WebRTC Leak Test

A WebRTC leak occurs when your browser's WebRTC (Web Real-Time Communication) feature reveals your real local or public IP address to websites — even when connected to a VPN, because WebRTC bypasses proxy tunnels to find the fastest peer-to-peer path. To test for WebRTC leaks: click Run Leak Test above — the tool queries all ICE candidates your browser exposes and compares them against your visible public IP. If your local IP (e.g., 192.168.x.x) or a public IP different from your VPN's exit IP appears, your VPN has a WebRTC leak. The test runs entirely in your browser — no IPs are logged.

What is a WebRTC Leak?

WebRTC (Web Real-Time Communication) is a technology that allows browsers to communicate directly with each other for voice, video, and data sharing without needing intermediate servers. While useful, it can sometimes bypass your VPN and reveal your true IP address to websites.

Why Should I Care?

If you use a VPN to protect your privacy, a WebRTC leak can undermine your efforts by exposing your real location and identity. This test checks if your browser is inadvertently leaking your local or public IP addresses.

When to Run a WebRTC Leak Test

• After installing a VPN: Confirm expected privacy behavior.
• After browser updates: Settings can reset or change default behavior.
• Before using sensitive sites: Ensure no unintended exposure.

How This Test Works

The tool uses your browser's WebRTC APIs to collect ICE candidates, which may reveal local and public IP addresses. These results are shown in two lists so you can see whether any public IP is exposed.

Common Leak Scenarios

• VPN bypass: The browser exposes a public IP that differs from your VPN exit node.
• Local IP exposure: Internal addresses appear and reveal private network ranges.
• Dual-stack networks: IPv6 routes can leak even when IPv4 is protected.

Interpreting Results

• Public IPs: These are the most privacy-sensitive and can reveal your network location.
• Local IPs: These usually show your internal network addresses and are lower risk.
• No candidates: This often means WebRTC is blocked or disabled in your browser.

Local vs Public IPs

Local IP ranges (like 192.168.x.x) are used inside your network, while public IPs are visible to the internet. Public exposure is the primary privacy concern.

Privacy and VPN Testing Tips

• Run the test with your VPN on, then off, to compare exposure.
• Try multiple browsers to confirm consistent behavior.
• Re-test after browser updates or new extensions.

Privacy Checklist

• Confirm your VPN connection is active before testing.
• Disable unnecessary extensions that might override settings.
• Repeat the test after changing networks.

How to Fix It

If a leak is detected, you can often disable WebRTC in your browser settings or use a browser extension designed to block WebRTC leaks.

Mitigation Options

• Browser settings: Some browsers allow limiting WebRTC IP handling.
• Extensions: Privacy add-ons can block WebRTC or prevent IP exposure.
• VPN features: Some VPNs provide built-in WebRTC leak protection.

Impact on Everyday Apps

WebRTC powers many video calls and real-time collaboration tools. If you disable WebRTC, test those apps to ensure they still function as expected.

Troubleshooting

• No results appear: WebRTC may be disabled or blocked by a privacy extension.
• Only local IPs show: Your VPN may be masking public IP exposure correctly.
• Unexpected public IP: Confirm your VPN connection and server location.

Understanding WebRTC in Detail

WebRTC (Web Real-Time Communication) is an open-source project providing browsers and mobile applications with real-time communication capabilities via simple APIs. It enables peer-to-peer audio, video, and data sharing without requiring plugins or native applications.

How WebRTC Works

• Peer-to-peer communication: Establishes direct connections between browsers, bypassing traditional server relay models.
• ICE (Interactive Connectivity Establishment): Discovers the best path to connect peers through NAT traversal.
• STUN servers: Help determine your public IP address and port by querying external servers.
• TURN servers: Act as relays when direct peer connections aren't possible (firewall/NAT restrictions).
• SDP (Session Description Protocol): Exchanges media capabilities and connection information between peers.
• ICE candidates: Possible network addresses (local, public, relay) that WebRTC gathers for connection establishment.

