diff --git a/api.planx.uk/modules/auth/controller.ts b/api.planx.uk/modules/auth/controller.ts
index dc84564b37..1e255bd18e 100644
--- a/api.planx.uk/modules/auth/controller.ts
+++ b/api.planx.uk/modules/auth/controller.ts
@@ -47,12 +47,12 @@ function setJWTCookie(returnTo: string, res: Response, req: Request) {
       new Date().setFullYear(new Date().getFullYear() + 1),
     ).getTime(),
     sameSite: "none",
+    secure: true,
   };
 
   const httpOnlyCookieOptions: CookieOptions = {
     ...defaultCookieOptions,
     httpOnly: true,
-    secure: true,
   };
 
   // Set secure, httpOnly cookie with JWT