An e-commerce app is experiencing unusual traffic during off-peak times. To identify the source IP addresses of clients accessing the app, which HTTP header should a developer examine?