diff --git a/mamweb/settings_prod.py b/mamweb/settings_prod.py
index 8535389d..eaf18db2 100644
--- a/mamweb/settings_prod.py
+++ b/mamweb/settings_prod.py
@@ -47,12 +47,18 @@ import os
 
 SERVER_EMAIL = 'mamweb-prod-errors@mam.mff.cuni.cz'
 ADMINS = [
-        ('Tomas Gavenciak', 'gavento@ucw.cz'),
         ('Petr Pecha', 'nejlepsitextovyeditorjevim@gmail.com'),
         ('Matěj Kocián', 'matej.kocian@gmail.com'),
         ]
 
 
+# SECURITY: only send sensitive cookies via HTTPS
+
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+
+
+
 # LOGGING = {
 #     'version': 1,
 #     'disable_existing_loggers': True,
diff --git a/mamweb/settings_test.py b/mamweb/settings_test.py
index cf4c593f..a628be47 100644
--- a/mamweb/settings_test.py
+++ b/mamweb/settings_test.py
@@ -53,6 +53,10 @@ ADMINS = [
 ]
 
 
+# SECURITY: only send sensitive cookies via HTTPS
+
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True