Free network diagnostics
See whether your browser exposes your real IP through WebRTC. The page compares the public IP visible to WebRTC against the IP visible to HTTP and reports whether your VPN (if any) is catching WebRTC properly.
Result
Checking your WebRTC behavior…
Gathering ICE candidates from your browser and looking up your HTTP-visible IP for comparison.
ICE candidates your browser produced. mDNS (`*.local`) host candidates are the safe, modern default.
No candidates were returned. WebRTC may be disabled or blocked.
The IP your normal HTTP traffic appears to come from, fetched once for the comparison.
Tip: turn your VPN on and re-run the test. Both numbers should change to the VPN's exit IP. If only one of them changes, your VPN is leaking via WebRTC.
How this page works
To run the test the page opens a temporary RTCPeerConnection in your browser pointed at stun.cloudflare.com (Cloudflare's free public STUN server) and listens for the ICE candidates your browser produces. It also makes one HTTPS request to ipapi.co (or ipify.org as a fallback) to find out the IP your normal HTTP traffic comes from. Both services see your IP for those requests.
Everyday Tools Hub does not log, store, or transmit any of the information shown on this page. The connection to STUN is torn down as soon as gathering finishes.
Check whether your browser exposes your real IP through WebRTC, even when you're behind a VPN.
These cover the most common questions about WebRTC leaks, what mDNS protection does, and what the result actually proves.
FAQ
WebRTC is the browser API that powers things like video calls and voice chat. To set up peer-to-peer connections, browsers ask STUN servers for the public IP your traffic appears from — and that request can slip around VPNs that only tunnel TCP, exposing your real IP. That's the textbook 'WebRTC leak.' It's been a documented issue since 2015 and is still present in many VPN setups.
FAQ
The page opens a temporary RTCPeerConnection in your browser pointed at Cloudflare's free public STUN server (stun.cloudflare.com:3478) and listens for the ICE candidates the browser produces. It also makes one HTTPS request to ipapi.co to find out the IP your normal HTTP traffic comes from. It then compares the two and reports whether they match.
FAQ
No — that's the protective behavior. Modern browsers (Chrome 76+, Firefox 68+, Safari 12.1+) replace your raw LAN IP with an obfuscated hostname like abc-1234.local before exposing it via WebRTC. Seeing mDNS hostnames in your host candidates means your browser is doing the right thing. A raw 192.168.x.x or 10.x.x.x in the host candidates is the older, less private behavior.
FAQ
It means your WebRTC public IP and your HTTP public IP are the same right now, against this STUN server, with this provider chain. It does not test for DNS leaks, IPv6 leaks via other paths, TLS fingerprinting, or any other side-channel. A clean WebRTC test is a good sign, not a security audit.
FAQ
Most major VPN clients (Mullvad, ProtonVPN, NordVPN, ExpressVPN) ship a 'block WebRTC IP discovery' or 'kill switch' option that catches WebRTC traffic and forces it through the tunnel. Enable that setting in your VPN, then re-run the test. If you can't enable it, a browser extension that disables WebRTC entirely (or a privacy-first browser like Brave) will also fix it.
FAQ
No. The page makes one UDP connection to Cloudflare's STUN server and one HTTPS request to ipapi.co (with ipify.org as a fallback). Both see your IP for those requests, but Everyday Tools Hub does not log, store, or transmit anything about your visit.
Explore other utilities in the Everyday Tools Hub library.