▓▒░ /webrtc-leak-test ░▒▓

WebRTC Leak Test

Find out if your browser leaks your real IP via WebRTC, even when a VPN is on. Runs in 2 seconds, all in your browser.

★ isvpnworking.com - Live Status Window
_
×
⚡ live status check ⚡
checking . . .
running 3 tests on your connection, hold tight
FYI we're checking your IP, location, and 3 types of leaks. all in your browser, nothing sent to us.
visible IP →
they think you're in →
VPN brand detected →
tested at →
--:--:--
┌─ LEAK DETECTION RESULTS ─┐
▸ webrtc test peer-to-peer ip leak
running…
▸ dns test domain query leak
running…
▸ ipv6 test protocol exposure
running…
★ TOP PICKS ★

VPNs that actually don't leak.

tested by us · using our own tool · we're picky
#1 BEST
NordVPN
$3.39/mo
our paranoid friend uses this one
click me ↗
#2 CHEAP
Surfshark
$2.49/mo
unlimited devices, decent speed
click me ↗
#3 ANON
Mullvad
$5/mo
accepts cash. literal envelopes.
click me ↗
★ How WebRTC leaks happen and how to stop them
_
×

Quick version: a VPN can hide your real IP from websites you visit, but a single line of JavaScript using WebRTC can ask your operating system for your real IP behind the VPN's back. If your VPN doesn't block this at the firewall, you leak.

Why WebRTC was designed to expose your IP

WebRTC stands for Web Real-Time Communication. It's the technology behind in-browser video calls, voice chat in Discord, screen sharing in Google Meet, file transfers in services like FilePizza, and peer-to-peer multiplayer games. The whole point of WebRTC is to connect two browsers directly, without a server in between, to keep latency low.

To make a peer-to-peer connection work through home routers, NAT, and corporate firewalls, WebRTC needs to know every possible network address a browser can be reached at. It asks the operating system: "what are all your network interfaces?" and the OS dutifully replies with the local LAN IP, the public IP, and any other addresses - including the one your VPN sits on top of, but also the one underneath it.

The browser then offers all of those addresses to the other peer in what WebRTC calls "ICE candidates". And here's the part that nobody asked for: any website you visit can open a "fake" WebRTC connection without your permission, harvest those candidates, and discover your real IP behind the VPN.

What our WebRTC leak test actually does

We run the same code an attacker would run, but display the result back to you instead of phoning home. Specifically:

  • Open RTCPeerConnection targeting two public Google STUN servers
  • Create a dummy data channel and an offer (the OS now generates ICE candidates)
  • Listen for onicecandidate events for 2.2 seconds
  • Extract every IPv4 address from the candidate strings
  • Filter out private/loopback addresses (192.168.x, 10.x, 127.0.0.1)
  • Compare the remaining public IPs against your HTTP-visible IP

If WebRTC reports a public IP that doesn't match your HTTP IP, you have a leak. If WebRTC is disabled or the browser blocks STUN entirely, we show "OFF". If WebRTC reports the same IP as HTTP, you're safe - your VPN is routing or blocking WebRTC properly.

How to fix a WebRTC leak (best to worst)

1. Switch to a VPN that blocks WebRTC at the firewall

The cleanest fix. Good VPN clients install OS-level firewall rules that drop any traffic to STUN servers outside the VPN tunnel. WebRTC keeps working - the requests just go through the VPN, so the IP it discovers is the VPN's IP, not yours. NordVPN, ProtonVPN, and Mullvad all do this by default on desktop. Surfshark does it via its kill-switch feature.

2. Use a browser that hides local IPs in WebRTC

Brave obscures local IPs by default. Firefox can be configured: type about:config, set media.peerconnection.ice.default_address_only to true. Chrome and Edge don't have a built-in option without an extension.

3. Disable WebRTC entirely (breaks video calls)

In Firefox, set media.peerconnection.enabled to false. In Chrome and derivatives, install uBlock Origin -> Settings -> "Prevent WebRTC from leaking local IP addresses". This kills WebRTC for that browser - any video call site will fail to connect. Use a separate browser profile for video calls if you go this route.

4. Browser extensions specifically for this

"WebRTC Control" and "WebRTC Network Limiter" exist in the Chrome Web Store. They work, but they're third-party and one of them was caught injecting ads in 2023. Stick with uBlock Origin's setting if you can.

How to know if your fix worked

Run this test again with your VPN on. The "webrtc test" badge should read SAFE in green. If you see LEAK in red, the leak is still happening - try a different VPN server, restart the VPN client, or apply one of the browser-side fixes above.

A useful sanity check: turn the VPN off, run the test, note the IP. Turn the VPN back on, run again. If the WebRTC-detected IP changed to a VPN-server-looking address (or the test shows SAFE), you're good. If the WebRTC-detected IP is still your home IP, you're leaking.

Bottom line

WebRTC leaks are the single most common way VPNs fail without users noticing. The VPN client says "Connected", the IP-checker websites show the VPN country, but a webpage you visit can still see your real home IP via WebRTC and link your activity back to you. Test once, fix it, then forget about it - or use a VPN that handles this for you out of the box.

FAQ
What is a WebRTC leak in plain English? [+]

WebRTC is a browser feature designed for video calls and peer-to-peer connections (Zoom, Discord, Google Meet, multiplayer games). To make those work through firewalls, WebRTC asks your operating system 'what are all your network interfaces?' and shares them with the website. Including the one your VPN is supposed to be hiding. The result: a web page can run a tiny piece of JavaScript and see your real home IP, even though your VPN says you're in another country.

How does this WebRTC test work? [+]

Your browser opens a temporary RTCPeerConnection against Google's public STUN servers. STUN responses contain ICE candidates - one of which usually exposes the real IP. Our test reads those candidates and compares them against the IP your HTTP request comes from. If the candidate IP differs from the HTTP IP and is a public address, that's a leak.

How do I fix a WebRTC leak? [+]

Three options, in order of effectiveness: (1) Use a VPN that blocks WebRTC at the OS firewall level - NordVPN, Mullvad and ProtonVPN all do this on Windows/macOS; (2) Install a browser extension like 'WebRTC Control' or 'uBlock Origin' (advanced settings -> 'Prevent WebRTC from leaking local IP') and disable WebRTC; (3) In Firefox, set 'media.peerconnection.enabled' to false in about:config. The browser-side fix breaks video calls though, so a good VPN is the right answer.

Why does Brave show 'safe' even without a VPN? [+]

Brave by default obscures local IPs in WebRTC, so our test shows safe. That doesn't mean your real public IP is hidden - websites still see it via the normal HTTP connection. WebRTC test passing in Brave just means WebRTC specifically isn't an additional leak source. You'd still want a VPN for actual privacy.

Is WebRTC always bad? [+]

No - WebRTC is essential for browser video calls, file transfers, real-time multiplayer. Disabling it breaks legitimate apps. The fix isn't 'kill WebRTC', it's 'route WebRTC through the VPN tunnel' - which a properly configured VPN does automatically.