I noticed this because on those websites I got a page with the title "412 Precondition Failed" and a lot of verbiage suggesting that I be spam-bot or of mal-intentions, instead of the expected page.
After emailing one of the website-owners, he showed me the entries that the script registered for my hits and they indicated that the script has decided that sending a "Connection: close"-header along with a "TE: chunked"-header is a sure sign of bad behaviour.
Now, I use wwwoffle to filter away ads and the like when browsing, and wwwoffle was sending exactly that combination of headers.
From quickly perusing the RFC for HTTP 1.1, I can't see that the combination of those headers should be invalid.
Update: The author of the "bad-behavior" script explained to me where the RFC says that, and although the wording of that paragraph is quite twisted it looks like he is right. I have sent the information to the author of wwwoffle, hoping that if he agrees with the reading of the RFC, he will change wwwoffle accordingly.
Meanwhile the quick work-around is to change wwwoffle.conf to read: "request-chunked-data = no" in the OnlineOptions-part.
I hope the author of the bad-behavior script soon removes this false positive-generating test.
In general not generating false positives in such a script must be exceedingly hard. ⊗