How do I test for a WebRTC leak?

Connect to your VPN, then visit an IP/DNS leak test page and compare the IP shown under WebRTC with your actual IP. If your real ISP-assigned IP appears in the WebRTC section, you have a leak.

How do I fix a WebRTC leak?

Use a VPN that blocks WebRTC leaks, disable or limit WebRTC at the browser level, or use extensions that control WebRTC behavior. Then re-test to confirm the fix.

WebRTC Leak Explained – What It Is, How to Test, and Fixes (2025)

Q: What is a WebRTC leak?

A WebRTC leak occurs when your browser exposes your real IP address via WebRTC APIs (like STUN) even while using a VPN or proxy. Sites can query local and public IPs through the browser's real-time communication features.

What Is WebRTC?

WebRTC (Web Real-Time Communication) is a browser technology that enables voice/video calls and peer-to-peer (P2P) data transfer without plugins. To connect peers, WebRTC uses techniques like STUN and ICE to discover your reachable addresses.

Why this matters: During this discovery, your browser can expose local and public IP addresses. Some websites can read these values—even when a VPN is connected—unless your setup prevents it.

What Is a WebRTC Leak?

A WebRTC leak happens when a site can obtain your real ISP-assigned public IP (or local IPs) via the browser's WebRTC APIs. If your VPN is active but WebRTC still reveals your real IP, trackers and sites can identify you and your location.

Leaked values often show up under "WebRTC" or "RTCICECandidate" in leak-test tools.
If the displayed WebRTC IP matches your true ISP IP (not the VPN IP), you're leaking.
Some browsers/app versions differ in how aggressively they expose candidates.

How to Test for a WebRTC Leak (2 minutes)

Connect to your VPN.
Open our VPN Leak Test in a new tab.
Compare the WebRTC section with your known ISP IP (find it by disconnecting the VPN and visiting the same page briefly).
If your real IP appears under WebRTC while VPN is on, you have a leak.

Pro tip: Re-run the test after each fix below until WebRTC shows only VPN or private addresses.

Quick Fixes by Browser

Chrome & Brave

Visit chrome://flags → search "WebRTC" and set related flags to reduce local IP exposure (exact labels vary by version).
Install a reputable extension that limits WebRTC (e.g., "WebRTC Network Limiter").
Use a VPN app that blocks WebRTC leaks at the network layer.

Firefox

Go to about:config.
Set media.peerconnection.enabled to false to fully disable WebRTC (breaks web calls).
Or set media.peerconnection.ice.default_address_only to true to restrict exposure.

Safari (macOS/iOS)

Safari limits some exposure by default, but leaks can still occur via WebRTC in certain contexts.
Keep macOS/iOS updated; test regularly.
Use a VPN that forces private DNS and blocks WebRTC leaks.

Edge

Similar to Chrome: check edge://flags for WebRTC options.
Use an extension to limit WebRTC where needed.
Confirm with a leak test after changes.

Heads up: Disabling WebRTC can break video calls and web-conferencing. Prefer limiting exposure or using a VPN that mitigates WebRTC leaks instead of fully disabling it—unless you don't need calls.

Best Long-Term Fixes

Use a VPN with WebRTC leak protection (blocks offending requests and uses private DNS).
Force secure DNS (DoH/DoT) within the VPN app or OS where available.
Re-test regularly after browser/OS updates.

Our trusted picks for preventing WebRTC leaks:

Get NordVPN Try Surfshark

or compare options on Best VPNs for Privacy.

Extra Notes (STUN/TURN & Corporate Networks)

STUN/TURN servers: WebRTC uses STUN to discover public-facing IPs. TURN relays traffic when direct P2P is blocked. Tweaks won't stop STUN address discovery unless limited by the browser/VPN.
Enterprise: If you manage a network, consider policy-level controls and DNS filtering, and test across managed browsers.

Summary

WebRTC enables real-time communication but can reveal your real IP if misconfigured. Test with our leak tool, apply browser-specific limits, and use a VPN with robust leak protection. Re-test after each change.