Apache: incap_ses_* cookie is Secure but not HttpOnly, whereas visid_incap_* have both flags

Question

I have an Apache server that hosts a Wordpress webpage. I modified my mod_headers to set the Secure and HttpOnly flag to all the cooki