diff --git a/cmd/serve.go b/cmd/serve.go
index 6d7754ef..aff7c7c8 100644
--- a/cmd/serve.go
+++ b/cmd/serve.go
@@ -304,27 +304,25 @@ func sigHandlerConfigReload(config string) {
 }
 
 func parseIPHostPrefix(host string) (prefixes []netip.Prefix, err error) {
-	//try parsing as prefix
+	// Try parsing as prefix, e.g. 10.0.1.0/24
 	prefix, err := netip.ParsePrefix(host)
 	if err == nil {
-		prefixes = append(prefixes, prefix.Masked()) // Masked returns the prefix in its canonical form,  the same for every ip in the range. This exists for ease of debugging. For example, 10.1.2.3/16 is 10.1.0.0/16.
-		return prefixes, nil                         // success
+		prefixes = append(prefixes, prefix.Masked())
+		return prefixes, nil
 	}
-
-	// not a prefix, parse as host or IP
-	// LookupHost passes through an IP as is
+	// Not a prefix, parse as host or IP (LookupHost passes through an IP as is)
 	ips, err := net.LookupHost(host)
 	if err != nil {
 		return nil, err
 	}
-	for _, i := range ips {
-		ip, err := netip.ParseAddr(i)
+	for _, ipStr := range ips {
+		ip, err := netip.ParseAddr(ipStr)
 		if err == nil {
 			prefix, err := ip.Prefix(ip.BitLen())
 			if err != nil {
 				return nil, fmt.Errorf("%s successfully parsed but unable to make prefix: %s", ip.String(), err.Error())
 			}
-			prefixes = append(prefixes, prefix.Masked()) //also masked canonical ip
+			prefixes = append(prefixes, prefix.Masked())
 		}
 	}
 	return
diff --git a/server/server.go b/server/server.go
index a4ef193b..ef09100d 100644
--- a/server/server.go
+++ b/server/server.go
@@ -1437,14 +1437,14 @@ func extractUserPass(r *http.Request) (username string, password string, ok bool
 // This function was taken from https://www.alexedwards.net/blog/how-to-rate-limit-http-requests (MIT).
 func (s *Server) visitor(r *http.Request) *visitor {
 	remoteAddr := r.RemoteAddr
-	ipport, err := netip.ParseAddrPort(remoteAddr)
-	ip := ipport.Addr()
+	addrPort, err := netip.ParseAddrPort(remoteAddr)
+	ip := addrPort.Addr()
 	if err != nil {
 		// This should not happen in real life; only in tests. So, using falling back to 0.0.0.0 if address unspecified
 		ip, err = netip.ParseAddr(remoteAddr)
 		if err != nil {
 			ip = netip.IPv4Unspecified()
-			log.Error("Unable to parse IP (%s), new visitor with unspecified IP (0.0.0.0) created %s", remoteAddr, err)
+			log.Warn("unable to parse IP (%s), new visitor with unspecified IP (0.0.0.0) created %s", remoteAddr, err)
 		}
 	}
 	if s.config.BehindProxy && strings.TrimSpace(r.Header.Get("X-Forwarded-For")) != "" {
@@ -1452,14 +1452,13 @@ func (s *Server) visitor(r *http.Request) *visitor {
 		// only the right-most address can be trusted (as this is the one added by our proxy server).
 		// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For for details.
 		ips := util.SplitNoEmpty(r.Header.Get("X-Forwarded-For"), ",")
-		myip, err := netip.ParseAddr(strings.TrimSpace(util.LastString(ips, remoteAddr)))
+		realIP, err := netip.ParseAddr(strings.TrimSpace(util.LastString(ips, remoteAddr)))
 		if err != nil {
 			log.Error("invalid IP address %s received in X-Forwarded-For header: %s", ip, err.Error())
-			// fall back to regular remote address if X-Forwarded-For is damaged
+			// Fall back to regular remote address if X-Forwarded-For is damaged
 		} else {
-			ip = myip
+			ip = realIP
 		}
-
 	}
 	return s.visitorFromIP(ip)
 }