Because you would need to reproduce an explicit Google copyright statement which states that you don't have the right to copy it ("All rights reserved.") in order to do it fully.

That presumably gives Google the legal ammunition it needs to sue you if you do it.

Companies like SEGA have tried doing stuff like that in the past, and lost.

It seems like the requirement to reproduce this copyright header alone, nevermind the validation hash, would be enough to scare off scrapers?

I'm no lawyer, but my take on it is that by reproducing this particular value for the validation header, you are stating that you are the Chrome browser. It's likely that this has been implemented in such a way that other browsers could use it too if they so choose; the expected contents of the copyright header can then change depending on what you have in the validation header.

To me, it seems likely that the spec is for a legally defensible User-Agent header.

> They managed fine to set Chrome's user agent. Why do you think something like X-Browser-Validation is off limits?

It's not off-limits technically. But do you think it'll remain this simple going forward? I doubt that.