diff --git a/defaults/main.yml b/defaults/main.yml
index 6aa7402..d185877 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -143,6 +143,9 @@ gitea_app_configurations:
   - { section: 'log.sublogger.access', option: 'FILE_NAME', value: '{{ gitea_log_dir }}/access.log', state: 'present' }
   - { section: 'log.sublogger.xorm', option: 'FILE_NAME', value: '{{ gitea_log_dir }}/xorm.log', state: 'present' }
   - { section: 'database', option: 'LOG_SQL', value: 'false', state: 'present' }
+  - { section: 'security', option: 'CSRF_COOKIE_HTTP_ONLY', value: 'true', state: 'present'}
+  - { section: 'session', option: 'SAME_SITE', value: 'lax', state: 'present'}
+  - { section: 'session', option: 'COOKIE_SECURE', value: 'false', state: 'present'}
 #  - { section: 'mailer', option: 'ENABLED', value: 'true', state: 'present' }
 #  - { section: 'mailer', option: 'FROM', value: '{{ gitea_mail_from }}', state: 'present' }
 #  - { section: 'mailer', option: 'MAILER_TYPE', value: '{{ gitea_mailer_type }}', state: 'present' }