Leak Diagnostics
Identify vulnerabilities exposing your real IP address even when using a VPN or proxy.
WebRTC can bypass VPNs by exposing local and public IPs through ICE candidate negotiation.
A DNS leak sends queries to your ISP's servers instead of your VPN's anonymous resolvers.
Enable Kill Switch and WebRTC Protection in your VPN client. Set your DNS to 1.1.1.1 (Cloudflare) or 8.8.8.8 (Google) for additional privacy.
What Are Privacy Leaks?
Privacy leaks are vulnerabilities that expose your real IP address or browsing activity despite using privacy tools like VPNs or proxies. The two most critical types are DNS leaks (your DNS queries bypass the VPN tunnel) and WebRTC leaks (your browser reveals your real IP through peer-to-peer communication APIs). These leaks can undermine your privacy even when your VPN appears to be working correctly.
Our privacy leak test checks for multiple exposure vectors simultaneously. The DNS test queries our server to detect your resolver's origin. The WebRTC test uses browser APIs to check if any local or public IP addresses are being disclosed through peer-to-peer connection negotiation.
Types of IP Leaks
DNS Leak
DNS queries reveal which websites you visit to your ISP. Even with a VPN active, misconfigured DNS settings can route lookups outside the encrypted tunnel, exposing your browsing activity to your internet provider.
WebRTC Leak
Browsers use WebRTC for real-time communication (video calls, screen sharing). The ICE protocol used by WebRTC can reveal both your local network IP and your true public IP, bypassing VPN tunnels entirely.
IPv6 Leak
If your ISP provides IPv6 connectivity but your VPN only tunnels IPv4 traffic, websites and servers that support IPv6 can see your real IPv6 address and therefore identify your actual ISP and location.
How to Protect Yourself from IP Leaks
- 1.Choose a VPN with built-in DNS leak protection and IPv6 leak prevention.
- 2.Enable the VPN kill switch to block traffic if the VPN connection drops.
- 3.Disable WebRTC in your browser or install a WebRTC control extension.
- 4.Use a VPN's own DNS servers rather than your ISP's default servers.
- 5.Test for leaks after every VPN update, OS update, or network change.
- 6.Consider using Tor Browser which blocks WebRTC and routes all DNS through the Tor network.
Frequently Asked Questions
What is a DNS leak?
A DNS leak occurs when your DNS queries (domain name lookups) are sent to your ISP's DNS servers instead of the VPN's DNS servers, even while your browsing traffic is tunneled through the VPN. This exposes which websites you're visiting to your ISP, defeating a major privacy purpose of using a VPN.
What is a WebRTC leak?
WebRTC (Web Real-Time Communication) is a browser technology that enables peer-to-peer communication for video calls and data sharing. It can bypass VPN tunnels and expose your real local and public IP addresses through ICE (Interactive Connectivity Establishment) candidate discovery, even when you're connected to a VPN.
How do I fix a DNS leak?
To fix DNS leaks: 1) Use a VPN with built-in DNS leak protection and dedicated DNS servers. 2) Manually configure your OS to use the VPN provider's DNS servers. 3) Enable DNS-over-HTTPS (DoH) in your browser. 4) Use a zero-logging DNS provider like Cloudflare (1.1.1.1) or Quad9 (9.9.9.9). 5) Check your VPN's kill switch is enabled.
How do I fix a WebRTC leak?
WebRTC leaks can be addressed by: 1) Disabling WebRTC in your browser (Firefox: set media.peerconnection.enabled to false in about:config). 2) Installing a WebRTC leak prevention browser extension. 3) Using a VPN that routes WebRTC traffic through the tunnel. 4) Using the Tor Browser which blocks WebRTC by default.
Will a VPN protect me from all IP leaks?
A VPN is the primary defense but not foolproof. VPN kill switches prevent IP exposure when the VPN drops, but WebRTC leaks, IPv6 leaks, and DNS leaks can bypass VPN tunnels if the VPN client doesn't specifically address them. Run regular leak tests after VPN updates or network changes to verify protection.
What is an IPv6 leak?
An IPv6 leak occurs when your device has an IPv6 address and connects to an IPv6-enabled server directly, bypassing the VPN tunnel which may only cover IPv4 traffic. Many VPN providers don't support IPv6 and don't block it either, causing IPv6 traffic to reveal your real ISP and location even when the VPN appears active.
Related Tools & Resources
Detect if your current IP is flagged as VPN, proxy, or data center.
See your public IP address, location, ISP, and connection details.
Learn proven methods to protect your real IP address.
Compare VPNs and proxies for privacy and security.
Query DNS records and investigate domain configurations.
Find the geographic location of any IP address.