diff --git a/waspc/data/Generator/templates/server/src/app.js b/waspc/data/Generator/templates/server/src/app.js
index bba05a0f6..fe9457d0b 100644
--- a/waspc/data/Generator/templates/server/src/app.js
+++ b/waspc/data/Generator/templates/server/src/app.js
@@ -27,8 +27,9 @@ app.use(express.json())
 app.use(express.urlencoded({ extended: false }))
 app.use(cookieParser())
 
-if (config.trustProxyCount > 0) {
-  app.set('trust proxy', config.trustProxyCount)
+if (config.trustProxies) {
+  app.enable('trust proxy')
+  console.log("Trusting proxies")
 }
 
 {=# isAuthEnabled =}
diff --git a/waspc/data/Generator/templates/server/src/config.js b/waspc/data/Generator/templates/server/src/config.js
index bdafef09d..ea8f28587 100644
--- a/waspc/data/Generator/templates/server/src/config.js
+++ b/waspc/data/Generator/templates/server/src/config.js
@@ -14,8 +14,10 @@ const config = {
     port: parseInt(process.env.PORT) || 3001,
     databaseUrl: process.env.DATABASE_URL,
     // This option is sometimes needed when running behind proxies/load balancers.
+    // For example, this is required for secure cookies to work on Heroku.
     // Ref: https://expressjs.com/en/guide/behind-proxies.html
-    trustProxyCount: undefined,
+    // For now, we only handle the boolean case.
+    trustProxies: undefined,
     {=# isAuthEnabled =}
     session: {
       cookie: {
@@ -33,7 +35,7 @@ const config = {
     frontendUrl: undefined,
   },
   development: {
-    trustProxyCount: parseInt(process.env.TRUST_PROXY_COUNT) || 0,
+    trustProxies: toBooleanOrDefault(process.env.TRUST_PROXIES, false),
     {=# isAuthEnabled =}
     session: {
       cookie: {
@@ -44,7 +46,7 @@ const config = {
     frontendUrl: process.env.REACT_APP_URL || 'http://localhost:3000',
   },
   production: {
-    trustProxyCount: parseInt(process.env.TRUST_PROXY_COUNT) || 1,
+    trustProxies: toBooleanOrDefault(process.env.TRUST_PROXIES, true),
     {=# isAuthEnabled =}
     session: {
       cookie: {
@@ -59,6 +61,23 @@ const config = {
 const resolvedConfig = _.merge(config.all, config[env])
 export default resolvedConfig
 
+function toBooleanOrDefault(str, defaultValue) {
+  if (!str) {
+    return defaultValue
+  }
+
+  switch(str.toLowerCase()) {
+    case "t":
+    case "true":
+      return true
+    case "f":
+    case "false":
+      return false
+    default:
+      return defaultValue
+  }
+}
+
 export function checkCookieSecretLength(secret) {
   if (!secret || secret.length < 32) {
     throw new Error("SESSION_COOKIE_SECRET must be at least 32 characters long in production")
diff --git a/web/docs/deploying.md b/web/docs/deploying.md
index 57e449550..aa7512746 100644
--- a/web/docs/deploying.md
+++ b/web/docs/deploying.md
@@ -41,7 +41,7 @@ Server uses following environment variables, so you need to ensure they are set
 - `SESSION_COOKIE_NAME: string` -> name of cookie used to store session data (defaults to `"wasp_session"`).
 - `SESSION_COOKIE_MAX_AGE: int` -> max age of session cookie in milliseconds (defaults to one week).
 - `CSRF_COOKIE_NAME: string` -> name of cookie used to store csrf double submit pattern secret (defaults to `"wasp_csrf"`).
-- `TRUST_PROXY_COUNT: int` -> number of proxies for Express app to trust (defaults to `0` for dev, and `1` for prod).
+- `TRUST_PROXIES: bool` -> if Express app should trust proxies (defaults to `false` in development, and `true` in production).
 
 ### Deploying to Heroku