How can I debug `craftwebUser::_validateUserAgentAndIp()` warnings

On a production site, we’re seeing a ton of the following warning in our web.log files for (seemingly) every request, creating a ton of noise in the logs and making it hard to spot “real” issues:

<DATE> [-][-][-][warning][craftwebUser::_validateUserAgentAndIp] Request didn’t meet the user agent and IP requirement for maintaining a user session.

Under the hood craftwebUser::_validateUserAgentAndIp() does the following

private function _validateUserAgentAndIp(): bool
{
    if (!Craft::$app->getConfig()->getGeneral()->requireUserAgentAndIpForSession) {
        return true;
    }
    $request = Craft::$app->getRequest();
    if ($request->getUserAgent() === null || $request->getUserIP() === null) {
        Craft::warning('Request didn’t meet the user agent and IP requirement for maintaining a user session.', __METHOD__);
        return false;
    }
    return true;
}

As far as I can see, (for front end templates at least) craft.app.request.userAgent and craft.app.request.userIP are correctly populated with the UA and IP respectively, so I’m not sure why/how Craft is throwing this warning.

We don’t see the same issue in dev / staging environments, so I know this is likely to be a configuration issue, but I’m asking this question to try and understand what’s going on so I have some idea of what to look for.

Question:

• What should I look for / how can I debug what’s causing this issue?

(Note: I know I could turn requireUserAgentAndIpForSession off in config/general.php, but I don’t really want to do that from a security POV)

Notes:

• This is on a site running Craft 3.3.13 (latest at time of writing)
• It’s in a load-balanced environment
• We’re using nginx as our webserver