From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests. If an attacker is able to
rounding-error
typeform
object-layout
ngx-admin
jsignature
rowlocking
point-in-time
new-psdrive
socat
rendertron
microk8s
ruby-paranoia
berkeley-sockets
depottools
angular-ngmodel
windows-mobile
dynamic-data-masking
qcompleter
java-11
eclipse-2021-09
stumpy
lumen-5.2
jacorb
dynamics-crm-online
dcevm
coldfusion-2016
least-squares
secp256r1
ios8-share-extension
wildfly-22