Can You Detect WebRTC Leak
Can websites detect WebRTC leaks?
Checking…
Simulates what a normal website can learn from your browser — not a stealth audit.
How to use
- Wait a few seconds after load — the WebRTC scan runs automatically.
- Read Yes/Partially/No and the listed ICE addresses (public, local, IPv6).
- Click Refresh after changing VPN, browser privacy settings, or extensions.
FAQ
Can websites use WebRTC to get my IP?
Yes, if WebRTC is allowed and ICE exposes srflx (public) or host (local) candidates. Many pages never call WebRTC, but trackers and fingerprint scripts can — this scan uses the same STUN technique.
Same as WebRTC Leak Test?
Uses the same [WebRTC leak test](/tools/webrtc-leak) scan engine. This page frames results as **what sites could detect**, not only VPN leak debugging.
Why Partially with mDNS?
Chrome may hide raw 192.168.x addresses behind `.local` hostnames — WebRTC is active but local IP is obscured. That is privacy-friendly, not a full block.
Does Yes mean my VPN is broken?
If HTTP and WebRTC public IPs differ while VPN is on, that suggests split tunnel or leak. If only local LAN IP appears, VPN may still hide public IP — read each bullet.
Can I disable WebRTC?
Browser and extension settings vary. Some browsers limit WebRTC without full disable. Reduce exposure via VPN leak protection and privacy extensions.
Is the scan stored?
ICE gathering runs locally in your tab. Public IP comparison may call the same geo API as other network tools on this site.
Introduction
Can You Detect WebRTC Leak runs an automatic STUN/WebRTC ICE scan and reports whether public, local, or IPv6 addresses are exposed — data harvestable by scripts without a separate permission prompt in many browsers. Headlines range from Yes (addresses exposed) to Partially (mDNS-only) to No (no candidates before timeout).
WebRTC powers video chat, but its ICE layer can reveal IPs beyond what a simple HTTP request logs. VPN users and privacy reviewers care because leaks bypass tunnel intent.
What websites can harvest
| Exposure type | Risk |
|---|---|
| Public IPv4 (srflx) | Real or VPN exit IP visible via STUN |
| Local IPv4 (host) | Home/office LAN address (192.168.x, 10.x) |
| IPv6 candidates | May bypass IPv4-only VPN tunnels |
| HTTP vs WebRTC mismatch | Suggests split tunnel or leak |
| mDNS .local only | WebRTC active; raw local IP hidden (Chrome) |
Not every site runs WebRTC — but when they do, these are the address classes at stake.
Yes vs Partially vs No
- Yes — public, local, or IPv6 addresses listed, or HTTP/WebRTC public mismatch.
- Partially — mDNS hostnames without raw local IP, or limited exposure.
- No — no ICE addresses before timeout (blocker, policy, or unsupported WebRTC).
Common use cases
- VPN leak audit — refresh on VPN on/off and compare public rows.
- IPv6 tunnel review — see if IPv6 appears when IPv4 is VPN-protected only.
- Developer education — show why WebRTC permissions differ from camera/mic prompts.
- Full leak workflow — follow with what is my public IP and can you detect VPN.
Best practices
- Run on Wi‑Fi and mobile data separately — local and public candidates can differ.
- Enable WebRTC leak protection in VPN clients when mismatches appear.
- For interactive step-by-step leak UI, open WebRTC leak test.
- Local IP exposure does not reveal street address — but it confirms home vs datacenter context when combined with other signals.