH2_AUTH_URL = 'http://localhost:5001/oauth2/authorize'
 OAUTH2_TOKEN_URL = 'http://localhost:5001/oauth2/token'
 OAUTH2_USERINFO_URL = 'http://localhost:5001/oauth2/userinfo'
 
+# CSRF protection
+SESSION_COOKIE_SECURE=True
+SESSION_COOKIE_HTTPONLY=True
+SESSION_COOKIE_SAMESITE='Strict'