being said I had never known about the TLS fingerprinting option, I generally don’t see that shown on the fingerprint detector sites, that’s interesting.

There’s also things like the SNI field which is a non-encrypted field which contains the requested domain name. Even if you use DNS over HTTPS to keep your information from leaking via ISP controlled DNS servers, they can still get the destination domain names from the SNI during the TLS handshake.