Cookie-Flag

Set HttpOnly, SameSite, and secure flags on cookies in Set-Cookie upstream response headers with the Cookie-Flag dynamic module, community-authored and supported by NGINX, Inc.

Note: The module is deprecated since Release 23 and is replaced with the proxy_cookie_flags directive. See Native Method for Setting Cookie Flags for details.

Installation Instructions

  1. Install the Cookie-Flag module.

    For Amazon Linux, CentOS, Oracle Linux, and RHEL:

    $ yum install nginx-plus-module-cookie-flag
    

    For Debian and Ubuntu:

    $ apt-get install nginx-plus-module-cookie-flag
    

    For SLES:

    $ zypper install nginx-plus-module-cookie-flag
    

    For Alpine:

    $ apk add nginx-plus-module-cookie-flag
    
  2. Put the load_module directive in the top‑level (“main”) context of NGINX Plus configuration file, nginx.conf:

    load_module modules/ngx_http_cookie_flag_filter_module.so;
    
  3. Perform additional configuration as required by the module.

  4. Reload NGINX Plus to enable the module:

    $ nginx -t && nginx -s reload
    

More Info