brave://settings/privacy and make sure
"Prevent sites from fingerprinting me based on my language preferences" is enabled.brave://settings/languages and add several non-English
preferred languages (e.g. French, German, Japanese), so your full list is distinctive.navigator.languages (JS):
const request = new PaymentRequest(
[{ supportedMethods: 'https://this-site/.../pmh/<token>' }],
{ total: { label: 'total', amount: { value: '0', currency: 'USD' } } }
);
request.show(); // browser HEAD-fetches the manifest URL
The test compares the Accept-Language a normal
fetch() sends against the one the browser sends when it
fetches the payment-method manifest, both captured server-side. If the
Payment-manifest row shows more languages than the normal
fetch() row, the protection did not apply to that request.