Let's go through the creation of a bookmarklet that removes the http referrers from all links in a page. This has been tested in Safari and Firefox.
Safari 5 was released today and following IE8's move they decided to implement what they call XSS Auditor.
Dirbuster and dirb are in the toolset of all web application security fans. Both tools are excellent (although I prefer dirb due to it being command line and not Java), but their results obviously depends on how good the wordlist you are using is.