The real question is on what OSI layer are you willing to die.

TCP fingerprinting is a real threat and most surveillance systems can identify your unique connection pretty easily, thanks to the quantum surveillance technique where closer surrounding and compromised hops will send you packets faster than the actual endpoint because they are geographically closer to you.

A real privacy aware browser caches everything, and scatters requests as much as possible through different network paths, and farbles Web APIs of the most common system and browser combination (which is Microsoft Edge or Google Chrome on Windows/Android).

I tried to implement all that, but I gave up working on that after I've been targeted in 2021. Maybe I have the time to get back to it after I am done with my current mission.