History information leak -- try a if it doesn't work first time.
This demo places an <a> anchor tag for each history sniffing attempt in an SVG document, then draws that SVG image in a <canvas>, finally looking through the pixels to find the a:visited colour. Additionally, it renders to a (PNG) Blob to see if there is a file size difference (as the unvisited colour is the same as the background colour). Normal browser security would not be to not render a:visited differently to the normal anchor colour when drawing through an SVG.