> Hmm... I wonder if https://panopticlick.eff.org/ rates "no UA" as being
> *more* identifiable than spoofing it to something commonplace? :-)

BTW, I was recently thinking about this "http header fingerprinting"
problem and was wondering if anybody has tried to randomize
their header.
More specifically, change part of the header for each request.
An obvious option is to add a counter to the "user-agent", and to add
a "blur" factor to the language options.

E.g. my "en-us,fr-ch;q=0.8,es-ar;q=0.6,en;q=0.4,de;q=0.2" appears to be very
rare, but if it keeps changing from
   en-us,fr-ch;q=0.80000234,es-ar;q=0.60000765,en;q=0.40000345,de;q=0.20000123
to en-us,fr-ch;q=0.80000983,es-ar;q=0.60000923,en;q=0.40000186,de;q=0.20000236
to ...
then a naive fingerprinting will be fooled into thinking it's coming
from a different user.