This article describes the Ektron configuration option for setting the HttpOnly flag for the ECM Cookie.
In the web.config you will find the following key
<!-- This is for setting the HttpOnly attribute for the ECM cookie -->
<add key="ek_HttpOnly" value="false" />
Set the key to true to enable the setting.
<%= heading %>