Secure cookies by default
When using HTTPS, mark all your cookies as secure, which means they are only transmitted over HTTPS protocols.
This flag is useful for sites that allow both HTTPS and HTTP traffic, since it protects from HTTP redirection carrying session cookies across unencrypted connections.
In the AM admin UI, go to Configure > Server Defaults > Security > Cookie.
Enable the Secure Cookie option.
Click Save Changes.
Restart AM or the container where it runs.