Browse this page from your mobile device while on mobile data service (not WiFi). iPhones don't seem to be affected, but forward for not a private A-class network at 10.0.0.0/8 but rather for a Shared Address space in the 100.64.0.0-100.127.255.255 space (with an alleged 2 open ports).
The following data is being transmitted from your device to the server you're browsing to:
Your IP: 18.104.22.168
Your Browser: CCBot/2.0 (http://commoncrawl.org/faq/)
Non-standard headers:Cookies that are set:Array ( )
You do not seem to be leaking private data. At the moment. Try to browse via HTTPS or via a VPN or proxy to prevent this injection, if you control the VPN or proxy flow, in order to prevent these request headers from being forwarded.