diff --git a/docs/content/docs/reference/security.mdx b/docs/content/docs/reference/security.mdx
index 77d6f0a119..3c8fd3520c 100644
--- a/docs/content/docs/reference/security.mdx
+++ b/docs/content/docs/reference/security.mdx
@@ -100,7 +100,12 @@ You can configure the IP address header in your Better Auth configuration:
 
 This ensures that Better Auth only accepts IP addresses from your trusted proxy's header, making it more difficult for attackers to bypass rate limiting or other IP-based security measures by spoofing headers.
 
-> **Important**: When setting a custom IP address header, ensure that your proxy or load balancer is properly configured to set this header, and that it cannot be set by end users directly.
+<Callout type="info">
+**Important**
+
+- When setting a custom IP address header, ensure that your proxy or load balancer is properly configured to set this header, and that it cannot be set by end users directly.
+- In dev/test environments, if the IP cannot be retrieved from headers, 127.0.0.1 is used as a fallback.
+</Callout>
 
 ## Trusted Origins