Device fingerprinting (and cache attacks) could still connect the different profiles unless you change more parameters than just headers. Or disable javascript for some or all the profiles.
Like I mentioned in parent comment, my project has had a lot of success with that. I know I was able to fool the Evercookie[1]. I can even have different profiles have different browser engines if I want. They each use individual prefs.js files.
[1]: https://samy.pl/evercookie/