The service trusts forwarded headers only when they come from vetted sources; otherwise it uses the direct connection details to avoid spoofing.
Private or local addresses stay within this session; the page only displays the IP you used to reach this service.
Yes. Send a GET request to the root endpoint with Accept: text/plain or the query parameter format=txt to receive a plain IP response.