diff --git a/config/compatibility.yml b/config/compatibility.yml
index 7a015eb..75127a5 100644
--- a/config/compatibility.yml
+++ b/config/compatibility.yml
@@ -26,5 +26,10 @@ store:
     # proxyAttachments is the same as DIRECT_RESPONSE_ATTACHMENT; defaults to false
     proxyAttachments: true
 
+# Server configuration
+server:
+    # useSecureConfig is the same as COOKIE_SECURE; if in production (which is for end-users), it will be true, else it'll be false
+    useSecureConfig: true
+
 # baseUrl is the same as BASE_URL; not required
-baseUrl: https://example.com
+baseUrl: https://example.com
\ No newline at end of file
diff --git a/libs/server/config.ts b/libs/server/config.ts
index 0f3f495..5578c68 100644
--- a/libs/server/config.ts
+++ b/libs/server/config.ts
@@ -31,9 +31,15 @@ export interface S3StoreConfiguration {
 
 export type StoreConfiguration = S3StoreConfiguration;
 
+export interface ServerConfiguration {
+    useSecureCookies: boolean;
+    // TODO: Move baseUrl to here
+}
+
 export interface Configuration {
     auth: AuthConfiguration;
     store: StoreConfiguration;
+    server: ServerConfiguration;
     baseUrl?: string;
 }
 
@@ -130,9 +136,20 @@ export function loadConfig() {
         store.proxyAttachments = env.parseBool(env.getEnvRaw('DIRECT_RESPONSE_ATTACHMENT', false), store.proxyAttachments ?? false);
     }
 
+    let server: ServerConfiguration;
+    if (!baseConfig.server) {
+        server = {} as ServerConfiguration;
+    } else {
+        server = baseConfig.server;
+    }
+    {
+        server.useSecureCookies = env.parseBool(env.getEnvRaw('COOKIE_SECURE', false), process.env.NODE_ENV === 'production');
+    }
+
     loaded = {
         auth,
         store,
+        server,
         baseUrl: env.getEnvRaw('BASE_URL', false) ?? baseConfig.baseUrl,
     };
 }