Cookie-Flag

Set HttpOnly, SameSite, and secure flags on cookies in Set-Cookie upstream response headers with the Cookie-Flag dynamic module, community-authored and supported by NGINX, Inc.

Note: The module is deprecated since Release 23 and is replaced with the proxy_cookie_flags directive. See Native Method for Setting Cookie Flags for details.

Installation Instructions

1. Install the Cookie-Flag module.

   For Amazon Linux, CentOS, Oracle Linux, and RHEL:

   $ yum install nginx-plus-module-cookie-flag
   

   For Debian and Ubuntu:

   $ apt-get install nginx-plus-module-cookie-flag
   

   For SLES:

   $ zypper install nginx-plus-module-cookie-flag
   

   For Alpine:

   $ apk add nginx-plus-module-cookie-flag
   

2. Put the load_module directive in the top‑level (“main”) context of NGINX Plus configuration file, nginx.conf:

   load_module modules/ngx_http_cookie_flag_filter_module.so;
   

3. Perform additional configuration as required by the module.

4. Reload NGINX Plus to enable the module:

   $ nginx -t && nginx -s reload
   

More Info

• NGINX Module Reference for Adding Cookie Flag

• NGINX Dynamic Modules

• NGINX Plus Technical Specifications