Adding Secure HttpOnly to Set-Cookie header?

Currently the header is:

set-cookie spo_1_fa=4ab2af7cada64527172c206585c7ab95; expires=Fri, 26-Apr-2019 15:18:55 GMT; Max-Age=1800; path=/

How might I add the Secure and HttpOnly directives?

Which header? That is not Cloudflare related, is it? Assuming this is from your server you simply need to change the configuration accordingly, but that is once again not Cloudflare related.

I’m hosting on WPEngine and they’ve informed me that HttpOnly and Secure cannot be set on their platform.

They said that since they don’t support PHP Sessions, this wouldn’t be something that they need to change.

I was just wondering if there’s a way to do it via Cloudflare because WPEngine is kind of a dead end.

It’s the set-cookie header.

That is something that you need to set on your server. The only way to achieve something similar on Cloudflare is using workers. They are a paid feature however.

1 Like

This topic was automatically closed after 14 days. New replies are no longer allowed.