diff --git a/README.md b/README.md
index 0912218..0769d63 100644
--- a/README.md
+++ b/README.md
@@ -25,11 +25,14 @@ is built like other Rust projects, with `cargo build`.
 Command line arguments
 ----------------------
     USAGE:
-        sausagewiki [OPTIONS] <DATABASE>
+        sausagewiki [FLAGS] [OPTIONS] <DATABASE>
 
     FLAGS:
-        -h, --help       Prints help information
-        -V, --version    Prints version information
+        -h, --help              Prints help information
+            --trust_identity    Trust the value in the X-Identity header to be an authenticated username.
+                                This only makes sense when Sausagewiki runs behind a reverse proxy which
+                                sets this header.
+        -V, --version           Prints version information
 
     OPTIONS:
         -p, --port <port>    Sets the listening port
diff --git a/src/main.rs b/src/main.rs
index 53f85af..d999002 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -52,6 +52,11 @@ fn args<'a>() -> clap::ArgMatches<'a> {
                 Err(_) => Err("Must be an integer in the range [0, 65535]".to_owned())
             })
             .takes_value(true))
+        .arg(Arg::with_name("trust_identity")
+            .help("Trust the value in the X-Identity header to be an \
+                authenticated username. This only makes sense when Sausagewiki \
+                runs behind a reverse proxy which sets this header.")
+            .long("trust_identity"))
         .get_matches()
 }
 
@@ -64,6 +69,8 @@ fn core_main() -> Result<(), Box<std::error::Error>> {
         .map(|p| p.parse().expect("Guaranteed by validator"))
         .unwrap_or(8080);
 
+    let trust_identity = args.is_present("trust_identity");
+
     let db_pool = db::create_pool(db_file)?;
     let cpu_pool = futures_cpupool::CpuPool::new_num_cpus();
 
@@ -74,7 +81,7 @@ fn core_main() -> Result<(), Box<std::error::Error>> {
         hyper::server::Http::new()
             .bind(
                 &SocketAddr::new(bind_host, bind_port),
-                move || Ok(site::Site::new(lookup.clone()))
+                move || Ok(site::Site::new(lookup.clone(), trust_identity))
             )?;
 
     println!("Listening on http://{}", server.local_addr().unwrap());
diff --git a/src/site.rs b/src/site.rs
index 6890fd9..2b8fff3 100644
--- a/src/site.rs
+++ b/src/site.rs
@@ -17,6 +17,8 @@ lazy_static! {
     static ref TEXT_HTML: mime::Mime = "text/html;charset=utf-8".parse().unwrap();
 }
 
+header! { (XIdentity, "X-Identity") => [String] }
+
 #[derive(BartDisplay)]
 #[template = "templates/layout.html"]
 pub struct Layout<'a, T: 'a + fmt::Display> {
@@ -36,11 +38,12 @@ struct InternalServerError;
 
 pub struct Site {
     root: WikiLookup,
+    trust_identity: bool,
 }
 
 impl Site {
-    pub fn new(root: WikiLookup) -> Site {
-        Site { root }
+    pub fn new(root: WikiLookup, trust_identity: bool) -> Site {
+        Site { root, trust_identity }
     }
 
     fn not_found(base: Option<&str>) -> Response {
@@ -91,8 +94,10 @@ impl Service for Site {
 
         println!("{} {}", method, uri);
 
-        header! { (XIdentity, "X-Identity") => [String] }
-        let identity: Option<String> = headers.get().map(|x: &XIdentity| x.to_string());
+        let identity: Option<String> = match self.trust_identity {
+            true => headers.get().map(|x: &XIdentity| x.to_string()),
+            false => None,
+        };
 
         let base = root_base_from_request_uri(uri.path());
         let base2 = base.clone(); // Bah, stupid clone