From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests. If an attacker is able to
nsscrollview
go-get
ef-core-2.0
markdoc
udl
dbi
roxygen
intel-gdb
column-count
visual-editor
dreamhost
kube-apiserver
jaeger-client-go
c-strings
kerberos-delegation
ibm-cloud-storage
directoryentry
upsert
node-media-server
spatial-data-frame
immediate-operand
excel-online
file-in-use
uwfmgr
file-processing
soap
uvc
forge2d
aiff
alphablending