diff --git a/roles/haproxy/README.md b/roles/haproxy/README.md
index 59baa91f5..d6df74bdd 100644
--- a/roles/haproxy/README.md
+++ b/roles/haproxy/README.md
@@ -27,6 +27,7 @@ haproxy_applications:
     ha_url: "/health"
     port: "{{ loadbalancing.manage.port }}"
     servers: "{{ php_servers }}"
+    stagingservers: "{{ staging_servers }}"
     sslbackend: yes
     backend_vhost_name: backend.myapp.tld
     backend_ca_file: "/etc/pki/tls/certs/ca-bundle.crt"
@@ -43,6 +44,7 @@ port: This is the port that the backend server listens on.
 ha_url: The url used to check the health of the backend application. If it is not reachable, or it gives an HTTP error that backend will be marked down. For most applications that defaults to /health
 ha_method: The http method used in the health check. 
 servers: A list of the servers that is used for  this application. 
+stagingservers (optional): A list of the servers that is used for staging an application. If the cookie staging=true is present, this staging server is used as backend. 
 restricted: If it is present and set to "yes" the application will be served from te restricted IP address. 
 sslbackend: If it is present and set to "yes" the backend connection will be performed over https. 
 backend_vhost_name: If you have enabled "sslbackend" you need to configure the backend vhost name as well (which should also be present in the certificate on the backend"
diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml
index bc51e97e9..6ddcf0361 100644
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@@ -159,6 +159,7 @@
     mode: 0664
   with_items:
     - backends.map
+    - backendsstaging.map
     - redirects.map
     - ratelimits.map
   notify:
diff --git a/roles/haproxy/templates/backendsstaging.map.j2 b/roles/haproxy/templates/backendsstaging.map.j2
new file mode 100644
index 000000000..ed6374b00
--- /dev/null
+++ b/roles/haproxy/templates/backendsstaging.map.j2
@@ -0,0 +1,5 @@
+{% for application in haproxy_applications %}
+{% if application.stagingservers is defined %}
+{{ application.vhost_name }} {{ application.name }}_staging_be
+{% endif %}
+{% endfor %}
diff --git a/roles/haproxy/templates/haproxy_backend.cfg.j2 b/roles/haproxy/templates/haproxy_backend.cfg.j2
index 9c0603d21..b82b1e005 100644
--- a/roles/haproxy/templates/haproxy_backend.cfg.j2
+++ b/roles/haproxy/templates/haproxy_backend.cfg.j2
@@ -40,3 +40,28 @@
 
 {% endfor %}
 
+{% for application in haproxy_applications %}
+{% if application.stagingservers is defined %}
+#---------------------------------------------------------------------
+# {{ application.name }} staging backend
+#---------------------------------------------------------------------
+#
+  backend {{ application.name }}_staging_be
+  option httpchk {{ application.ha_method }} {{ application.ha_url }} "HTTP/1.0\r\nHost: {{ application.vhost_name }}"
+
+  {%if application.x_forwarded_port is defined %}
+  http-request set-header X-Forwarded-Port {{ application.x_forwarded_port }}
+  {% endif %}
+  http-response del-header ^Strict-Transport-Security:.* #Remove hsts header from backend applications
+  mode http
+  balance roundrobin
+  option httpclose
+
+  cookie HTTPSERVERIDSTAGING insert nocache indirect httponly secure maxidle {{ haproxy_cookie_max_idle }}
+
+  {% for server in application.stagingservers %}
+  server {{ server.label }} {{ server.ip }}:{{ application.port }} cookie {{ server.label }} check inter 8000 fall 5 rise 2 maxconn {{ application.maxconn | default('35') }} {% if application.sslbackend is defined%} ssl verify required verifyhost {{ application.backend_vhost_name }} ca-file {{ application.backend_ca_file }}{% endif %} weight 100
+    
+  {% endfor %}
+{% endif %}
+{% endfor %}
diff --git a/roles/haproxy/templates/haproxy_frontend.cfg.j2 b/roles/haproxy/templates/haproxy_frontend.cfg.j2
index eddf439dc..189fcd076 100644
--- a/roles/haproxy/templates/haproxy_frontend.cfg.j2
+++ b/roles/haproxy/templates/haproxy_frontend.cfg.j2
@@ -58,6 +58,9 @@ frontend internet_ip
 frontend local_ip
     bind 127.0.0.1:81 accept-proxy
     acl valid_vhost hdr(host) -f /etc/haproxy/acls/validvhostsunrestricted.acl
+    acl stagingvhost hdr(host) -i -M -f /etc/haproxy/maps/backendsstaging.map 
+    acl stagingcookie req.cook(staging) -m str true
+    use_backend %[req.hdr(host),lower,map(/etc/haproxy/maps/backendsstaging.map)] if stagingvhost stagingcookie
     use_backend %[req.hdr(host),lower,map(/etc/haproxy/maps/backends.map)]
     option httplog
     capture request header User-agent len 256
@@ -148,6 +151,9 @@ frontend internet_restricted_ip
 frontend localhost_restricted    
     bind 127.0.0.1:82 accept-proxy
     acl valid_vhost hdr(host) -f /etc/haproxy/acls/validvhostsrestricted.acl
+    acl stagingvhost hdr(host) -i -M -f /etc/haproxy/maps/backendsstaging.map 
+    acl stagingcookie req.cook(staging) -m str true
+    use_backend %[req.hdr(host),lower,map(/etc/haproxy/maps/backendsstaging.map)] if stagingvhost stagingcookie
     use_backend %[req.hdr(host),lower,map(/etc/haproxy/maps/backends.map)]
     option httplog
     capture request header User-agent len 256