I'm trying to setup a Javascript client side , forwarding it through my server to avoid exposing my client id, but if the server makes the request, wouldn't its IP be the one logged in trakt's rate limiting ?

I wonder if i add this api in my node js server side for security issue of my client id, does trakt api support header[ 'X-Forwaded-For '] .

Yes, it would use that IP for rate limiting purposes and the IP can't be spoofed using a header.