diff --git a/src/main/java/com/pickyfy/pickyfy/auth/filter/CustomLoginFilter.java b/src/main/java/com/pickyfy/pickyfy/auth/filter/CustomLoginFilter.java
index fa5237f..af71b1e 100644
--- a/src/main/java/com/pickyfy/pickyfy/auth/filter/CustomLoginFilter.java
+++ b/src/main/java/com/pickyfy/pickyfy/auth/filter/CustomLoginFilter.java
@@ -87,8 +87,8 @@ private void setBody(String role, HttpServletResponse response) throws IOExcepti
     private ResponseCookie createCookie(String name, String token, String path) {
         return ResponseCookie.from(name, token)
                 .httpOnly(true)
-                .secure(false)
-                .sameSite("Lax")
+                .secure(true)
+                .sameSite("None")
                 .path(path)
                 .maxAge(Duration.ofMillis(Constant.COOKIE_EXPIRATION).getSeconds())
                 .build();
diff --git a/src/main/java/com/pickyfy/pickyfy/auth/handler/OAuth2SuccessHandler.java b/src/main/java/com/pickyfy/pickyfy/auth/handler/OAuth2SuccessHandler.java
index d6fd734..0c33a1c 100644
--- a/src/main/java/com/pickyfy/pickyfy/auth/handler/OAuth2SuccessHandler.java
+++ b/src/main/java/com/pickyfy/pickyfy/auth/handler/OAuth2SuccessHandler.java
@@ -49,8 +49,8 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
     private ResponseCookie createCookie(String name, String token, String path) {
         return ResponseCookie.from(name, token)
                 .httpOnly(true)
-                .secure(false)
-                .sameSite("Lax")
+                .secure(true)
+                .sameSite("None")
                 .path(path)
                 .maxAge(Duration.ofMillis(Constant.COOKIE_EXPIRATION).getSeconds())
                 .build();
diff --git a/src/main/java/com/pickyfy/pickyfy/web/controller/AuthController.java b/src/main/java/com/pickyfy/pickyfy/web/controller/AuthController.java
index 472f74b..1658ee9 100644
--- a/src/main/java/com/pickyfy/pickyfy/web/controller/AuthController.java
+++ b/src/main/java/com/pickyfy/pickyfy/web/controller/AuthController.java
@@ -62,16 +62,16 @@ public ApiResponse<Boolean> isAuthenticated(
     private void createCookie(HttpServletResponse response, AuthResponse token) {
         ResponseCookie expiredAccessToken = ResponseCookie.from(ACCESS_TOKEN_COOKIE_NAME, token.accessToken())
                 .httpOnly(true)
-                .secure(false)
-                .sameSite("Lax")
+                .secure(true)
+                .sameSite("None")
                 .path("/")
                 .maxAge(Duration.ofMillis(Constant.COOKIE_EXPIRATION).getSeconds())
                 .build();
 
         ResponseCookie expiredRefreshToken = ResponseCookie.from(REFRESH_TOKEN_COOKIE_NAME, token.refreshToken())
                 .httpOnly(true)
-                .secure(false)
-                .sameSite("Lax")
+                .secure(true)
+                .sameSite("None")
                 .path("/auth")
                 .maxAge(Duration.ofMillis(Constant.COOKIE_EXPIRATION).getSeconds())
                 .build();
@@ -83,16 +83,16 @@ private void createCookie(HttpServletResponse response, AuthResponse token) {
     private void clearCookie(HttpServletResponse response) {
         ResponseCookie expiredAccessToken = ResponseCookie.from(ACCESS_TOKEN_COOKIE_NAME, "")
                 .httpOnly(true)
-                .secure(false)
-                .sameSite("Lax")
+                .secure(true)
+                .sameSite("None")
                 .path("/")
                 .maxAge(0)
                 .build();
 
         ResponseCookie expiredRefreshToken = ResponseCookie.from(REFRESH_TOKEN_COOKIE_NAME, "")
                 .httpOnly(true)
-                .secure(false)
-                .sameSite("Lax")
+                .secure(true)
+                .sameSite("None")
                 .path("/auth")
                 .maxAge(0)
                 .build();