Verizon claims that this code is in a database that doesn’t get shared, but that’s not good enough. As the article we linked to mentions, any site that can tie a user’s personal information to that tracking code can sell that information and a database can be constructed. At that point, any traffic from a phone, even if run in a private or incognito mode, can be tied to the phone’s owner by the site that’s being visited unless the site use the HTTPS protocol.
We strongly advise that sites disable this header on their systems. At hort.net we have set this Apache directive:
RequestHeader unset X_UIDH early RequestHeader unset HTTP_X_UIDH early
This ensures that the tracking code will be removed before any of our scripts run, so we won’t be able to tie Verizon’s tracking to any of our visitors (even accidentally).
If you use Verizon, try to only connect to sites using the HTTPS protocol (secure web sites) or ones that are known to remove that tracker.