[paxcoder]

If you turn JS off, you'll still see a mole in the position which signifies your visited subset of tested-for addresses. If you inspect the code, each position has multiple anchor elements, the last of which has an onclick right now. All you'd have to do is add a href to it.

[Matt3o12_]

How do you send this information back to the browser then? You can't embed it into forms nor send requests to the server. While this information is always there (unless you disable CSS), there is no way to extract it (unless you use JavaScript).

This is why OPs point is still true. Without JavaScript, this information is worthless.

[paperpunk]

The point is that you can use the technique on a legitimate link on the page, e.g. a log-in button. The browser will then make a request anyway, through which you can pass the information back to the server. That is what paxcoder means by saying using a href instead of an onClick. No JavaScript is needed for this.

[blowski]

Put 10 links on the page, each with a slightly different href. Use CSS to make 9 of the links invisible, based on the browser history, so the user sees only one link. When they click on that link, the URL of the page they visit reveals which pages are in their history. The server can store that information, and you can tie it up with the session. To prevent spiders crawling the links, you could use buttons instead, making POST requests.

No JS required, just CSS and HTTP.