Cookie-Flag

Set HttpOnly, SameSite, and secure flags on cookies in Set-Cookie upstream response headers with the Cookie-Flag dynamic module, community-authored and supported by NGINX, Inc.

Note: The module was deprecated in Release 23 and removed in Release 26. The proxy_cookie_flags directive implements native support for setting cookie flags and replaces the module. See Native Method for Setting Cookie Flags for details.

Installation Instructions

1. Install the Cookie-Flag module.

   For Amazon Linux, CentOS, Oracle Linux, and RHEL:

   yum install nginx-plus-module-cookie-flag
   

   For Debian and Ubuntu:

   apt-get install nginx-plus-module-cookie-flag
   

   For SLES:

   zypper install nginx-plus-module-cookie-flag
   

   For Alpine:

   apk add nginx-plus-module-cookie-flag
   

2. Put the load_module directive in the top‑level (“main”) context of NGINX Plus configuration file, nginx.conf:

   load_module modules/ngx_http_cookie_flag_filter_module.so;
   

3. Perform additional configuration as required by the module.

4. Reload NGINX Plus to enable the module:

   nginx -t && nginx -s reload
   

More Info

• NGINX Module Reference for Adding Cookie Flag

• NGINX Dynamic Modules

• NGINX Plus Technical Specifications