Common WebRTC Use Cases

• Video conferencing: Zoom, Google Meet, Microsoft Teams, Discord video calls.
• Voice calls: WhatsApp Web, Telegram Web, browser-based phone systems.
• Screen sharing: Collaboration tools, remote support, online presentations.
• File transfer: Peer-to-peer file sharing without uploading to servers (ShareDrop, Snapdrop).
• Gaming: Browser-based multiplayer games with real-time communication.
• Live streaming: Low-latency streaming platforms and interactive broadcasts.

What is a WebRTC Leak?

A WebRTC leak occurs when your browser exposes your real IP address through WebRTC ICE candidates, even when you're using a VPN or proxy to hide your identity. This happens because WebRTC operates at a lower network level and can bypass VPN tunnels.

Types of IP Leaks

• Public IP leak (High Risk): Your real public IP address is exposed, revealing your ISP and approximate location. This completely bypasses VPN protection.
• Local IP leak (Low to Medium Risk): Your internal network IP (192.168.x.x, 10.x.x.x) is exposed. This reveals your network structure and can be used for fingerprinting.
• IPv6 leak (High Risk): Even when IPv4 is protected, IPv6 addresses can leak and uniquely identify you.
• DNS leak (High Risk): While not WebRTC-specific, DNS queries can bypass VPN and reveal browsing activity.

Why WebRTC Leaks Happen

• Direct network access: WebRTC can query STUN servers independently of browser proxy settings.
• VPN implementation: Some VPNs don't properly intercept WebRTC traffic at the system level.
• Browser design: Browsers prioritize WebRTC functionality over privacy by default.
• Multiple network interfaces: Systems with Wi-Fi + Ethernet or VPN + physical network expose multiple addresses.
• IPv6 routes: IPv6 traffic may not route through VPN tunnel if IPv6 isn't properly configured.

Leak Risk Assessment

High Risk: Public IP Exposure

If the test shows your real public IP address (not the VPN's IP), you have a critical privacy leak:

• Identity exposure: Websites can see your real ISP and approximate location despite VPN.
• VPN bypass: Your anonymity is completely compromised.
• Tracking: Advertisers and trackers can link your real IP to browsing activity.
• Geographic restrictions: Content blocking based on real location, not VPN location.
• Immediate action required: Disable WebRTC or use leak protection immediately.

Medium Risk: IPv6 Leak

IPv6 addresses are globally unique and can identify you even if IPv4 is protected:

• Unique identifier: IPv6 addresses are assigned permanently to devices in some networks.
• VPN misconfiguration: Many VPNs only tunnel IPv4, leaving IPv6 exposed.
• Solution: Disable IPv6 at OS level or ensure your VPN supports IPv6 tunneling.

Low Risk: Local IP Exposure

Local IPs (192.168.x.x, 10.x.x.x) are less sensitive but still reveal information:

• Network structure: Reveals you're behind NAT and your internal network range.
• Fingerprinting: Can be combined with other data (browser, timezone) to create unique fingerprints.
• Corporate networks: Internal IP ranges can identify specific organizations.
• Lower priority: Not immediately critical but consider blocking for maximum privacy.

Detailed Leak Prevention Methods

Method 1: Browser Settings (Best for Most Users)

Firefox:

• Navigate to about:config in the address bar.
• Accept the risk warning.
• Search for media.peerconnection.enabled.
• Set to false to completely disable WebRTC.
• Partial protection: Set media.peerconnection.ice.default_address_only to true (limits IP exposure without breaking WebRTC).
• Impact: Video calls and WebRTC apps will not work if fully disabled.

Chrome/Edge (Chromium):

• Chrome doesn't offer native settings to disable WebRTC.
• Use command-line flag: --disable-webrtc (requires launching browser with custom flags).
• Best option: Use browser extensions (see Method 2).

Safari:

• Safari has better default privacy for WebRTC.
• Navigate to Preferences → Privacy → Website tracking: Prevent cross-site tracking (enabled by default).
• WebRTC in Safari respects VPN tunnel better than other browsers.

