Manual:$wgHttpOnlyBlacklist/en

Details
If the requesting browser matches a regex in this blacklist, we won't send it cookies with HttpOnly mode, even if is on.