diff --git a/src/c3nav/mapdata/views.py b/src/c3nav/mapdata/views.py
index 8a9f83b9..656d13e5 100644
--- a/src/c3nav/mapdata/views.py
+++ b/src/c3nav/mapdata/views.py
@@ -28,7 +28,8 @@ def set_tile_access_cookie(request, response):
         response.set_cookie(settings.TILE_ACCESS_COOKIE_NAME, cookie, max_age=60,
                             domain=settings.TILE_ACCESS_COOKIE_DOMAIN,
                             httponly=settings.TILE_ACCESS_COOKIE_HTTPONLY,
-                            secure=settings.TILE_ACCESS_COOKIE_SECURE)
+                            secure=settings.TILE_ACCESS_COOKIE_SECURE,
+                            samesite=settings.TILE_ACCESS_COOKIE_SAMESITE)
     else:
         response.delete_cookie(settings.TILE_ACCESS_COOKIE_NAME)
     response['Cache-Control'] = 'no-cache'
diff --git a/src/c3nav/settings.py b/src/c3nav/settings.py
index fbd9344d..ecdbd6b8 100644
--- a/src/c3nav/settings.py
+++ b/src/c3nav/settings.py
@@ -302,6 +302,7 @@ TILE_ACCESS_COOKIE_NAME = 'c3nav_tile_access'
 TILE_ACCESS_COOKIE_DOMAIN = config.get('c3nav', 'tile_access_cookie_domain', fallback=None)
 TILE_ACCESS_COOKIE_HTTPONLY = True
 TILE_ACCESS_COOKIE_SECURE = not DEBUG
+TILE_ACCESS_COOKIE_SAMESITE = 'strict'
 
 
 # Application definition