Using Nginx, I hope to restrict the permissible hosts for cookies. My initial intention was to employ a Content Security Policy for this purpose, but I don’t see an obvious way to do this via a CSP. Ideally I’d find something like
Restrict-Cookies-Header: hostname1.tld hostname2.tld2
Can something like this be accomplished with HTTP headers? Thanks!