Brave:

• Navigate to brave://settings/privacy.
• Scroll to "WebRTC IP handling policy".
• Select "Disable non-proxied UDP" (best balance of privacy and functionality).
• Alternative: "Disable non-proxied UDP (hide public IP)" for maximum protection.

Method 2: Browser Extensions

WebRTC Leak Prevent (Chrome/Edge):

• Prevents WebRTC from leaking your IP address without completely disabling it.
• Allows WebRTC to function but restricts IP exposure to VPN interface only.
• Download from Chrome Web Store: "WebRTC Leak Prevent".

uBlock Origin (All Browsers):

• Popular ad blocker with built-in WebRTC leak protection.
• Enable in settings: "Prevent WebRTC from leaking local IP addresses".
• Works on Chrome, Firefox, Edge, and other Chromium browsers.

Privacy Badger (All Browsers):

• EFF's privacy tool with WebRTC protection features.
• Automatically blocks tracking and can be configured to restrict WebRTC.

Method 3: VPN with Built-in Protection

Modern VPN providers offer integrated WebRTC leak protection:

• NordVPN: CyberSec feature blocks WebRTC leaks (enable in app settings).
• ExpressVPN: Automatic WebRTC leak prevention in browser extension.
• ProtonVPN: NetShield blocks WebRTC leaks in premium plans.
• Mullvad: Strong default leak protection, recommended for privacy-focused users.
• Verification: Always test with leak detection tools even when using VPN protection.

Method 4: System-Level IP Restrictions

Disable IPv6 (if VPN doesn't support it):

• Windows: Network Adapter Settings → Properties → Uncheck "Internet Protocol Version 6 (TCP/IPv6)".
• macOS: System Preferences → Network → Advanced → TCP/IP → Configure IPv6: Off.
• Linux: sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
• Impact: Some modern services prefer IPv6; disabling may affect performance on IPv6-only networks.

Firewall Rules:

• Configure firewall to block STUN server access (ports 3478 UDP/TCP, 19302 UDP).
• Block common STUN servers: stun.l.google.com, stun.services.mozilla.com.
• Warning: This breaks WebRTC functionality completely.

Testing Your Protection

Step-by-Step Verification Process

1. Baseline test (No VPN): Run this test without VPN to see your real public IP and local IPs. Record the results.
2. Connect to VPN: Activate your VPN and verify connection is established.
3. Check IP change: Use "My IP Address" tool to confirm your public IP now shows VPN server location.
4. Run WebRTC leak test: Run this test again. Public IPs should now show ONLY the VPN's IP, not your real IP.
5. Compare results: If your original public IP appears in the leak test, you have a leak.
6. Test IPv6: If you see IPv6 addresses starting with 2xxx:xxxx, check if they belong to your ISP (leak) or VPN (protected).
7. Multiple browsers: Repeat the test in different browsers (Chrome, Firefox, Edge) as leak behavior varies.

Expected Results (Protected)

• Public IPs: Should show ONLY your VPN server's IP, not your ISP's IP.
• Local IPs: May show internal network IPs (192.168.x.x) — this is expected and low risk.
• IPv6: Should show NO IPv6 addresses, or only VPN-assigned IPv6 addresses.
• No results: If no candidates appear, WebRTC is successfully blocked (safest result).

Expected Results (Leaking)

• Your ISP's public IP appears: Critical leak. Disable WebRTC or use better VPN.
• Your ISP's IPv6 address appears: IPv6 leak. Disable IPv6 or configure VPN to tunnel it.
• Multiple public IPs (ISP + VPN): Partial leak. VPN is not capturing all WebRTC traffic.

Impact of Disabling WebRTC

Services That Will Break

• Video conferencing: Zoom, Google Meet, Microsoft Teams, Discord, Slack calls (web versions).
• Voice calls: WhatsApp Web, Telegram Web, Facebook Messenger (web calls).
• Screen sharing: Collaboration tools like Miro, Figma live sessions, remote support tools.
• P2P file sharing: ShareDrop, Snapdrop, Resilio Sync (web interface).
• Browser-based gaming: Real-time multiplayer games using WebRTC for communication.
• Live streaming: Some streaming platforms use WebRTC for low-latency viewer interaction.

