If you want to recieve the httpOnly cookie on your server, when you make a request to the server from the client page, you enable the withCredentials (for XMLHttpRequest) or { credentials:"include" } (for fetch). The cookie will be sent to the server without the javascript code being able to see it.