diff --git a/.env.tpl b/.env.tpl
index ba4732d2945ac3fc2d02b061fa78991b90a01791..eea3223262b8559502ae7a9ed92ff03f09deae70 100644
--- a/.env.tpl
+++ b/.env.tpl
@@ -100,15 +100,23 @@ NOPAQUE_CONTACT_EMAIL_ADRESS=
 # Choose one: http, https
 # NOPAQUE_PROTOCOL=
 
-# DEFAULT: 5
-# NOPAQUE_RESSOURCES_PER_PAGE=
+# DEFAULT: True
+# Choose one: False, True
+# NOPAQUE_REMEMBER_COOKIE_HTTPONLY=
+
+# DEFAULT: False
+# Choose one: False, True
+# HINT: Set to true if you redirect http to https
+# NOPAQUE_REMEMBER_COOKIE_SECURE=
 
 # DEFAULT: hard to guess string
 # HINT: Use this bash command `python -c "import uuid; print(uuid.uuid4().hex)"`
 # NOPAQUE_SECRET_KEY=
 
-# DEFAULT: 10
-# NOPAQUE_USERS_PER_PAGE=
+# DEFAULT: False
+# Choose one: False, True
+# HINT: Set to true if you redirect http to https
+# NOPAQUE_SESSION_COOKIE_SECURE=
 
 
 ################################################################################
diff --git a/web/config.py b/web/config.py
index 2b2ffb694a2b6b994861f83b204ffa9edf1af7fb..066592a0bedb7d1940fc715832d8bb2f5c25fe2a 100644
--- a/web/config.py
+++ b/web/config.py
@@ -19,9 +19,10 @@ DEFAULT_SMTP_USE_SSL = 'False'
 DEFAULT_SMTP_USE_TLS = 'False'
 DEFAULT_NUM_PROXIES = '0'
 DEFAULT_PROTOCOL = 'http'
-DEFAULT_RESSOURCES_PER_PAGE = '5'
-DEFAULT_USERS_PER_PAGE = '10'
+DEFAULT_REMEMBER_COOKIE_HTTPONLY = 'True'
+DEFAULT_REMEMBER_COOKIE_SECURE = 'False'
 DEFAULT_SECRET_KEY = 'hard to guess string'
+DEFAULT_SESSION_COOKIE_SECURE = 'False'
 
 
 class Config:
@@ -55,15 +56,19 @@ class Config:
     NUM_PROXIES = int(os.environ.get('NOPAQUE_NUM_PROXIES',
                                      DEFAULT_NUM_PROXIES))
     PROTOCOL = os.environ.get('NOPAQUE_PROTOCOL', DEFAULT_PROTOCOL)
-    RESSOURCES_PER_PAGE = int(os.environ.get('NOPAQUE_RESSOURCES_PER_PAGE',
-                                             DEFAULT_RESSOURCES_PER_PAGE))
-    SECRET_KEY = os.environ.get('NOPAQUE_SECRET_KEY', DEFAULT_SECRET_KEY)
-    USERS_PER_PAGE = int(os.environ.get('NOPAQUE_USERS_PER_PAGE',
-                                        DEFAULT_USERS_PER_PAGE))
-    if PROTOCOL == 'https':
-        REMEMBER_COOKIE_HTTPONLY = True
-        REMEMBER_COOKIE_SECURE = True
-        SESSION_COOKIE_SECURE = True
+    REMEMBER_COOKIE_HTTPONLY = os.environ.get(
+        'NOPAQUE_REMEMBER_COOKIE_HTTPONLY',
+        DEFAULT_REMEMBER_COOKIE_HTTPONLY
+    ).lower() == 'true'
+    REMEMBER_COOKIE_SECURE = os.environ.get(
+        'NOPAQUE_REMEMBER_COOKIE_SECURE',
+        DEFAULT_REMEMBER_COOKIE_SECURE
+    ).lower() == 'true'
+    SECRET_KEY = os.environ.get('RECIPY_SECRET_KEY', DEFAULT_SECRET_KEY)
+    SESSION_COOKIE_SECURE = os.environ.get(
+        'NOPAQUE_SESSION_COOKIE_SECURE',
+        DEFAULT_SESSION_COOKIE_SECURE
+    ).lower() == 'true'
 
     ''' ### Logging ### '''
     LOG_DATE_FORMAT = os.environ.get('NOPAQUE_LOG_DATE_FORMAT',