In the light of the latest httpoxy vulnerabilities, there is another variable, that is widely misused.
HTTP_X_FORWARDED_FOR is often used to detect the client IP address, but without any additional checks, this can lead to security issues, especially when this IP is later used for authentication or...