diff --git a/backend/prisma/seed/config.seed.ts b/backend/prisma/seed/config.seed.ts
index 496e9c92..83c1195b 100644
--- a/backend/prisma/seed/config.seed.ts
+++ b/backend/prisma/seed/config.seed.ts
@@ -20,6 +20,10 @@ const configVariables: ConfigVariables = {
       defaultValue: "http://localhost:3000",
       secret: false,
     },
+    secureCookies: {
+      type: "boolean",
+      defaultValue: "false",
+    },
     showHomePage: {
       type: "boolean",
       defaultValue: "true",
diff --git a/backend/src/auth/auth.controller.ts b/backend/src/auth/auth.controller.ts
index 52dff306..2c28a39f 100644
--- a/backend/src/auth/auth.controller.ts
+++ b/backend/src/auth/auth.controller.ts
@@ -176,7 +176,7 @@ export class AuthController {
       request.cookies.access_token,
     );
 
-    const isSecure = this.config.get("general.appUrl").startsWith("https");
+    const isSecure = this.config.get("general.secureCookies");
     response.cookie("access_token", "", {
       maxAge: -1,
       secure: isSecure,
diff --git a/backend/src/auth/auth.service.ts b/backend/src/auth/auth.service.ts
index cba43173..c9e987d7 100644
--- a/backend/src/auth/auth.service.ts
+++ b/backend/src/auth/auth.service.ts
@@ -334,7 +334,7 @@ export class AuthService {
     refreshToken?: string,
     accessToken?: string,
   ) {
-    const isSecure = this.config.get("general.appUrl").startsWith("https");
+    const isSecure = this.config.get("general.secureCookies");
     if (accessToken)
       response.cookie("access_token", accessToken, {
         sameSite: "lax",
diff --git a/backend/src/user/user.controller.ts b/backend/src/user/user.controller.ts
index 7c879b9e..38b2bf65 100644
--- a/backend/src/user/user.controller.ts
+++ b/backend/src/user/user.controller.ts
@@ -53,7 +53,7 @@ export class UserController {
     @GetUser() user: User,
     @Res({ passthrough: true }) response: Response,
   ) {
-    const isSecure = this.config.get("general.appUrl").startsWith("https");
+    const isSecure = this.config.get("general.secureCookies");
 
     response.cookie("access_token", "accessToken", {
       maxAge: -1,
diff --git a/frontend/src/i18n/translations/en-US.ts b/frontend/src/i18n/translations/en-US.ts
index 2ff9d844..7c4bdcd6 100644
--- a/frontend/src/i18n/translations/en-US.ts
+++ b/frontend/src/i18n/translations/en-US.ts
@@ -410,6 +410,9 @@ export default {
   "admin.config.general.app-url": "App URL",
   "admin.config.general.app-url.description":
     "On which URL Pingvin Share is available",
+  "admin.config.general.secure-cookies": "Secure cookies",
+  "admin.config.general.secure-cookies.description":
+    "Whether to set the secure flag on cookies. If enabled, the site will not function when accessed over HTTP.",
   "admin.config.general.show-home-page": "Show home page",
   "admin.config.general.show-home-page.description":
     "Whether to show the home page",