In theory, websites can use your browsers cache to determine if and when you visited another website. To do this a website would simply have to know which images, or other files, are used on the website that it wants to probe for.
So, if image test.jpg is loaded from the cache instead of the attacker's website it is safe to assume that the user has been visiting the first website as well (or another one with the same image).
Safe Cache and Safe History are two Firefox extensions that prevent this methods of finding out. In the case of Safe Cache, the user has the option to select one of the following privacy levels: segmented cache, cache originating site only, or never cache. For Safe History it is: segmented by origin, don't mark links visited in offsite frames, or never mark links visited.
A test website has been created that uses the method to determine your online bank. This probably does only work for US online banks and only the user visited a website of a bank and did not delete the cache in Firefox afterwards. Both Firefox add-ons are recommended to increase security.
Update: Please note that newer versions of Firefox do not leak the browsing history anymore. It is no longer possible to use style information to distinguish visited websites from websites that have not been visited in recent time -- since the last browser history cleaning.
As far as safe cache features are concerned, it too seems to have been resolved in recent versions of the Mozilla Firefox web browser.
You can test the Safe Cache test page to test that on your system, and the Safe History test page to test it.
The two browser extensions are not compatible anymore with the most recent versions of Firefox and links have been removed as a consequence.Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.