What Is a WebRTC Leak?
WebRTC (Web Real-Time Communication) is a browser technology that enables video calls, voice chat, and peer-to-peer file sharing โ all without plugins. To establish a direct connection, WebRTC uses the ICE protocol to discover both your local and public IP addresses.
The problem: this IP discovery process bypasses your VPN tunnel and system proxy. It queries STUN servers directly, which can reveal your real public IP to any website running WebRTC JavaScript โ even while you're connected to a VPN.
How to Test for a WebRTC Leak
Use the tool.tl WebRTC Leak Test:
- Connect to your VPN
- Go to tool.tl/webrtc-leak-test
- The tool shows all IP addresses detected via WebRTC
- Compare results to your VPN IP โ if your real ISP IP appears, you have a leak
How to read results: Seeing your real public IP (not the VPN's IP) means you're leaking. Local IPs like 192.168.x.x or 10.x.x.x appearing is normal โ those are your local network addresses.
WebRTC Leak vs DNS Leak
| WebRTC Leak | DNS Leak |
|---|
| What leaks | Your real public IP address | Sites you visit, ISP identity |
| Risk level | โ ๏ธ High | โ ๏ธ Medium |
| Triggered by | JavaScript calling WebRTC API | DNS queries bypassing VPN |
| Test tool | WebRTC Leak Test | DNS Leak Test |
How to Fix a WebRTC Leak
Fix 1: Disable WebRTC in Your Browser
Firefox (easiest):
- Type
about:config in the address bar
- Search for
media.peerconnection.enabled
- Double-click to set it to
false
Chrome / Edge: Chrome doesn't let you disable WebRTC natively. Use an extension instead:
- WebRTC Leak Prevent (Chrome Web Store)
- uBlock Origin โ enable "Prevent WebRTC from leaking local IP addresses" in its settings
Safari: Safari restricts WebRTC more aggressively by default, so leak risk is lower on Safari than Chrome.
Fix 2: Use a VPN with WebRTC Leak Protection
Some VPN clients (Mullvad, ExpressVPN) intercept WebRTC at the system level, routing those requests through the VPN tunnel. This is the most complete solution โ no browser changes needed.
Fix 3: Switch to a Privacy-Focused Browser
Brave blocks WebRTC IP leaks by default. Tor Browser disables WebRTC entirely. Both eliminate the leak without needing extensions.
Does Disabling WebRTC Break Anything?
Disabling WebRTC will break browser-based video and voice calls:
- Google Meet, Jitsi, Discord web โ video/voice won't work
- Browser-based P2P features
For most users, a browser extension is the better choice โ it lets you allow WebRTC only when you explicitly need it (for calls), while blocking it everywhere else.
Frequently Asked Questions
Can every website see my real IP through WebRTC?
Any webpage can run WebRTC JavaScript and attempt to discover your IP. Whether it succeeds depends on whether WebRTC is enabled and whether your VPN prevents the leak. Blocking or disabling WebRTC prevents any site from using this technique.
Does WebRTC leak affect mobile browsers?
Safari on iOS is relatively restrictive with WebRTC. Chrome on Android is vulnerable. Firefox for Android lets you disable WebRTC via about:config, just like the desktop version.
Why does the test show multiple IP addresses?
WebRTC lists all available network interfaces: your local WiFi IP (192.168.x.x), Ethernet IP, VPN's virtual adapter IP, and possibly your real public IP. The critical one to watch is your real public IP from your ISP.