diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 4589713..609ee26 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -76,11 +76,18 @@ http {
 
             # Host header must match upstream for Cloudflare
             proxy_set_header Host api.elevenlabs.io;
-
-            # Pass through original headers (User-Agent, Accept, etc.)
-            # Do NOT set X-Real-IP or X-Forwarded-For — Cloudflare uses them for bot detection
             proxy_set_header Connection "";
 
+            # Scrub all headers that leak the original client IP
+            # Cloudflare reads these to determine "real" client geo
+            proxy_set_header X-Forwarded-For "";
+            proxy_set_header X-Real-IP "";
+            proxy_set_header True-Client-IP "";
+            proxy_set_header CF-Connecting-IP "";
+            proxy_set_header X-Client-IP "";
+            proxy_set_header Forwarded "";
+            proxy_set_header Via "";
+
             # Remove proxy token before forwarding to upstream
             proxy_set_header X-Proxy-Token "";
 
@@ -114,6 +121,16 @@ http {
 
             proxy_set_header Host api.openai.com;
             proxy_set_header Connection "";
+
+            # Scrub all headers that leak the original client IP
+            proxy_set_header X-Forwarded-For "";
+            proxy_set_header X-Real-IP "";
+            proxy_set_header True-Client-IP "";
+            proxy_set_header CF-Connecting-IP "";
+            proxy_set_header X-Client-IP "";
+            proxy_set_header Forwarded "";
+            proxy_set_header Via "";
+
             proxy_set_header X-Proxy-Token "";
 
             proxy_http_version 1.1;