diff --git a/content/etc/apache2/sites-available/icingaweb2-ssl.conf b/content/etc/apache2/sites-available/icingaweb2-ssl.conf
index 2b5e03abd348b10a35921ffb03ff0576afe7543e..7ea6d2be7abc49eb81abfe89a372a559347b1c06 100644
--- a/content/etc/apache2/sites-available/icingaweb2-ssl.conf
+++ b/content/etc/apache2/sites-available/icingaweb2-ssl.conf
@@ -8,7 +8,8 @@ Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains
 Header unset Server
 Header always set X-Content-Type-Options "nosniff"
 Header edit Set-Cookie ^(.*)$ $1;SameSite=lax
-Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"
+Header always edit Set-Cookie ^(.*)$ "$1;HttpOnly;Secure"
+Header onsuccess edit Set-Cookie ^(.*)$ "$1;HttpOnly;Secure"
 
 SSLProtocol -all +TLSv1.2 +TLSv1.3
 SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256