If the two cookies had HttpOnly flags set, the flags would appear at the end of the Set-Cookie assignment lines. When present, the flag would immediately follow a semicolon ending the path scope of the cookie, followed by the string HttpOnly. The display is similar for the Secure flag as well:

Set-Cookie: PHPSESSID=<session token value>;path=/;Secure;HttpOnly;