Cookie HttpOnly being reported incorrectly

Version: Community EditionVersion 7.6 (build 21501)
Vulnerability: squid:S3330 “HttpOnly” should be set on cookies

This vulnerability is being reported (in a number of locations), but as you can see from the screenshot, its looks like it has already been addressed.

Should have added were using SonarJava Analyzer (v5.14 - build 18788)

Sorry, I don’t manage to reproduce the issue.
Can you share a more complete example?