From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests. If an attacker is able to
hashset
nerdamer
nested-select
react-key-index
cm
lispworks
polymorphic-relationship
dnn9
flashmessenger
google-url-shortener
asp.net-2.0
simpsons-rule
code-access-security
microsoft-graph-edu
vram
mogrify
laravel-passport
ibm-midrange
findwindowex
ojdbc
alt-key
instapy
datetime64
single-shot-detector
pyramid-services
gnu-indent
non-alphanumeric
toggleswitch
flycheck
azure-devops-self-hosted-agent
