date-modifed headers used to "track" users

Notes:

• https://news.ycombinator.com/item?id=33802683
• https://notes.normally.com/cookieless-unique-visitor-counts/

Not my area. Is this an issue we need to address? AFAICT this is 1st party only per session / new identity (everything is sanitized on end of session, right?)

As for new circuit, that is not designed or expected to sanitize (and doesn't sanitize everything)

Close if fluff