From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests. If an attacker is able to
newrow
ubi
onesignal
tibero
google-webfonts
replit-database
tryparse
clipspy
google-books
coverflow
mysql-udf
kanji
angular-cookies
fluxlang
chart.js
spacemacs
ada
pyfftw
linked-service
gdb
signed-assembly
phpdocx
roslynator
applepay-web
class-level
woocommerce-email
application-icon
flutter-graphql
member-variables
yubihsm
