Respect all ip addresses if a header contains multiple addresses
Respect all headers if it is present multiple times
Add a toggle to enable using a header or always use the IP address from the client connection (Otherwise, a bad actor can just send a spoofed X-Forwarded-For header)
Add an optional parameter to specify a custom header name
Add an option to specify the number of trusted reverse proxies (If you are running 2 reverse proxies, only the last 2 IP addresses can be trusted, with the second last address being the client)
For information on why this is necessary, the MDN docs explain it pretty well (especially the section "Security and privacy concerns")
Example:
Resolves #6