# Cookie-Flag


> Set `HttpOnly`, `SameSite`, and `secure` flags on cookies in `Set-Cookie` upstream response headers with the **Cookie-Flag** dynamic module, community-authored and supported by NGINX, Inc.


**Note:**  The `nginx-plus-module-cookie-flag` package is no longer available in the NGINX Plus repository.

The module was deprecated in [NGINX Plus Release 23](/nginx/releases.md#r23) and removed in [NGINX Plus Release 26](/nginx/releases.md#r26). Its functionality has been replaced with natively supported [`proxy_cookie_flags`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_flags) directive.

To remove the module, follow the [Uninstalling a dynamic module](uninstall.md) instructions.

To learn how to replace the module with the native solution, see [Native Method for Setting Cookie Flags](https://www.nginx.com/blog/nginx-plus-r23-released#cookie-flags) and the [`proxy_cookie_flags`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_flags) directive.

## More info

- [NGINX module reference for adding Cookie flag](https://github.com/AirisX/nginx_cookie_flag_module)

- [NGINX dynamic modules](dynamic-modules.md)

- [NGINX Plus technical specifications](/nginx/technical-specs.md)

- [Uninstalling a dynamic module](uninstall.md)