I heard about an “X-Forwarded-For” header the last time this came up:
They were talking about some fiddliness about how to figure out which headers came from the client (i.e. not trustworthy) and which came from Glitch’s middleware, so you’ll probably have to figure that out too.