date-modifed headers used to "track" users

Notes:

https://news.ycombinator.com/item?id=33802683
https://notes.normally.com/cookieless-unique-visitor-counts/

Not my area. Is this an issue we need to address? AFAICT this is 1st party only per session / new identity (everything is sanitized on end of session, right?)

As for new circuit, that is not designed or expected to sanitize (and doesn't sanitize everything)

Close if fluff

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information