diff --git a/config/config.md b/config/config.md
index 4915d24a..09c12405 100644
--- a/config/config.md
+++ b/config/config.md
@@ -46,6 +46,10 @@ The following config option are provided by the OpenHIM. All of these options ha
     // The session secret key used for the hashing of signed cookie (used to detect if the client modified the cookie)
     // Signed cookie is another cookie of the same name with the .sig suffix appended
     "sessionKey": "r8q,+&1LM3)CD*zAGpx1xm{NeQhc;#",
+    // If OpenHIM is behind a proxy (should be `true` if the proxy sends relevant Forwarded headers)
+    "trustProxy": false,
+    // Secure the cookie (either protocol is https or trusting a secured proxy)
+    secureCookie: true,
     // The session max age is the session cookie expiration time (in milliseconds)
     "maxAge": 7200000,
     // The number of characters that will be used to generate a random salt for the encryption of passwords
diff --git a/config/default.json b/config/default.json
index cff1f232..d201c942 100644
--- a/config/default.json
+++ b/config/default.json
@@ -33,6 +33,8 @@
   },
   "api": {
     "sessionKey": "r8q,+&1LM3)CD*zAGpx1xm{NeQhc;#",
+    "trustProxy": false,
+    "secureCookie": true,
     "maxAge": 7200000,
     "salt": 10,
     "enabled": true,
diff --git a/package.json b/package.json
index 77f2094e..ed39b4ac 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "openhim-core",
   "description": "The OpenHIM core application that provides logging and routing of http requests",
-  "version": "7.2.1",
+  "version": "7.3.0",
   "main": "./lib/server.js",
   "bin": {
     "openhim-core": "./bin/openhim-core.js"
diff --git a/src/koaApi.js b/src/koaApi.js
index 3a49fe2b..8d9fe37e 100644
--- a/src/koaApi.js
+++ b/src/koaApi.js
@@ -40,12 +40,17 @@ export function setupApp(done) {
 
   // Configure Sessions Middleware
   app.keys = [config.api.sessionKey]
+  
+  if (config.api.trustProxy) {
+    app.proxy = true
+  }
+  
   app.use(
     session(
       {
         maxAge: config.api.maxAge || 7200000,
         resave: false,
-        secure: true,
+        secure: config.api.secureCookie,
         httpOnly: true,
         sameSite: 'none',
         store: new MongooseStore()