Manual:$wgHttpOnlyBlacklist

Cookies: $wgHttpOnlyBlacklist
User agent blacklist for HttpOnly mode.
Introduced in version:1.13.0 (r34083)
Removed in version:1.23.0 (Gerrit change 119919; git #00b7f76a)
Allowed values:(array)
Default value:array( '/^Mozilla\/4\.0 \(compatible; MSIE \d+\.\d+; Mac_PowerPC\)/' )

Details

edit

If the requesting browser matches a regex in this blacklist, we won't send it cookies with HttpOnly mode, even if $wgCookieHttpOnly is on.