The suggestion you should have to bend over backwards for shitty software like cloudflare is bad enough; but if you were going to surely creating a new browser profile is far easily than spinning up a debain docker image, updating it and the installing Firefox and the running it?
All host info not accessible via X11 protocol is hidden, for example font list, is replaced with generic one.
For even more protection, run VNC server with common resolution in the container and connect to it using VNC viewer. In this case firefox provides a super generic profile (latest debian with mesa GPU), making this browser very hard to distinguish from others. This has some downsides however: First, you cannot resize window. Second, a lot of actual bots use same config, so it might be blocked.
mullvad browser is pretty much this, but without messing around with containers. One fingerprint for all users, with the same font list, resolution, canvas behavior, etc.
looking at https://mullvad.net/en/browser/hard-facts , Mullvad browser is much more extreme: many APIs blocked, always incognito mode... I would not be surprised if this blocks some sites.
the container approach on the other hand is bog-standard firefox.
To be fair, Firefox out of the box prevents against font fingerprinting more than Chrome, it's considerably easier to get Firefox to run in a docker container and pass all the client side challenges than Chrome in my experience, you still have a valid point though.
