

Sniffing Browser History without CSS or JavaScript - Sephr
http://code.eligrey.com/visited.php?uri=http://news.ycombinator.com/news

======
bbosh
It does use CSS. See
[http://code.eligrey.com/visited.php?css&uri=http://news....](http://code.eligrey.com/visited.php?css&uri=http://news.ycombinator.com/news).

You are quickly redirected away from that page, so you don't see it (unless
you look at Firebug's Net tab, sniff packets, or equiv).

Edit: acutally, it's just included as a stylesheet (with a HTTP link header)

~~~
Sephr
It's not the redirect that hides it. View the page source before redirect and
you will see there are no <link rel="stylesheet"> or <style> tags.

~~~
bbosh
header('Link: </visited.php?css&uri='.$_GET["uri"].'>; rel="stylesheet";
type="text/css";');

It's in your source, look.

~~~
Sephr
I meant the source the client-side sees. I know the `Link` header is sent in
the application-end source.

~~~
bbosh
And what do you think the client does with this? It downloads the file and
implements the CSS rules.

Whether or not it is "hidden" from an average user, doesn't mean you are not
using CSS.

------
Sephr
WebKit and IE users: This will only work in Opera and Gecko-based browsers.

~~~
slig
How do you do that?

