For CIBA flows it doesn't always make sense for the client to send customer ip address or last logged in headers.
However it may be beneficial to send an identifier for the "consumption device", I've got this wording in the current draft of the FAPI CIBA profile:
In situations where the user does not control the consumption device, the client - shall not send x-fapi-customer-ip-address or x-fapi-customer-last-logged-time headers; - should send a x-fapi-device-id header which contains an identifier of the consumption device used by the customer. NOTE: It may be useful for an FI’s fraud systems to know the device that is the source of payment initiation requests, hence the recommendation for the x-fapi-device-id header.
I'd welcome feedback on this.