WebRTC Leak Test

Check which IP addresses your browser exposes through WebRTC — including leaks that slip past most VPNs.

No ICE candidates gathered

WebRTC appears to be disabled (by extension, setting, or network policy). No leak surface is available.

ICE Candidates

HTTP request IP: 216.73.217.177

No candidates were gathered.

    What is WebRTC and why does it leak?

    WebRTC is the web standard behind browser-based video calls, voice chat, screen sharing, and peer-to-peer file transfers. To set up a connection, it needs to discover how to reach your machine from the outside — which means it has to learn your public IP address before any peer ever reaches out to you.

    That discovery step, called ICE, queries STUN servers directly over UDP. It does not use your browser's HTTP proxy settings and is often oblivious to VPN tunnels that only forward the TCP traffic for page loads. The result: a website can invoke a few lines of JavaScript and instantly learn a public IP address your VPN was supposed to hide.

    How to read the results

    • hostA local-network IP, typically a 192.168.x.x or 10.x.x.x address. Reveals your LAN topology.
    • srflxYour public IP as returned by a STUN server. If this differs from the HTTP request IP, your VPN is leaking.
    • mDNSAn anonymized `*.local` placeholder. Safe — your browser is hiding the real LAN IP.
    • relayA TURN-relayed address. Only appears if a TURN server is configured.

    How to block WebRTC leaks

    Firefox: open about:config and set media.peerconnection.enabled to false.
    Chrome / Edge: install uBlock Origin and enable "Prevent WebRTC from leaking local IP addresses", or install the WebRTC Network Limiter extension.
    Brave: Settings → Privacy and security → WebRTC IP handling policy → Disable non-proxied UDP.
    Safari: WebRTC is gated behind camera/microphone permission; avoid granting it unless needed.
    OS-level VPN: use a VPN that installs a full tunnel (WireGuard, OpenVPN in TUN mode), not a browser proxy.

    Frequently Asked Questions

    What is a WebRTC leak?

    A WebRTC leak happens when a peer-to-peer API inside your browser reveals an IP address that is different from the one the website would see from an ordinary HTTP request. WebRTC uses STUN to discover your public IP for voice, video, and data channel connections, and that lookup often happens outside your VPN tunnel.

    How does this WebRTC leak test work?

    The test opens an RTCPeerConnection in your browser, creates a data channel, and asks the browser to gather ICE candidates from public STUN servers. Each candidate is an IP address your browser is willing to share with a peer. We list every unique address and compare the public ones against the IP the server saw when you loaded this page.

    What does "host", "srflx", and "mDNS" mean in the results?

    A host candidate is a local network address, such as your LAN IP. An srflx (server-reflexive) candidate is your public IP as seen by a STUN server on the internet. An mDNS candidate looks like a random UUID followed by `.local`; modern browsers use it to hide your LAN address. Seeing only mDNS candidates means your browser is protecting the information a malicious site could otherwise learn.

    Why does WebRTC leak around my VPN?

    WebRTC was designed to find the shortest network path between peers, so browsers query STUN servers independently of the rest of the page. On VPNs that only tunnel regular browser traffic or that use split tunneling, the STUN packet escapes through your real network interface and returns your real public IP. Kill switches at the application layer do not block this.

    How do I disable or block WebRTC in my browser?

    In Firefox, open about:config and set `media.peerconnection.enabled` to false. In Chrome and Edge, install the WebRTC Network Limiter or uBlock Origin and enable the "Prevent WebRTC from leaking local IP addresses" option under Settings → Privacy. In Safari, WebRTC is only enabled for pages you grant microphone or camera access to. Brave has a built-in toggle under Settings → Privacy → WebRTC IP handling policy.

    Does a VPN stop a WebRTC leak?

    Only if the VPN routes all outgoing UDP traffic through the tunnel, including the STUN handshake. VPNs that rely on browser proxy settings alone (including many HTTP/SOCKS proxies) do not intercept WebRTC. Full-tunnel VPN clients installed at the operating system level usually do. Re-run this test with your VPN connected to confirm.

    Is this test safe? What data is sent?

    The test runs entirely in your browser. It sends a standard STUN binding request to public Google and Cloudflare STUN servers, which reply with the IP they see. Browser Inspector does not capture or store any of the candidates; they are displayed on this page only.

    More Tools

    Full Browser Inspector

    See all 80+ data points your browser exposes

    What Is My IP?

    Check your public IP, location, and ISP

    What Is My Browser?

    Detect your browser, version, OS, and device type

    IPv6 Leak Test

    Check whether your IPv6 address leaks alongside your VPN's IPv4

    DNS Leak Test

    See which resolver answers your queries and whether it bypasses your VPN

    JavaScript Information

    Inspect your JS engine, supported features, and runtime capabilities

    Canvas Fingerprint

    See the unique image your browser renders and how trackers use it

    Geolocation API Test

    Check what coordinates your browser exposes via the Geolocation API

    TLS Client Test

    Inspect your ClientHello, cipher suites, and JA3 fingerprint

    Incognito / Private Mode Test

    Detect whether your browser is in Incognito or Private Browsing mode

    Further Reading

    What Is Browser Fingerprinting?

    Learn how sites track you without cookies

    Browser Privacy Comparison

    Chrome vs Firefox vs Safari vs Brave

    Browser Privacy Tips

    10 practical ways to harden your browser