Whose draft is that? It seems rather extreme, but I guess that would be a comment for the discussion thread: https://github.com/w3ctag/design-reviews/issues/101 I notice the stated purpose of that section of restrictions is: <blockquote>Maintaining server privacy means limiting its ability to identify the user, through "fingerprinting" the client, or associating the user's behavior on one site with that on another (using a mechanism like cookies).</blockquote> I'm not aware of any preferences that modulate the HTTP headers sent in private mode. There may be extensions that can do that. There is a preference in testing called '''privacy.resistFingerprinting''' which may have some of those effects. However, users have reported some website breakage with that setting, so it probably needs further development. It is expected to be "turned on" in Firefox 59. More info: https://wiki.mozilla.org/Security/Fingerprinting