Is Your Browser
Leaking Your Real IP?

WebRTC is a browser feature that can silently reveal your real public and local IP addresses — even when your VPN is connected. This test uses RTCPeerConnection and a public STUN server to catch that leak in seconds. Runs 100% in your browser. Nothing sent to our servers.

Quick answer: If the WebRTC Public IP below matches your VPN provider (not your ISP), you're safe. If any candidate shows your real ISP-assigned IP address while your VPN is on, WebRTC is leaking your real identity and your VPN is only providing partial protection.

Live WebRTC Leak Detection

Every IP your browser is willing to reveal

Runs 100% in your browser · Nothing is stored

What each row means.

01

WebRTC Public IP

Discovered via a STUN request. If your VPN is on, this should match your VPN exit node. If it matches your real ISP-assigned IP, WebRTC is leaking around the tunnel.

02

Comparison IP

Your public IP fetched through a normal HTTPS request. Compare it to the WebRTC IP above. When your VPN works correctly, both values match — and both point to the VPN, not your home ISP.

03

Local IP Candidates

Private addresses like 192.168.x.x or 10.x.x.x. These are your device's local network addresses. Sites usually can't see them — WebRTC can. Not a security emergency, but a privacy signal you should know about.

04

Verdict

We compare the WebRTC Public IP against your Comparison IP and report whether they match. A mismatch during a VPN session is a definitive leak. A perfect match while your VPN is on is a green light.

Every VPN says leaks can't happen. CyberFence proves it every hour.

If WebRTC just leaked your real IP, browser-only fixes get you 80% of the way there — but the kill switch is what closes the last 20%. CyberFence Complete combines VPN + Breach Monitor + Web Shield with an always-on kill switch that prevents WebRTC and DNS candidates from ever escaping the tunnel.

  • Kill switch blocks all traffic if the VPN drops (no WebRTC leaks during reconnect)
  • Forced-tunnel DNS on every platform — Mac, Windows, iOS, Android
  • Breach Monitor watches 3 email addresses across 700+ leak sources
  • Web Shield blocks phishing and malicious domains before you visit them
See all plans →

7-day free trial. Cancel anytime. VPN-only from $7.99/mo.

Everything you need to know about WebRTC leaks.

What is a WebRTC leak?+

WebRTC (Web Real-Time Communication) is a browser feature used by video calls, voice chat, and screen sharing. To connect two peers directly, WebRTC gathers "ICE candidates" — a list of every IP address your device has, including your local network address and your true public IP. Malicious sites can silently request those candidates and reveal your real IP even when a VPN is connected. That is a WebRTC leak.

How does this test detect a leak?+

Your browser starts a WebRTC connection to a public STUN server. Every ICE candidate your browser generates is captured and displayed here — no server can see them because everything runs client-side. We then compare those candidates to your public IP as seen by an external service. If any WebRTC candidate shows a public IP different from your VPN's exit IP — or reveals your real ISP-assigned address — you have a WebRTC leak.

Does a WebRTC leak defeat my VPN?+

Yes, in a very specific way. Your traffic is still encrypted through the tunnel — a WebRTC leak does not expose the sites you browse. But it reveals your real IP address, which defeats the anonymity and geographic-masking benefits of a VPN. If someone knows what to look for, a single line of JavaScript can pull your true IP out of the browser even while your VPN is connected.

How do I fix a WebRTC leak?+

The reliable fix is to block WebRTC in your browser or force it to only use IPs from your VPN's interface. On Firefox, set media.peerconnection.enabled to false in about:config. On Chrome/Edge/Brave, install a "WebRTC Leak Prevent" extension. On Safari, disable Legacy WebRTC API in Develop > Experimental Features. Or use a VPN with an app-level WebRTC guard — CyberFence VPN's kill switch blocks all traffic when the tunnel drops, which prevents WebRTC candidates from ever reaching the public internet outside the VPN.

What information does this tool collect?+

This tool runs 100% client-side in your browser. The WebRTC connection is made to a public Google STUN server (stun.l.google.com:19302) — that request never touches our servers. We then make one call to a public IP-lookup service (api.ipify.org) to compare candidates against your public IP. Nothing is stored on our servers, we do not associate results with any account, and closing the tab discards everything.

Does CyberFence VPN prevent WebRTC leaks?+

Yes, through two protections. First, CyberFence forces DNS and traffic through the encrypted tunnel — so even if WebRTC exposes an IP, that IP is the VPN exit node, not your real IP. Second, the kill switch is on by default and blocks all traffic if the tunnel drops, preventing WebRTC candidates from being generated with your real IP address. Combined with browser-level WebRTC settings, that eliminates the entire leak class.