Services That Will Still Work

• Standard web browsing: All websites, shopping, banking, social media (non-call features).
• Streaming video: Netflix, YouTube, Hulu, Disney+ (use HLS/DASH, not WebRTC).
• Downloaded apps: Native apps (Zoom desktop, Slack desktop) don't rely on browser WebRTC.
• Text communication: Chat, email, forums, social media messaging.

Balanced Approach

• Use restrictive settings, not full disable: Firefox's media.peerconnection.ice.default_address_only or Brave's "Disable non-proxied UDP" maintain functionality while limiting leaks.
• Enable on-demand: Disable WebRTC by default, enable temporarily when needed for video calls.
• Use native apps: For critical services (work video calls), use desktop apps instead of web versions.
• Separate browsers: Use one browser with WebRTC enabled for calls, another with WebRTC disabled for general browsing.

Advanced Troubleshooting

Issue: Test Shows No Results

• Cause: WebRTC is completely disabled, blocked by extension, or browser doesn't support WebRTC.
• Verification: Try visiting test.webrtc.org to confirm WebRTC functionality.
• Privacy implication: This is the safest result — no WebRTC means no leak.

Issue: Only Local IPs Appear

• Cause: Public IP is protected but local network IPs are still exposed.
• Assessment: This is acceptable for most privacy needs. Public IP leak is the critical risk.
• Further protection: Use browser extension to block all ICE candidates if you want zero exposure.

Issue: VPN IP Appears Alongside Real IP

• Cause: VPN is partially working but not capturing all WebRTC traffic.
• Solution: Use VPN's built-in leak protection feature. Switch to system-wide VPN (not browser extension VPN). Disable IPv6 if VPN doesn't tunnel it.

Issue: Different Results in Different Browsers

• Cause: Browsers implement WebRTC differently and have different default privacy settings.
• Safari: Generally most privacy-respecting for WebRTC (respects VPN tunnel better).
• Firefox: Good privacy if configured correctly with about:config tweaks.
• Chrome/Edge: Most permissive by default, requires extensions for protection.
• Brave: Best privacy out-of-the-box with built-in WebRTC protection.

Privacy and Security Best Practices

• Test regularly: Run WebRTC leak tests monthly, especially after browser updates or VPN changes.
• Use multiple tests: Cross-verify with different leak test sites (ipleak.net, browserleaks.com, this tool).
• VPN + Tor combination: For maximum anonymity, use VPN → Tor Browser (Tor Browser disables WebRTC by default).
• Separate browsing contexts: Use containers (Firefox Multi-Account Containers) or profiles to isolate WebRTC-enabled browsing.
• Monitor all leak types: Check WebRTC, DNS, IPv6, and time zone leaks together for comprehensive privacy assessment.
• Update VPN software: VPN clients update leak protection mechanisms regularly — keep software current.
• Avoid browser-based VPNs: System-wide VPN applications provide better leak protection than browser extension VPNs.
• Kill switch: Enable VPN kill switch to block all traffic if VPN disconnects (prevents accidental leaks).
• Read VPN privacy policy: Confirm your VPN provider has a no-logs policy and is independently audited.
• Consider threat model: Evaluate if WebRTC risk justifies disabling functionality you need. Not everyone requires maximum anonymity.

Frequently Asked Questions

Does this test store or log my IP addresses?

No. This test runs entirely locally in your browser using JavaScript. The WebRTC API queries are performed by your browser directly without any data being sent to our servers. All IP addresses discovered (local and public) remain on your device and are never stored, logged, or transmitted to external services.

Is a local IP leak (192.168.x.x) dangerous?

Local IP leaks are low to medium risk. They reveal your internal network structure (that you're behind NAT, your network range) but don't expose your geographic location or ISP. However, local IPs can be used for fingerprinting when combined with other browser data. Corporate networks with specific internal IP schemes can be identified. For maximum privacy, block local IP exposure, but it's not as critical as public IP leaks.

