diff --git a/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/callback/route.ts b/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/callback/route.ts
index 9b6b98399..d5565b3b0 100644
--- a/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/callback/route.ts
+++ b/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/callback/route.ts
@@ -78,6 +78,7 @@ export async function GET(
   cookieStore.set(SAS_TOKEN_STORAGE_KEY, tokenData.access_token, {
     maxAge: 3600,
     httpOnly: true,
+    secure: env.NODE_ENV !== "development",
   })
 
   if (
diff --git a/apps/scandic-web/server/routers/partners/sas/otp/request/requestOtp.ts b/apps/scandic-web/server/routers/partners/sas/otp/request/requestOtp.ts
index 6bddbadc4..673c0bc5a 100644
--- a/apps/scandic-web/server/routers/partners/sas/otp/request/requestOtp.ts
+++ b/apps/scandic-web/server/routers/partners/sas/otp/request/requestOtp.ts
@@ -131,6 +131,7 @@ async function setSASOtpCookie({
     {
       httpOnly: true,
       maxAge: 3600,
+      secure: env.NODE_ENV !== "development",
     }
   )
 }