A WebRTC leak occurs when the WebRTC protocol in your browser exposes your real IP address to websites, even when you are connected through a proxy or VPN. It bypasses proxy settings by making direct peer-to-peer connections.
WebRTC (Web Real-Time Communication) enables direct browser-to-browser communication for video calls and file sharing. To establish these connections, WebRTC uses STUN servers to discover your public and local IP addresses. A website can trigger this discovery process using JavaScript, revealing your real IP even when all HTTP traffic routes through a proxy. The leak happens because WebRTC operates outside the browser HTTP proxy settings.
Match the strength of this control to what is actually at risk in the workflow.
USER-country-de-session-task01The credential string is the only configuration needed -- "country-de" sets the exit, "session-task01" keeps it consistent, and webrtc leak is handled by the gateway rather than your application code.
Test the setup with a leak-test tool or packet capture to confirm this protection is actually working, not just configured.
Pair this with sane session handling and header hygiene -- no single control covers a full workflow on its own.
Apply the strongest version of this control to logins, payments, and personal data -- it is overkill for public information.
Do not let two workflows that need to stay separate for privacy or account reasons share the same session or IP.
A website embeds a hidden JavaScript snippet that uses WebRTC STUN requests to discover a visitor real IP address, revealing it is 192.168.1.100 behind a proxy showing 45.67.89.101.
A WebRTC leak completely undermines your proxy anonymity by exposing your real IP. Any website can trigger this check with a few lines of JavaScript, making it a critical privacy gap to address.
Disable WebRTC in your browser settings or use a browser extension that blocks WebRTC. In Firefox, set media.peerconnection.enabled to false in about:config. Anti-detect browsers disable WebRTC by default.
Chrome, Firefox, Edge, and Opera all support WebRTC and are vulnerable by default. Safari has partial WebRTC support. Headless browsers can be configured to disable WebRTC entirely.
Ready to put this into practice? WebRTC Leak Test
Start a free trial and test with real targets -- no credit card, no sales call.