OpenReplay Logo
12k
12k

WebRTC leak test

See whether your browser exposes your real IP through WebRTC — even behind a VPN — by gathering and classifying every ICE candidate locally. Runs entirely in your browser.

Runs in your browser

STUN servers used

stun.l.google.comstun.cloudflare.com

About this tool

A WebRTC leak is the classic "my VPN is on but sites can still see my real IP" problem. This test opens a local RTCPeerConnection against public STUN servers, gathers every ICE candidate, extracts the IP addresses and classifies each one, then renders a single plain-language verdict in about two seconds.

Local and private addresses (10.x, 172.16–31.x, 192.168.x, 169.254.x and IPv6 fc00::/7 and fe80::/10) are never a leak, and modern browsers already mask them behind random .local mDNS hostnames. Carrier-grade NAT (100.64.0.0/10) is shared, not your real address. A public IP exposed here — especially one that differs from your VPN exit IP — is a real WebRTC leak, visible to any site using WebRTC.

No data is sent to OpenReplay. The only network request is the standard STUN lookup WebRTC needs to discover candidates — which is exactly what's being tested. The verdict is derived entirely from the candidates gathered in your browser; nothing is uploaded.

Frequently asked questions

What is a WebRTC leak?

A WebRTC leak is when your browser reveals your real IP address through WebRTC's connection-setup process, even while you're using a VPN or proxy. WebRTC gathers candidate IP addresses to connect peers, and in some configurations one of those is your true public IP — which any website can read.

How do I stop a WebRTC leak?

Modern browsers already mask local IPs behind .local mDNS hostnames. For full protection, disable WebRTC in your browser settings or via an extension that blocks it, or use a VPN client that patches the browser's WebRTC stack at the OS level so only the VPN's IP is ever exposed.

Is a local IP (192.168.x.x) a leak?

No. Local network IPs like 192.168.x.x or 10.x.x.x aren't routable on the public internet and reveal nothing a website can use to locate you. Only a public IP that differs from your VPN's exit IP is a real WebRTC leak.

Does a VPN stop WebRTC leaks?

Not always. A VPN routes your normal traffic, but WebRTC can use a separate path to discover your real IP unless the VPN or browser explicitly blocks it. That's exactly why you should run a WebRTC leak test with your VPN connected.

Is this test safe?

Yes. The entire test runs in your browser — it gathers WebRTC candidates locally and shows them to you. Nothing is uploaded to OpenReplay. The only network request is the standard STUN lookup WebRTC needs to discover candidates, which is what's being tested.