I stumbled upon this when I wanted to use the hola! plugin for Chrome, which helps you to pretend to be from a different country when you visit websites. This is helpful if the site contains content, that is blocked in other countries.
When you do a simple IP lookup it perfectly works and shows a IP with geolocation in the selected country. However I wondered how well it masks all my outgoing connections.

A regular HTTP request shows the masked IP as wanted:

<?php
echo '<script>var ip1="'.getenv('REMOTE_ADDR').'";</script>'; // or $_SERVER['REMOTE_ADDR']
?>

However receiving something from a different domain inside the page reveals your real IP:

<script src="http://www.DIFFERENT_DOMAIN.com/get_my_ip.js"></script>

...with the JS-file having i.e. this code:

<?php
header('Content-Type: text/javascript; charset=UTF-8');
echo 'var ip2="'.getenv('REMOTE_ADDR').'";';
?>

I edited the .htaccess for the JS-file to interpret PHP:

AddHandler x-mapp-php5 .js

Do a simple check with jQuery:

<script>
$(document).ready(function() {
if (ip1 != ip2) alert("You surf undercover and your real IP is "+ip2);
});
</script>

Test your hola! by pressing "Eigene IP" on my tool page. If it detects a different one, it'll show both.