date-modifed headers used to "track" users
Notes:
- https://news.ycombinator.com/item?id=33802683
- https://notes.normally.com/cookieless-unique-visitor-counts/
Not my area. Is this an issue we need to address? AFAICT this is 1st party only per session / new identity (everything is sanitized on end of session, right?)
As for new circuit, that is not designed or expected to sanitize (and doesn't sanitize everything)
Close if fluff