Will disabling WebRTC break my video calls?

Yes. Completely disabling WebRTC will prevent browser-based video and voice calls from working (Zoom web, Google Meet, Discord, etc.). Solutions: (1) Use native desktop apps instead of web versions — these don't rely on browser WebRTC. (2) Use partial restrictions like Firefox's default_address_only setting or Brave's "Disable non-proxied UDP" which maintain functionality while limiting leaks. (3) Enable WebRTC only when needed for calls, disable for general browsing.

Can browser extensions affect leak test results?

Yes. Privacy extensions (uBlock Origin, Privacy Badger, WebRTC Leak Prevent) intentionally block or restrict WebRTC to prevent leaks. Ad blockers may also interfere with WebRTC. If your test shows no results, check if extensions are blocking WebRTC. To test your true leak status, run the test in an incognito/private window with extensions disabled, then compare with your normal browsing configuration.

Should I worry if only local IPs appear in the leak test?

No, this is acceptable for most users. It means your public IP is protected (not leaking), but your internal network IPs are exposed. Local IPs (192.168.x.x, 10.x.x.x) don't reveal your geographic location or ISP. The critical risk is public IP leaks. If you want absolute maximum privacy, use browser settings or extensions to block all ICE candidates, but for most threat models, blocking public IP leaks is sufficient.

What's the difference between WebRTC leak and DNS leak?

WebRTC leak: Your IP address is exposed through WebRTC ICE candidates, bypassing VPN protection. DNS leak: Your DNS queries are sent to your ISP's DNS servers instead of routing through VPN, revealing which websites you're visiting. Both bypass VPN protection but expose different information. You should test for both — use a DNS leak test alongside this WebRTC test for comprehensive privacy assessment.

Why does my VPN provider claim they have leak protection but I still see a leak?

VPN leak protection quality varies significantly. Some VPNs only protect against DNS leaks, not WebRTC leaks. Browser extension VPNs (proxy-based) often don't capture WebRTC traffic at the system level. Solutions: Use system-wide VPN applications (not browser extensions). Enable the VPN's built-in WebRTC leak protection feature if available. Use browser settings or extensions to disable WebRTC independently of VPN. Test after configuration changes to verify protection.

Do I need to worry about WebRTC leaks if I'm not using a VPN?

If you're not using a VPN, WebRTC is simply showing your actual public IP — this is not a "leak" because you're not trying to hide your identity. However, if you're concerned about privacy in general, WebRTC does expose your local network IPs which can be used for fingerprinting. Even without VPN, you may want to restrict WebRTC for reduced tracking, especially on privacy-sensitive sites.

Can WebRTC leaks expose my physical address or exact location?

No. WebRTC leaks expose your public IP address, which can be geolocated to an approximate location (city or region, typically 25-100km radius). It does not reveal your street address, coordinates, or exact location. IP geolocation accuracy varies — mobile networks often show carrier hub locations hundreds of kilometers away. For precise location tracking, GPS or other methods would be needed, not just IP address.

Which VPN is best for preventing WebRTC leaks?

VPNs with strong leak protection include: Mullvad (excellent default privacy), ProtonVPN (Swiss privacy laws, NetShield), IVPN (privacy-focused, open source), and NordVPN (CyberSec feature). Key features to look for: system-wide VPN application (not browser extension), IPv6 leak protection, built-in WebRTC leak blocking, kill switch, no-logs policy (independently audited), and WireGuard or OpenVPN protocol support. Always test yourself after connecting — don't rely solely on VPN claims.

Is Safari more private than Chrome for WebRTC?

Yes. Safari has more privacy-respecting WebRTC defaults compared to Chrome. Safari better respects VPN tunnels and has stricter ICE candidate gathering policies. Chrome exposes more information by default and doesn't offer native WebRTC disabling options (requires extensions). For privacy-focused browsing: Best: Tor Browser (WebRTC disabled by default), Good: Brave, Safari, Firefox (with about:config tweaks), Weakest: Chrome, Edge (require extensions for protection).