Exclude specific cookie from set_cookie_header iRule

Try this... HTTP::cookie secure should return "enable" if it's been set according to the Wiki but I've not tested the output myself

https://devcentral.f5.com/Wiki/iRules.HTTP__cookie.ashx

 when HTTP_RESPONSE { 
  set unsafe_cookie_headers [HTTP::header values "Set-Cookie"] 

  if { not ([string tolower [HTTP::cookie value]] starts_with "XSRF-TOKEN") && ([HTTP::cookie secure] eq "enable" )} {
    HTTP::header remove "Set-Cookie" 
      foreach set_cookie_header $unsafe_cookie_headers { 
        HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure; HttpOnly" 
    } else {
        return       
      }
    }
  }

Thank you again for your assistance, very much appreciated!! We were able to get it to work with a few tweaks.

when HTTP_RESPONSE {
    set unsafe_cookie_headers [HTTP::header values "Set-Cookie"]
        HTTP::header remove "Set-Cookie"

        foreach set_cookie_header $unsafe_cookie_headers {
    if { $set_cookie_header starts_with "XSRF-TOKEN"} then { 
        HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure"
    } else {
        HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure; HttpOnly"
        }
    }
}