Manual:$wgHttpOnlyBlacklist/ja

詳細
If the requesting browser matches a regex in this blacklist, we won't send it cookies with HttpOnly mode, even if is on.