diff --git a/js/privatebin.js b/js/privatebin.js
index e48ccbcb..4ebf3463 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -3855,7 +3855,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
          */
         function setLanguage(event)
         {
-            document.cookie = 'lang=' + $(event.target).data('lang') + ';secure';
+            document.cookie = 'lang=' + $(event.target).data('lang') + '; SameSite=Strict; Secure';
             UiHelper.reloadHome();
             event.preventDefault();
         }
diff --git a/lib/Controller.php b/lib/Controller.php
index 316b6b5d..85767b12 100644
--- a/lib/Controller.php
+++ b/lib/Controller.php
@@ -178,7 +178,7 @@ class Controller
         // force default language, if language selection is disabled and a default is set
         if (!$this->_conf->getKey('languageselection') && strlen($lang) == 2) {
             $_COOKIE['lang'] = $lang;
-            setcookie('lang', $lang, 0, '', '', true);
+            setcookie('lang', $lang, array('SameSite' => 'Strict', 'Secure' => true));
         }
     }
 
@@ -389,7 +389,7 @@ class Controller
         $languageselection = '';
         if ($this->_conf->getKey('languageselection')) {
             $languageselection = I18n::getLanguage();
-            setcookie('lang', $languageselection, 0, '', '', true);
+            setcookie('lang', $languageselection, array('SameSite' => 'Strict', 'Secure' => true));
         }
 
         // strip policies that are unsupported in meta tag
diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php
index f3691491..2e6961f8 100644
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@@ -73,7 +73,7 @@ endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-3.0.8.js" integrity="sha512-wWBDKh5wYGtJ1Df+PPZIn59jHVBnJ4/Yb2W/pVnzaXab8cmlZnHVx+FEBGu5JX39s3P2Qlt+aNQou0XnjW86hg==" crossorigin="anonymous"></script>
 		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-d5Osf1udNRb68jLn8HA+fJUc0sI0w6Mpag/HIoxjnOaEO6n1TLXHnCK/Mr4gsmF7xCKtnxMOCVZCuUolWGYLFw==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-WUH4XwbHrblvER/DNwcdoFZ9wua6fe5tNEI79s9owCEffVx8JKiODD4+ebL64RQlBNX2e9cAzOu2CeBn454bog==" crossorigin="anonymous"></script>
 		<!-- icon -->
 		<link rel="apple-touch-icon" href="<?php echo I18n::encode($BASEPATH); ?>img/apple-touch-icon.png" sizes="180x180" />
 		<link rel="icon" type="image/png" href="img/favicon-32x32.png" sizes="32x32" />
diff --git a/tpl/bootstrap5.php b/tpl/bootstrap5.php
index 8d3fc7a9..33756a5a 100644
--- a/tpl/bootstrap5.php
+++ b/tpl/bootstrap5.php
@@ -57,7 +57,7 @@ endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-3.0.8.js" integrity="sha512-wWBDKh5wYGtJ1Df+PPZIn59jHVBnJ4/Yb2W/pVnzaXab8cmlZnHVx+FEBGu5JX39s3P2Qlt+aNQou0XnjW86hg==" crossorigin="anonymous"></script>
 		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-d5Osf1udNRb68jLn8HA+fJUc0sI0w6Mpag/HIoxjnOaEO6n1TLXHnCK/Mr4gsmF7xCKtnxMOCVZCuUolWGYLFw==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-WUH4XwbHrblvER/DNwcdoFZ9wua6fe5tNEI79s9owCEffVx8JKiODD4+ebL64RQlBNX2e9cAzOu2CeBn454bog==" crossorigin="anonymous"></script>
 		<!-- icon -->
 		<link rel="apple-touch-icon" href="<?php echo I18n::encode($BASEPATH); ?>img/apple-touch-icon.png" sizes="180x180" />
 		<link rel="icon" type="image/png" href="img/favicon-32x32.png" sizes="32x32" />
diff --git a/tpl/page.php b/tpl/page.php
index 63e8477d..077141db 100644
--- a/tpl/page.php
+++ b/tpl/page.php
@@ -51,7 +51,7 @@ endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-3.0.8.js" integrity="sha512-wWBDKh5wYGtJ1Df+PPZIn59jHVBnJ4/Yb2W/pVnzaXab8cmlZnHVx+FEBGu5JX39s3P2Qlt+aNQou0XnjW86hg==" crossorigin="anonymous"></script>
 		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-d5Osf1udNRb68jLn8HA+fJUc0sI0w6Mpag/HIoxjnOaEO6n1TLXHnCK/Mr4gsmF7xCKtnxMOCVZCuUolWGYLFw==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-WUH4XwbHrblvER/DNwcdoFZ9wua6fe5tNEI79s9owCEffVx8JKiODD4+ebL64RQlBNX2e9cAzOu2CeBn454bog==" crossorigin="anonymous"></script>
 		<!-- icon -->
 		<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
 		<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />