No, actually it just needed to be well-formed. UA headers follow a certain format. Some folks like to try to "blend in" and use known headers seen in the wild but personally I like to make up new UA headers that reveal nothing, not even fake details. On the whole, I very rarely send a UA header. The number of sites that demand one is very small for me. I had just assumed Cloudflare was doing TLS fingerprinting or something more involved than just checking for presence of a UA header. But it worked. The StackExchange family of sites is one example where a UA header is needed. They will block otherwise. Not using Cloudflare to do the blocking though.
