As encryption, privacy technologies and new browser architectures continue to reshape the internet, with HTTPS by default, Header Enrichment is moving toward a future where it becomes residual rather than foundational. The question operators should be asking today is not whether Header Enrichment will continue to work in isolated cases. The real question is how much revenue could be left on the table if networks fail to adapt to the new conditions created by an encrypted web.
Chrome 154 Accelerates the End of Passive Network Identification
Chrome 154 is a new version of Google’s Chrome browser. Like other Chrome releases, it introduces a series of security and privacy improvements, but one change in particular stands out for the mobile ecosystem. The update will enable the “Always Use Secure Connections” feature by default, meaning the browser will automatically attempt to load all websites using HTTPS and will warn users before accessing pages that rely on unsecured HTTP connections.
This means the traditional Header Enrichment model will face so much friction that conversions will effectively disappear. This transition will happen progressively. Starting in April 2026, Chrome will activate this feature for users who have Enhanced Safe Browsing enabled, which already represents a very large share of mobile users. By October 2026, with the full release of Chrome 154, the HTTPS-first behavior will become the default for all Chrome users. Because Chrome is one of the most widely used mobile browsers, this evolution will quickly affect a large portion of smartphone traffic worldwide.
This new version accelerates a broader transformation that has been unfolding for several years. Browsers, operating systems and internet infrastructure are increasingly aligned around a common principle: network traffic should be encrypted and user activity should not be passively observable. As encrypted connections become the standard, the conditions that once enabled Header Enrichment begin to erode, making it increasingly difficult to rely on network-level identification mechanisms.
Why Header Enrichment Is No Longer Sustainable at Scale
Header Enrichment was developed during a period when most internet traffic was not encrypted. In that environment, mobile networks could insert subscriber identification information directly into requests passing through the network, allowing digital services to recognize the subscriber automatically. This made it possible to enable seamless subscription flows, two-click payments and simple authentication mechanisms without requiring users to enter their phone number manually.
In today’s encrypted internet environment, this process becomes much more difficult. When connections are protected with HTTPS, the communication between the user and the service is encrypted using technologies such as TLS, which prevents the network from accessing or modifying certain parts of the connection.
For operators and service providers this creates a major challenge. Services that depend on automatic identification can no longer rely on it. What was once a universal mechanism is now almost impossible to sustain.
How Does HTTPS by Default Affect Telco Revenues
When automatic identification disappears, the impact is not only technical. It directly affects the performance of digital services that rely on seamless user identification.
Header Enrichment has historically allowed users to subscribe to services with a single click, because the network could automatically recognize the subscriber. When this automatic identification no longer works, services must ask the user to manually enter their phone number or complete additional verification steps.
Industry experience shows that when users are asked to manually enter their phone number instead of being automatically identified, subscription conversions can drop dramatically. What was previously a frictionless two-click experience becomes a longer process that many users simply decide not to finish.
For operators, this directly affects services that generate revenue through mobile identity, including carrier billing and subscription activation. Protecting the simplicity of these flows is therefore essential to maintaining the performance of mobile services and preserving the revenues they generate.
What Must Operators Do to Adapt
In this new environment, operators remain uniquely positioned to verify the identity of a mobile subscriber and confirm the relationship between a SIM card, a device and a network account. What is changing is the way this identity must be delivered.
Legacy mechanisms built around passive traffic observation were designed for an internet that was largely unencrypted. In today’s setting, identity must be delivered through secure mechanisms that operate naturally within encrypted connections.
To maintain silent subscriber identification over HTTPS there are several technical alternatives:
- TLS Termination (HTTPS Header Enrichment): One possible short-term approach is TLS termination within the operator network. In this model, encrypted HTTPS traffic is temporarily decrypted at a gateway controlled by the operator. This allows the network to access the connection and insert the subscriber’s MSISDN before re-encrypting the traffic and sending it to the destination service. This approach enables Header Enrichment to continue working even with HTTPS connections, but it requires additional infrastructure and careful management of encrypted traffic.
- APN Private IP and MSISDN Resolution: Another option relies on the relationship between the subscriber’s private IP address and their MSISDN within the mobile network. Operators maintain an internal mapping between these elements through systems such as PCRF or AAA. When a user accesses a service, the partner can send the source IP address to a dedicated API, which resolves the corresponding MSISDN. This allows the service to identify the subscriber without modifying the encrypted connection itself.
- API-Based IP Lookup for MSISDN Resolution: In this model, the operator exposes a secure API that allows partners to request subscriber identification. When a user connects to a service, the partner sends the source IP address through the API and the operator returns the associated MSISDN. This approach works entirely over HTTPS and aligns well with modern web architectures, although it requires integration between the operator and the service provider and is typically implemented on IPv6 networks.
- CAMARA / Open Gateway Number Verification: A more standardized long-term solution is based on the GSMA Open Gateway and CAMARA initiative. In this model, operators expose network capabilities through APIs that allow services to verify the subscriber’s phone number directly through the mobile data connection. Instead of modifying network traffic, the service requests verification through a secure API. Because this approach is being adopted by many operators globally, it is considered one of the most future-proof solutions for mobile identity in an encrypted internet.
Operators therefore need to modernize how identity capabilities are delivered to the ecosystem. Instead of relying on implicit signals within network traffic, identity increasingly needs to be confirmed through secure verification processes that respect encryption and privacy standards. Carrier billing and authentication flows must evolve so that they can operate reliably in encrypted environments while preserving the simplicity that users expect.
The shift away from traditional Header Enrichment marks not just a technical change but a turning point for the mobile services ecosystem. As the internet continues to evolve toward secure and encrypted connections, operators who prepare early will be best positioned to protect their subscription revenues and maintain strong user acquisition performance.
