Do you want to configure httpOnly Cookies in ASP Classic and .net with web.config.

For .NET

    <httpCookies httpOnlyCookies=”true” />


For Classic ASP include following

        <rule name=”Add HttpOnly” preCondition=”No HttpOnly”>
            <match serverVariable=”RESPONSE_Set_Cookie” pattern=”.*” negate=”false” />
            <action type=”Rewrite” value=”{R:0}; HttpOnly” />
            <preCondition name=”No HttpOnly”>
                <add input=”{RESPONSE_Set_Cookie}” pattern=”.” />
                <add input=”{RESPONSE_Set_Cookie}” pattern=”; HttpOnly” negate=”true” />

If your application bulit on both Classic ASP and .Net then include both in web.config.