diff --git a/internal/client-go/api_frontend.go b/internal/client-go/api_frontend.go
index d4a8a65a13a..09fea766eb0 100644
--- a/internal/client-go/api_frontend.go
+++ b/internal/client-go/api_frontend.go
@@ -4861,6 +4861,7 @@ type FrontendApiApiUpdateLogoutFlowRequest struct {
 	ApiService FrontendApi
 	token      *string
 	returnTo   *string
+	cookie     *string
 }
 
 func (r FrontendApiApiUpdateLogoutFlowRequest) Token(token string) FrontendApiApiUpdateLogoutFlowRequest {
@@ -4871,6 +4872,10 @@ func (r FrontendApiApiUpdateLogoutFlowRequest) ReturnTo(returnTo string) Fronten
 	r.returnTo = &returnTo
 	return r
 }
+func (r FrontendApiApiUpdateLogoutFlowRequest) Cookie(cookie string) FrontendApiApiUpdateLogoutFlowRequest {
+	r.cookie = &cookie
+	return r
+}
 
 func (r FrontendApiApiUpdateLogoutFlowRequest) Execute() (*http.Response, error) {
 	return r.ApiService.UpdateLogoutFlowExecute(r)
@@ -4947,6 +4952,9 @@ func (a *FrontendApiService) UpdateLogoutFlowExecute(r FrontendApiApiUpdateLogou
 	if localVarHTTPHeaderAccept != "" {
 		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
 	}
+	if r.cookie != nil {
+		localVarHeaderParams["Cookie"] = parameterToString(*r.cookie, "")
+	}
 	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes)
 	if err != nil {
 		return nil, err
diff --git a/internal/httpclient/api_frontend.go b/internal/httpclient/api_frontend.go
index d4a8a65a13a..09fea766eb0 100644
--- a/internal/httpclient/api_frontend.go
+++ b/internal/httpclient/api_frontend.go
@@ -4861,6 +4861,7 @@ type FrontendApiApiUpdateLogoutFlowRequest struct {
 	ApiService FrontendApi
 	token      *string
 	returnTo   *string
+	cookie     *string
 }
 
 func (r FrontendApiApiUpdateLogoutFlowRequest) Token(token string) FrontendApiApiUpdateLogoutFlowRequest {
@@ -4871,6 +4872,10 @@ func (r FrontendApiApiUpdateLogoutFlowRequest) ReturnTo(returnTo string) Fronten
 	r.returnTo = &returnTo
 	return r
 }
+func (r FrontendApiApiUpdateLogoutFlowRequest) Cookie(cookie string) FrontendApiApiUpdateLogoutFlowRequest {
+	r.cookie = &cookie
+	return r
+}
 
 func (r FrontendApiApiUpdateLogoutFlowRequest) Execute() (*http.Response, error) {
 	return r.ApiService.UpdateLogoutFlowExecute(r)
@@ -4947,6 +4952,9 @@ func (a *FrontendApiService) UpdateLogoutFlowExecute(r FrontendApiApiUpdateLogou
 	if localVarHTTPHeaderAccept != "" {
 		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
 	}
+	if r.cookie != nil {
+		localVarHeaderParams["Cookie"] = parameterToString(*r.cookie, "")
+	}
 	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes)
 	if err != nil {
 		return nil, err
diff --git a/selfservice/flow/logout/handler.go b/selfservice/flow/logout/handler.go
index 73c0002c012..6b78a5cb565 100644
--- a/selfservice/flow/logout/handler.go
+++ b/selfservice/flow/logout/handler.go
@@ -248,6 +248,15 @@ type updateLogoutFlow struct {
 	//
 	// in: query
 	ReturnTo string `json:"return_to"`
+
+	// HTTP Cookies
+	//
+	// When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header
+	// sent by the client to your server here. This ensures that CSRF and session cookies are respected.
+	//
+	// in: header
+	// name: Cookie
+	Cookies string `json:"Cookie"`
 }
 
 // swagger:route GET /self-service/logout frontend updateLogoutFlow
diff --git a/spec/api.json b/spec/api.json
index 3d694a3acc0..e9c1c1cd3ee 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -5035,6 +5035,14 @@
             "schema": {
               "type": "string"
             }
+          },
+          {
+            "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.",
+            "in": "header",
+            "name": "Cookie",
+            "schema": {
+              "type": "string"
+            }
           }
         ],
         "responses": {
diff --git a/spec/swagger.json b/spec/swagger.json
index 142650176c4..184bf29e3a1 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -1673,6 +1673,12 @@
             "description": "The URL to return to after the logout was completed.",
             "name": "return_to",
             "in": "query"
+          },
+          {
+            "type": "string",
+            "description": "HTTP Cookies\n\nWhen using the SDK in a browser app, on the server side you must include the HTTP Cookie Header\nsent by the client to your server here. This ensures that CSRF and session cookies are respected.",
+            "name": "Cookie",
+            "in": "header"
           }
         ],
         "responses": {