Someone discovered a way to sniff sites from your browser history without using Javascript. Instead it uses an iframe that loads a server-side PHP script to do all the heavy lifting.

You can check out the demo here.

This has some fairly significant implications since you might not want other sites to know what sites you're visiting. The upside is that might put a bit of a load on a browser while processing so you might notice something fishy going on - but in most cases I suspect users won't notice anything.

The only defense I can think of at the moment is to not enable iframes - which of course would break many Web sites.