On an Apache test server, our vendors were able to achieve what we needed by setting
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=None
in .htaccess. However, our live site is running Nginx and we are having trouble figuring out how to translate this into something we can configure there.
