diff --git a/src/decode.h b/src/decode.h
index be1e6d2b75..1b9806e748 100644
--- a/src/decode.h
+++ b/src/decode.h
@@ -1222,6 +1222,7 @@ void DecodeUnregisterCounters(void);
 
 /** We had no alert on flow before this packet */
 #define PKT_FIRST_ALERTS BIT_U32(29)
+#define PKT_FIRST_TAG    BIT_U32(30)
 
 /** \brief return 1 if the packet is a pseudo packet */
 #define PKT_IS_PSEUDOPKT(p) \
diff --git a/src/detect-engine-tag.c b/src/detect-engine-tag.c
index 5839bd1597..66409d17bd 100644
--- a/src/detect-engine-tag.c
+++ b/src/detect-engine-tag.c
@@ -276,6 +276,7 @@ static void TagHandlePacketFlow(Flow *f, Packet *p)
          * to log it (the alert will log it) */
         if (!(iter->flags & TAG_ENTRY_FLAG_SKIPPED_FIRST)) {
             iter->flags |= TAG_ENTRY_FLAG_SKIPPED_FIRST;
+            p->flags |= PKT_FIRST_TAG;
         } else {
             /* Update metrics; remove if tag expired; and set alerts */
             switch (iter->metric) {