So, currently, I am using this to get the IP address of visitors. (REMOTE_ADDR does not work due to use of CloudFlare)
$_SERVER['HTTP_X_FORWARDED_FOR'];
Is this safe? Like is it possible for someone to somehow spoof this since its an HTTP header? I would think that CloudFlare would be the one sending it though as visitors connect through that.