diff --git a/r2/r2/controllers/reddit_base.py b/r2/r2/controllers/reddit_base.py
index 832cfe434..9bb7323b7 100644
--- a/r2/r2/controllers/reddit_base.py
+++ b/r2/r2/controllers/reddit_base.py
@@ -894,7 +894,8 @@ class RedditController(MinimalController):
     @staticmethod
     def enable_admin_mode(user, first_login=None):
         # no expiration time so the cookie dies with the browser session
-        c.cookies[g.admin_cookie] = Cookie(value=user.make_admin_cookie(first_login=first_login))
+        admin_cookie = user.make_admin_cookie(first_login=first_login)
+        c.cookies[g.admin_cookie] = Cookie(value=admin_cookie, httponly=True)
 
     @staticmethod
     def remember_otp(user):