I have configured SonarQube to scan my C# solution and it has raised S3330 which says that my cookies do not have HttpOnly set
Well, looking at the code only this is an accurate statement. But in fact, I have
<httpCookies httpOnlyCookies="true" />
in my Web.config which makes all custom cookies http-only. Thus, it seems like SonarScanner is ignoring this setting.
Is there any way to make it respect this setting of web.config?
Unfortunately not. The SonarC#/VB analyzers only look at the source code files currently.
If you want to stop the issue being reported then your options are to mark the instance of the issue as a false positive in SonarQube, or disable the rule entirely in the Quality Profile.
You could report this false positive to the SonarSource development team; they might be able to improve the rule.