services.forgejo.settings.session.COOKIE_SECURE

Marks session cookies as "secure" as a hint for browsers to only send them via HTTPS. This option is recommend, if Forgejo is being served over HTTPS.