diff --git a/config.go b/config.go
index 29dd4f8..9318e8c 100644
--- a/config.go
+++ b/config.go
@@ -3,8 +3,11 @@ package main
 import (
 	"fmt"
 	"os"
+	"strings"
 )
 
+var GitSHA string
+
 func getDataDir() string {
 	value, exists := os.LookupEnv("YTDLP_SITE_DATA_DIR")
 	if exists {
@@ -39,7 +42,16 @@ func getSessionAuthKey() ([]byte, error) {
 	return []byte{}, fmt.Errorf("please set %s", key)
 }
 
-var GitSHA string
+func getSecure() bool {
+	key := "YTDLP_SITE_SECURE"
+	if value, exists := os.LookupEnv(key); exists {
+		lower := strings.ToLower(value)
+		if lower == "on" || lower == "1" || lower == "true" || lower == "yes" {
+			return true
+		}
+	}
+	return false
+}
 
 func getGitSHA() string {
 
diff --git a/main.go b/main.go
index cf00c5c..7f6a65c 100644
--- a/main.go
+++ b/main.go
@@ -110,11 +110,13 @@ func main() {
 	staticGroup.Static("/", getDataDir())
 	e.GET("/temp/:token", tempHandler)
 
+	secure := getSecure()
+
 	store.Options = &sessions.Options{
 		Path:     "/",
 		MaxAge:   30 * 24 * 60 * 60, // seconds
 		HttpOnly: true,
-		Secure:   false, // needed for session to work over http
+		Secure:   secure,
 	}
 
 	// start the transcode worker