diff --git a/config/settings.py b/config/settings.py
index 84537cf..9b19444 100644
--- a/config/settings.py
+++ b/config/settings.py
@@ -154,9 +154,18 @@
     "Authorization",
 ]
 
+
 SESSION_COOKIE_DOMAIN = ".dbca.wa.gov.au"
 CSRF_COOKIE_DOMAIN = ".dbca.wa.gov.au"
 
+# Ensure SameSite attribute allows cross-site requests if needed
+CSRF_COOKIE_SAMESITE = "None"
+SESSION_COOKIE_SAMESITE = "None"
+# Secure attribute is also recommended if using HTTPS
+CSRF_COOKIE_SECURE = True
+SESSION_COOKIE_SECURE = True
+
+
 # Application definitions ======================================================
 SYSTEM_APPS = [
     "django.contrib.admin",