Detect an MSISDN (mobile number) with the browser

kitokid picture kitokid · Dec 8, 2011 · Viewed 50.4k times · Source

Are there any HTTP headers one can use to detect a mobile users number other than this X-header x-up-calling-line-id ?

I want to detect from all browsers as much as possible to cover all platform mobiles.

Answer

darryn.ten picture darryn.ten · Jun 22, 2012

I will give you the exact same answer I gave to a very similar question as it should provide some insight into what you are trying to achieve.

The ability to get the MSISDN of the user visiting the WAP site depends on a number of things.

Firstly, the user has to be on Mobile Data. If the user is on WiFi then you will not receive this information.

Secondly, the users mobile network has to support the passing of the MSISDN in the HTTP headers.

Some mobile networks send headers on all requests. Others only send if going through a specific APN. Some only send this header to specific IP addresses/blocks. I have even come across networks that send the MSISDN as a $_GET variable. You will need to check with each network that you intend to support.

For example, a particular network in South Africa used to send MSISDNs in headers until around 6 months ago, and in order to receive the MSISDN in the headers now your server address needs to be whitelisted with them.

Also remember that headers are very easy to spoof, and shouldn't be relied on unless you are guaranteed that you are the originator of the HTTP request, such as in instances where you are using Web Views inside of Android Applications - you would need to put sufficient measures in place yourself.

With all of that in mind, here is what you should be looking for:

Look through your headers for any of the following. This is not a comprehensive list of MSISDN headers at all, they are only the ones I have come across in my adventures in mobile development.

  • X-MSISDN
  • X_MSISDN
  • HTTP_X_MSISDN
  • X-UP-CALLING-LINE-ID
  • X_UP_CALLING_LINE_ID
  • HTTP_X_UP_CALLING_LINE_ID
  • X_WAP_NETWORK_CLIENT_MSISDN

What I do is run through the headers looking for any matches. If I don't find any matches I run through the headers again using a country-specific MSISDN regex against the values to see if there are any potential MSISDNs in the headers on keys that I do not know about. If I find a potential match I add the key and data to a list that I can go through later in order to add to my list of known MSISDN headers.

I hope this has bought some clarity. What is most important to remember is that this is not a reliable method for getting an MSISDN.