Manual:$wgCookieSecure/en

Details
Whether cookies are secured ( attribute of cookies, see section 4.1.2.5 in RFC 6265). If configured with the default value,, the runtime value is calculated by looking at the protocol that the request came in under (or as defined in  if pre version 1.18). If it is 'https' then this variable is set to true, otherwise it is false.