diff --git a/Setup-Reverse-Proxy.md b/Setup-Reverse-Proxy.md
index 7c2ff43..8732598 100644
--- a/Setup-Reverse-Proxy.md
+++ b/Setup-Reverse-Proxy.md
@@ -110,4 +110,4 @@ The crossed out sections aren't needed, they are leftovers from my experiments.
 
 If your reverse proxy has some kind of authentication mechanism, you can configure Calibre-web to log users in based on headers received from the proxy. If using this feature, it's important that only the proxy is exposed to users, because if the Calibre-web instance is at all directly exposed to traffic, then a malicious user will be able to log in as any user that exists via simply setting a header.
 
-In the admin configuration, check the box marked `Allow Reverse Proxy Authentication`, and then fill in the text box that appears with the name of the header that will contain the username.
+In the admin configuration, check the box marked `Allow Reverse Proxy Authentication`, and then fill in the text box that appears with the name of the header that will contain the username. If you pass a username that isn't present in the database, nothing will happen - the user must exist beforehand in order to login.