From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests. If an attacker is able to
sakila-database
pepper
retaincount
compodoc
timex
onnx-coreml
netcdf
redisgraph
huobi
filestreamresult
hamming-numbers
google-tasks
iso8601
google-chrome-webview
count-data
parsoid
hdfql
mina
content-script
react-intersection-observer
cubical-type-theory
items
recent-documents
gmplot
shipping-method
jfrog-mission-control
gghighlight
user-defined-literals
nuke-build
iequalitycomparer
