diff --git a/.changeset/chilly-crews-perform.md b/.changeset/chilly-crews-perform.md
new file mode 100644
index 00000000000..2602efd5daf
--- /dev/null
+++ b/.changeset/chilly-crews-perform.md
@@ -0,0 +1,5 @@
+---
+'@clerk/clerk-js': patch
+---
+
+Update cookie setting to ensure cookies can be set to be read when an application is embedded in an iframe.
diff --git a/packages/clerk-js/src/utils/cookies/handler.ts b/packages/clerk-js/src/utils/cookies/handler.ts
index 3b1bd0203e6..c592bf27f2f 100644
--- a/packages/clerk-js/src/utils/cookies/handler.ts
+++ b/packages/clerk-js/src/utils/cookies/handler.ts
@@ -47,8 +47,8 @@ export const createCookieHandler = () => {
 
   const setClientUatCookie = (client: ClientResource | undefined) => {
     const expires = addYears(Date.now(), 1);
-    const sameSite = 'Strict';
-    const secure = false;
+    const sameSite = inSecureCrossOriginIframe() ? IFRAME_SAME_SITE : DEFAULT_SAME_SITE;
+    const secure = inSecureCrossOriginIframe() || window.location.protocol === 'https:';
 
     // '0' indicates the user is signed out
     let val = '0';
@@ -67,8 +67,8 @@ export const createCookieHandler = () => {
 
   const setDevBrowserCookie = (jwt: string) => {
     const expires = addYears(Date.now(), 1);
-    const sameSite = DEFAULT_SAME_SITE;
-    const secure = false;
+    const sameSite = inSecureCrossOriginIframe() ? IFRAME_SAME_SITE : DEFAULT_SAME_SITE;
+    const secure = inSecureCrossOriginIframe() || window.location.protocol === 'https:';
 
     return devBrowserCookie.set(jwt, {
       expires,