I want to use the new cookie-prefixes, which are not yet standardized by the IETF. These are __Secure- and __Host-. So let's e.g. set this cookie (here the header returned by the server): Set-Cookie: "__Host-apple=yummy; Secure; HttpOnly; Path=/" I want to access this cookie now in nginx with the $cookie- variable. So for testing I use the echo module to show me the value of the cookie: location =