diff --git a/users/models.py b/users/models.py
index f08e479..c0f3fbb 100644
--- a/users/models.py
+++ b/users/models.py
@@ -40,7 +40,7 @@ class User(BaseModel, AbstractBaseUser, PermissionsMixin):
     nickname = models.CharField(max_length=20, unique=True, blank=True)
     gender = models.CharField(choices=GenderChoices.choices, max_length=1, blank=True)
     birth_date = models.CharField(max_length=10, blank=True)
-    custom_url = models.CharField(max_length=20, unique=True, blank=True)
+    custom_url = models.CharField(max_length=20, unique=True, blank=True, null=True, default=None)
     is_custom_url = models.BooleanField(default=False)
     job_and_interests = ArrayField(models.CharField(max_length=20), default=list, blank=True)
     skills = ArrayField(models.CharField(max_length=20), default=list, blank=True)
diff --git a/users/views.py b/users/views.py
index b70013f..6c88955 100644
--- a/users/views.py
+++ b/users/views.py
@@ -12,6 +12,7 @@ from rest_framework.response import Response
 from rest_framework.permissions import AllowAny, IsAuthenticated
 
 from django.contrib.auth import authenticate
+from django.db.models import Case, When, Value, IntegerField, Q
 
 from .models import *
 from .serializers import *
@@ -30,7 +31,7 @@ class RefreshAPIView(APIView):
             serializer = TokenRefreshSerializer(data={'refresh': refresh})
             if serializer.is_valid():
                 res = Response({"access": serializer.validated_data['access']}, status=status.HTTP_200_OK)
-            res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=not settings.DEBUG)
+            res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=not settings.DEBUG)
             return res
         except TokenError as e:
             return Response({"message": f"Invalid token: {e}"}, status=status.HTTP_401_UNAUTHORIZED)
@@ -77,7 +78,7 @@ class LoginAPIView(APIView):
                     },
                     status=status.HTTP_200_OK,
                 )
-                res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=not settings.DEBUG)
+                res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=not settings.DEBUG)
                 return res
             else:
                 return Response(serializer.errors)
@@ -96,6 +97,20 @@ class NicknameAPIView(APIView):
             return Response({"message": "해당 닉네임은 사용할 수 없습니다."}, status=status.HTTP_400_BAD_REQUEST)
         except:
             return Response({"message": "사용할 수 있는 닉네임입니다."}, status=status.HTTP_200_OK)
+        
+class TagUserAPIView(APIView):
+    def get(self, request):
+        nickname = request.query_params.get(nickname)
+        users = User.objects.filter(nickname__icontains=nickname).annotate(
+            priority=Case(
+                When(nickname__iexact=nickname, then=Value(0)),
+                default=Value(1),
+                output_field=IntegerField()
+            )
+        ).order_by('priority').values('profile_image', 'nickname')[:5]
+        serializer = TagUserSerializer(users, many=True)
+        return Response({'users': serializer.data})
+
 
 class SetPortofolioRequiredInfoAPIView(APIView):
     def get(self, request):