diff --git a/server.js b/server.js
index f9a5163..30b69e4 100644
--- a/server.js
+++ b/server.js
@@ -19,6 +19,7 @@ const PAGE_SIZE_MAX = 48;
 const UPLOAD_MAX_BYTES = 5 * 1024 * 1024;
 const REQUEST_MAX_BYTES = 6 * 1024 * 1024;
 const SSE_HEARTBEAT_MS = 25_000;
+const DEBUG_CLIENT_IP = process.env.DEBUG_CLIENT_IP === 'true';
 const events = new Set();
 const DISCOVERY_ROUTES = new Set([
   '/robots.txt',
@@ -109,6 +110,12 @@ const server = http.createServer(async (req, res) => {
       });
     }
 
+    if (req.method === 'GET' && url.pathname === '/api/debug/ip') {
+      noIndex(res);
+      if (!DEBUG_CLIENT_IP) return sendJson(res, 404, { error: 'Not found' });
+      return sendJson(res, 200, clientIpDebug(req));
+    }
+
     if (req.method === 'GET' && url.pathname === '/api/admin/pending') {
       noIndex(res);
       if (!isAdminRequest(req)) return sendJson(res, 404, { error: 'Not found' });
@@ -325,3 +332,17 @@ function clientIp(req) {
   }
   return req.socket.remoteAddress || 'unknown';
 }
+
+function clientIpDebug(req) {
+  return {
+    trustProxy: process.env.TRUST_PROXY === 'true',
+    resolvedClientIp: clientIp(req),
+    remoteAddress: req.socket.remoteAddress || '',
+    headers: {
+      xForwardedFor: req.headers['x-forwarded-for'] || '',
+      xRealIp: req.headers['x-real-ip'] || '',
+      forwarded: req.headers.forwarded || '',
+      cfConnectingIp: req.headers['cf-connecting-ip'] || ''
+    }
+  };
+}