Secure Web Application With httponly and Secure Using F5 iRule

Following will add HTTPOnly and Secure flag in Set-Cookie starting with the Cookie Name Provided.

Create a irule using the below  and attach to your Virtual Server

when HTTP_RESPONSE {
HTTP::cookie secure "CookieName" enable


   set ak [HTTP::header values "Set-Cookie"]
   HTTP::header remove "Set-Cookie"
   foreach acookie $ak {
      if {$acookie starts_with "CookieName"} {
         HTTP::header insert "Set-Cookie" "${acookie}; HttpOnly"
      } else {
         HTTP::header insert "Set-Cookie" "${acookie}; HttpOnly"
      }
       }
}