diff --git a/lib/philomena_web/endpoint.ex b/lib/philomena_web/endpoint.ex
index d1b8a71f..e09d7deb 100644
--- a/lib/philomena_web/endpoint.ex
+++ b/lib/philomena_web/endpoint.ex
@@ -40,6 +40,7 @@ defmodule PhilomenaWeb.Endpoint do
   # Set :encryption_salt if you would also like to encrypt it.
   plug Plug.Session,
     store: :cookie,
+    extra: "SameSite=Lax",
     key: "_philomena_key",
     signing_salt: "signed cookie",
     encryption_salt: "authenticated encrypted cookie"
diff --git a/lib/philomena_web/plugs/content_security_policy_plug.ex b/lib/philomena_web/plugs/content_security_policy_plug.ex
index ea7236cc..f1d9607c 100644
--- a/lib/philomena_web/plugs/content_security_policy_plug.ex
+++ b/lib/philomena_web/plugs/content_security_policy_plug.ex
@@ -15,7 +15,7 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
   end
 
   def call(conn, [csp_value: csp_value]) do
-    Conn.put_resp_header(conn, "Content-Security-Policy", csp_value)
+    Conn.put_resp_header(conn, "content-security-policy", csp_value)
   end
 
   defp cdn_uri, do: Application.get_env(:philomena, :cdn_host) |> to_uri()