WebRTC leak test
Detect whether WebRTC is exposing your real local or public IP behind a VPN.
Why WebRTC can expose your real IP
WebRTC is the browser technology that powers video calls and screen sharing without plugins. To connect two peers directly, the browser collects every IP address it can reach and uses them to find the best connection path. This process runs at the operating system level, which means it can bypass VPN routing entirely.
Any site can trigger this with a few lines of JavaScript. The browser contacts a STUN server (Google runs the most common one), which reports back your real public IP. That IP ends up in a candidate list that the page can read. If you are behind a VPN, this often reveals your actual ISP-assigned address rather than the VPN's exit address.
Public IP leak vs. local IP leak
A public IP leak is the serious one. It means a site can see your real IP even while you are connected to a VPN. Your location and ISP are visible despite the VPN.
A local IP leak exposes your internal network address (like 192.168.1.x). This reveals your home network layout but not your identity on the internet. Lower severity. Modern Chrome and Firefox replace local IPs with a randomized .local address to prevent this, so seeing a .local address in results is actually the browser doing the right thing.
Reading the results
Compare the IPs listed here against what shows on the What is my IP page. If they match, no leak. If this page shows an IP that looks like your home connection while the other page shows a different VPN address, WebRTC is bypassing your VPN.
How to stop WebRTC leaks
In Firefox, open about:config and set media.peerconnection.ice.no_host = true. This stops host candidate gathering while keeping WebRTC working for most video call sites. Setting media.peerconnection.enabled = false disables WebRTC entirely but will break video calls.
In Chrome and Edge, a VPN browser extension that binds WebRTC to the VPN interface is the most reliable fix. Brave has WebRTC protection built into its privacy settings.
The most reliable approach is a VPN with confirmed WebRTC protection that patches this at the client level, not just the browser.
Affiliate disclosure: some links below are partner links. If you sign up we may earn a commission, at no extra cost to you. It never affects our test results.
| VPN | Highlights | Price | |
|---|---|---|---|
| NordVPN | 6,000+ servers · Independently audited no-logs · Threat Protection · 6 devices | from $3.39/mo | View |
| Surfshark | Unlimited devices · CleanWeb ad/tracker block · RAM-only servers · Audited | from $2.19/mo | View |
| ExpressVPN | Lightway protocol · TrustedServer (RAM-only) · 94 countries · 24/7 support | from $6.67/mo | View |
| Proton VPN | Swiss privacy · Open-source + audited · Secure Core · Free tier available | from $4.99/mo | View |
| Atlas VPN | Unlimited devices · Free tier · SafeBrowse · WireGuard | from $1.83/mo | View |
| CyberGhost | 11,000+ servers · 45-day refund · Streaming-optimized · 7 devices | from $2.19/mo | View |