From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests. If an attacker is able to
libvlcsharp
cf-bosh
glance-appwidget
nessus
arcade
jsreport
fastcv
jsforce
meta-key
lto
powershell-3.0
pgaudit
uipresentationcontroller
binance-api-client
uibutton
wso2-am
wso2dss
modbus
anonymous-function
ebooklib
cubical-type-theory
jdbc-postgres
livetext
wikipedia-api
dlopen
languagetool
dependency-injection
render-html
distro
authentication-flows
