Exclude a session header from http only

Hi All,

I have a requirement, I need to exclude a few cookie session from my Http Security Headers, It possible when I add my conf file. In my private DNS, but it’s getting an issue when I use the Cloudflare domain.

My conf is like

Header edit Set-Cookie ^(?!(XXXXX_SESSION|XXXXXXX_SESSION_LEGACY).*)$ $1;HttpOnly;Secure

Do I need to configure anything from the Cloudflare side?

Sorry guys I am new to this environment.

This topic was automatically closed after 30 days. New replies are no longer allowed.