diff --git a/src/HTTP/Requests/RemoteAddress.php b/src/HTTP/Requests/RemoteAddress.php
--- a/src/HTTP/Requests/RemoteAddress.php
+++ b/src/HTTP/Requests/RemoteAddress.php
@@ -31,15 +31,11 @@
     }
 
     public function getClientAddress () : string {
-        if (strpos($this->remoteAddress, ',') === false) {
-            // We only have one value, it's the IP
-            return $this->remoteAddress;
-        }
-
         // Header contains 'clientIP, proxyIP, anotherProxyIP'
+        //              or 'clientIP proxyIP anotherProxyIP'
         // The first value is so the one to return.
         // See draft-ietf-appsawg-http-forwarded-10.
-        $ips = explode(',', $this->remoteAddress, 2);
+        $ips = preg_split("/[\s,]+/", $this->remoteAddress, 2);
         return trim($ips[0]);
     }
 
diff --git a/tests/HTTP/Requests/RequestTest.php b/tests/HTTP/Requests/RequestTest.php
--- a/tests/HTTP/Requests/RequestTest.php
+++ b/tests/HTTP/Requests/RequestTest.php
@@ -35,6 +35,26 @@
     }
 
     /**
+     * @covers \Keruald\OmniTools\HTTP\Requests\Request::getClientAddress
+     * @backupGlobals enabled
+     */
+    public function testGetRemoteAddressWithSeveralAddresses () : void {
+        $_SERVER = [
+            'HTTP_X_FORWARDED_FOR' => '10.0.0.2 10.0.0.3',
+        ];
+        $this->assertEquals('10.0.0.2', Request::getRemoteAddress(),
+            "HTTP_X_FORWARDED_FOR could contain more than one address, the client one is the first"
+        );
+
+        $_SERVER = [
+            'HTTP_X_FORWARDED_FOR' => '10.0.0.2, 10.0.0.3',
+        ];
+        $this->assertEquals('10.0.0.2', Request::getRemoteAddress(),
+            "HTTP_X_FORWARDED_FOR could contain more than one address, the client one is the first"
+        );
+    }
+
+    /**
      * @covers \Keruald\OmniTools\HTTP\Requests\Request::getAcceptedLanguages
      * @backupGlobals enabled
      */