So it appears O2 based networks are sending your mobile number in the header of all web requests (that is... requests to any site)

On your mobile phone (and using your mobile data plan, and not a wifi connection) go to the following address http://lew.io/headers.php and you may or may not see your phone number listed (I do on GiffGaff). This means a site could, if they wanted to, harvest phone numbers.

I think/assume this has only just come to the publics attention, so it might be a good idea to hold off browsing any questionable sites for a while else you may find yourself getting enlargement related phone calls.