You can test it with regex101
In case you need to append the HttpOnly flag to all except some cookie, you can use a code like this in Apache conf:
Header edit Set-Cookie "(?i)^((?:(?!(YOUR-TOKEN))(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"
in this way at YOUR-TOKEN the HttpOnly flag is not attached.