Some workarounds: http://serverfault.com/questions/496749/in-nginx-reverse-proxy-how-to-set-the-secure-flag-for-cookies https://maximilian-boehm.com/hp2134/NGINX-as-Proxy-Rewrite-Set-Cookie-to-Secure-and-HttpOnly.htm Posted at Nginx Forum: https://forum.nginx.org/read.php?2,271052,271120#msg-271120