An O2 user, Lewis Peckover, found that the mobile phone company has been adding the phone number of any subscriber using its mobile network to the HTTP headers of web requests. The header, x-up-calling-line-id, appears to be inserted by the transparent proxies that O2 uses so it can downgrade images and insert JavaScript into the returned HTML.
To experience the problem, a user on the O2 network needs to disable Wi-Fi and, without using a proxying browser such as Opera Mini, connect to Peckover's site which displays the headers received.

The issue isn't new: in 2010 Collin Mulliner presented a paperPDF to the Security in Telecommunications conference on research that had found number leakage from numerous phone carriers. Mulliner offers the MNO Privacy Checker which examines HTTP request headers for the x-up-calling-line-id, and the many other added headers he found in use, and displays the results with a green, for clear, or red, for privacy leakage, page background. The x-up-calling-line-id header is documented in a 2009 blog posting of known telco HTTP headers.

The link for this article located at H Security is no longer available.