What is a DNS leak?
When you visit a website, your browser first asks a DNS server to translate the domain name (like google.com) into an IP address. Normally, this lookup happens through your internet provider's DNS server — which means your ISP can see every website you try to visit.
A DNS leak happens when your DNS queries bypass your VPN or privacy settings and go directly to your ISP's server instead. This exposes your browsing activity even when you think you're protected.
Why this matters even with a VPN
Many VPN users assume their DNS queries are automatically routed through the VPN tunnel. They often aren't. A misconfigured VPN — or a browser that ignores VPN DNS settings — can silently send your queries to your ISP, undermining the VPN entirely.
What does this test check?
WebRTC IP leak detection
WebRTC is a browser technology for real-time communication (video calls, file sharing). It can sometimes expose your real local or public IP address even when you're using a VPN — because it bypasses the VPN tunnel to establish direct peer-to-peer connections. This test uses the same WebRTC mechanism to show which IPs your browser is currently exposing.
If you see a public IP listed here that is different from your VPN's exit IP, your VPN has a WebRTC leak.
DNS-over-HTTPS (DoH) status
DNS-over-HTTPS encrypts your DNS queries so your ISP cannot intercept them. This test checks whether your browser is configured to use DoH, and which protocol your browser prefers. Firefox enables DoH by default; Chrome has it available but not always active.
Network and browser information
This section shows what your browser exposes about your network environment — your language settings, timezone, and connection type — all of which contribute to your tracking fingerprint.
How to fix DNS and WebRTC leaks
- Enable DNS-over-HTTPS in your browser: In Firefox, go to Settings → Privacy & Security → DNS over HTTPS. In Chrome, go to Settings → Privacy and Security → Security → Use secure DNS.
- Use a VPN with DNS leak protection: Good VPNs route all DNS queries through their own encrypted servers. Look for explicit "DNS leak protection" in the VPN's documentation. Mullvad and ProtonVPN both offer this.
- Disable WebRTC if you don't need it: In Firefox, type
about:configin the address bar, search formedia.peerconnection.enabled, and set it tofalse. In Chrome, install the uBlock Origin extension — it has a WebRTC leak prevention option. - Use a privacy-focused browser: Firefox with Strict tracking protection and DoH enabled is the most effective combination without additional tools.