diff --git a/src/pyramid_jwt/__init__.py b/src/pyramid_jwt/__init__.py
index c0b633f..f3fd413 100644
--- a/src/pyramid_jwt/__init__.py
+++ b/src/pyramid_jwt/__init__.py
@@ -93,7 +93,7 @@ def set_jwt_cookie_authentication_policy(
     json_encoder=None,
     audience=None,
     cookie_name=None,
-    https_only=True,
+    https_only=None,
     reissue_time=None,
     cookie_path=None,
 ):
diff --git a/src/pyramid_jwt/policy.py b/src/pyramid_jwt/policy.py
index 214d586..3c73b9b 100644
--- a/src/pyramid_jwt/policy.py
+++ b/src/pyramid_jwt/policy.py
@@ -6,6 +6,7 @@
 
 import jwt
 from pyramid.renderers import JSON
+from pyramid.settings import asbool
 from webob.cookies import CookieProfile
 from zope.interface import implementer
 from pyramid.authentication import CallbackAuthenticationPolicy
@@ -187,7 +188,7 @@ def __init__(
             audience,
         )
 
-        self.https_only = https_only
+        self.https_only = asbool(https_only)
         self.cookie_name = cookie_name or "Authorization"
         self.max_age = self.expiration and self.expiration.total_seconds()