> I don’t get why headers and requests need to be spoofed if all traffic is over https?

how are they looking inside the packet if it's encrypted?

	▲	sodality2 a year ago \| parent [-]
		DPI doesn't have to decrypt it to make certain guesses about its content. For example, timing information, packet sizes, routing info, etc could lead you to believe it's certain kinds of things (SSH, VPN, etc).