From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests. If an attacker is able to
graphicscontext
sql-workbench-j
genexus-gam
boost-coroutine
google-persistent-disk
fluent-nhibernate
facebook-webhooks
magic-square
running-other-programs
azure-powershell
fixed-data-table
populate
angular2-form-validation
libstreaming
azure-data-factory-pipeline
python-exec
uinavigationbar
2checkout
ipycache
wmic
overflow-menu
qtconsole
amazon-keyspaces
code-standards
state-monad
itsm
foursquare
centos8
simplekml
editorjs
