From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests. If an attacker is able to
dataproc
mosaico
visual-studio-mac
application-security
cgit
bytechannel
pasting
mach
aws-sts
textile
assembly-reference-path
shell-exec
generated
pure-virtual
itemcontainergenerator
cpu-speed
mediainfo
applicationcontext
cypress
state-saving
linkchecker
mayanedms
greenlock
first-level-cache
amazon-machine-learning
echo
freepascal
aggregator
vaultsharp
eddystone
