WebRTC Leak Test
Check whether your real IP address is exposed through WebRTC, even with a VPN on. Runs in your browser — clear verdict, no install.
Check for WebRTC leaks
We ask your browser for the network addresses any website could read via WebRTC right now.
What a WebRTC leak actually is
WebRTC powers in-browser calls, video chat and peer-to-peer transfers. To connect two devices directly it has to discover how they can be reached, so it collects a list of network addresses called ICE candidates — your local LAN address and, via a STUN server, your public IP. The catch: any web page can read that list with a few lines of JavaScript, without asking you.
That becomes a privacy problem when you are on a VPN. Your traffic may be tunnelled and encrypted, yet WebRTC can still surface the public IP your VPN is supposed to hide. The VPN app shows a reassuring green “Connected”, but a leak this quiet never trips that indicator — which is exactly why you check it directly.
How to read your results
The test sorts every address it finds into three buckets. Here is what each verdict means.
| What you see | Meaning |
|---|---|
| No public IP | WebRTC isn't exposing a routable address — the safe outcome. |
| Masked (.local) | Your browser is hiding your LAN address with mDNS. Expected and fine. |
| Public IP exposed | A page can read this address. On a VPN, confirm it is the VPN's IP and not your real one. |
How to run the test
- 1. If you use a VPN, connect it first and wait for it to settle.
- 2. Press Run the test and let your browser gather candidates.
- 3. Read the verdict and compare any public IP with the address you expect.
- 4. Cross-check with the DNS leak test and the VPN test for the full picture.
Frequently asked questions
What is a WebRTC leak? +
WebRTC is a browser feature for real-time voice, video and data. To connect peers it gathers your network addresses (ICE candidates) — and a web page can read them with JavaScript. If you are on a VPN but WebRTC still reports your real public IP, that address has leaked despite the tunnel.
Does a WebRTC leak mean my VPN is broken? +
Not necessarily. The tunnel can still encrypt your traffic while WebRTC reveals a separate address. A solid VPN either forces WebRTC through the tunnel or its browser extension blocks the API. If the IP shown here is your home IP rather than the VPN's, that is a real leak.
Why do I see addresses ending in .local? +
Modern browsers replace local IPs with random mDNS hostnames (something.local) so pages cannot read your LAN address. That is expected and is a sign your browser is protecting you, not a leak.
How do I stop WebRTC leaks? +
You can disable WebRTC or install an extension that blocks it, use a VPN that handles WebRTC at the system level, or use a browser with built-in leak protection. Re-run this test afterwards to confirm no public address is exposed.
Is this test private? +
Yes. Everything runs in your browser using the standard WebRTC API and a public STUN server to discover your candidates. We do not store the addresses we find.
If you found a leak, here's what to do next
A public IP showing through WebRTC means a website can tie your activity back to your network. The most reliable fix is a VPN that handles WebRTC at the system level (or ships a browser extension that blocks it), paired with DNS-leak protection. Security suites that bundle a VPN and tracker-blocking add another layer if you want one tool for everything.
Some links on this site are affiliate links — we may earn a commission, at no extra cost to you. It never changes our verdicts or what the test reports.