User-1982247078 posted
Not sure where the REMOTE_ADDR is being filled from, but obviously X-Forwarded-For is from the HTTP request itself and therefore can be easily counterfeit. So recording only HTTP_X_FORWARDED_FOR in case it is present, as suggested, might not be
the best idea from the security point of view.
Also, parsing is different, because the X-Forwarded-For is generally comma separated list of addresses.