diff --git a/server/core/lib/html/shared/page-html.ts b/server/core/lib/html/shared/page-html.ts
index 68a1ffc2e..fa06a2fbf 100644
--- a/server/core/lib/html/shared/page-html.ts
+++ b/server/core/lib/html/shared/page-html.ts
@@ -4,7 +4,7 @@ import express from 'express'
 import { readFile } from 'fs/promises'
 import { join } from 'path'
 import { logger } from '../../../helpers/logger.js'
-import { CUSTOM_HTML_TAG_COMMENTS, FILES_CONTENT_HASH, PLUGIN_GLOBAL_CSS_PATH, WEBSERVER } from '../../../initializers/constants.js'
+import { CUSTOM_HTML_TAG_COMMENTS, FILES_CONTENT_HASH, PLUGIN_GLOBAL_CSS_PATH } from '../../../initializers/constants.js'
 import { ServerConfigManager } from '../../server-config-manager.js'
 import { TagsHtml } from './tags-html.js'
 import { pathExists } from 'fs-extra/esm'
@@ -94,7 +94,7 @@ export class PageHtml {
 
       // Save locale in cookies
       res.cookie('clientLanguage', lang, {
-        secure: WEBSERVER.SCHEME === 'https',
+        secure: true,
         sameSite: 'none',
         maxAge: 1000 * 3600 * 24 * 90 // 3 months
       })
diff --git a/server/server.ts b/server/server.ts
index 643521281..8c65c9425 100644
--- a/server/server.ts
+++ b/server/server.ts
@@ -213,9 +213,6 @@ app.use(express.json({
   }
 }))
 
-// Cookies
-app.use(cookieParser())
-
 // W3C DNT Tracking Status
 app.use(advertiseDoNotTrack)
 
@@ -230,9 +227,6 @@ app.use('/api/' + API_VERSION, apiRouter)
 // Services (oembed...)
 app.use('/services', servicesRouter)
 
-// Plugins & themes
-app.use('/', pluginsRouter)
-
 app.use('/', activityPubRouter)
 app.use('/', feedsRouter)
 app.use('/', trackerRouter)
@@ -246,6 +240,12 @@ app.use('/', downloadRouter)
 app.use('/', lazyStaticRouter)
 app.use('/', objectStorageProxyRouter)
 
+// Cookies for plugins and HTML
+app.use(cookieParser())
+
+// Plugins & themes
+app.use('/', pluginsRouter)
+
 // Client files, last valid routes!
 const cliOptions = cli.opts<{ client: boolean, plugins: boolean }>()
 if (cliOptions.client) app.use('/', clientsRouter)