Do you want to configure httpOnly Cookies in ASP Classic and .net with web.config.
Video
VIDEO – How to make Http Only Cookies Secure – Secure Http only Cookies https://www.youtube.com/watch?v=8wlQt6NRP0g
VIDEO – How to create HTTP Only Cookie https://www.youtube.com/watch?v=19fDUK0FpSQ
For .NET
Use following to make Cookie HTTP only and also Secure
<system.web>
<httpCookies httpOnlyCookies="true" requireSSL="true"/>
</system.web>
Use following to make Cookie HTTP only
<system.web>
<httpCookies httpOnlyCookies=”true” />
</system.web>
For Classic ASP include following
<system.webServer>
<rewrite>
<outboundRules>
<rule name="Add HttpOnly">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".+" />
<conditions>
<add input="{R:0}" pattern="; HttpOnly" negate="true" />
</conditions>
<action type="Rewrite" value="{R:0}; HttpOnly" />
</rule>
<rule name="Add Secure">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".+" />
<conditions>
<add input="{R:0}" pattern="; Secure" negate="true" />
</conditions>
<action type="Rewrite" value="{R:0}; Secure" />
</rule>
</outboundRules>
</rewrite>
<system.webServer>
Source https://stackoverflow.com/questions/25676490/using-iis-rewrite-to-add-httponly-flag-to-cookies-not-working
If your application bulit on both Classic ASP and .Net then include both in web.config.