XSS with the true HTTP flag

Since only the HTTP flag is used to mitigate cross-site scripts, we can not run XSS on the Web application.

If we can, what are the best real-time examples for pentest XSS when HTTPOnly is true?