Fixed! Good job social media :)
All seems to be fixed: O2's statement. I'll leave the below page in place, but everything below this line can be considered out of date. You should no longer be able to see your number listed here.
O2 send your phone number to every site you visit using their mobile data network?
This page is a simple little script which prints out all the information I receive about you when you visit. It is logical to conclude that this same information is sent to all other websites too. I'm a nice guy, and I'm not storing anything other than the basic information about your visit that my server logs by default - date/time/ip address etc. But there is nothing stopping me collecting everything you see below.
If you're on O2's UK mobile network (not ADSL), you'll (probably) see a line beginning with x-up-calling-line-id - followed by your mobile phone number in plain text. Other operators may use different headers, or hopefully none at all - let me know - I'm interested to know if other networks are doing it too.
To see it in action, remember to disable wifi on your device, and don't use a proxying browser like opera mini.
Headers received:X-Proto: HTTPS
Accept-Encoding: x-gzip, gzip, deflate
User-Agent: CCBot/2.0 (http://commoncrawl.org/faq/)
To answer some questions and responses I've seen - no, it's not anything client-side. O2 seem to be transparently proxying HTTP traffic and inserting this header.