The Essentials

IP, DNS, WebRTC & IPv6 Leaks: What Are They & How to Check For Them

JP Jones
JP JonesUpdated

Your VPN could be leaking personal information to third parties without you even knowing. Learn how to check for different types of leaks and prevent them from happening.

Illustration of two leaking buckets of water

When you use a VPN you entrust it with a lot of your personal data. A good VPN will ensure that no one, even the VPN itself, can see what you do online.

However, there are plenty of VPNs out there that leak data, such as your location and the websites you’ve visited, to your ISP or any other snoopers.

Unless you know how to detect these leaks, you may never know that it’s happening and you won’t be able to prevent them from happening again. Read on to find out how.

Leak Test Tools

There are loads of leak testing tools available online to help you check for various types of leaks, and a handful of VPNs even provide proprietary leak testing software on their websites.

For this guide, we used browserleaks.com as it incorporates all four types of leak testing we cover and is easy to use once you get the hang of it.

What Is an IP Address?

Illustration of IP Addresses on World Map

IP addresses are unique identifiers that are assigned to devices on a network. For the public internet, your Internet Service Provider (ISP) assigns an IP address to your network router (at home, work, or a cafe, for example), which all your devices on the WiFi are then connected to.

In simple terms, devices need an IP address in order to communicate with other devices on the internet, which enables you to browse online, stream movies, send emails, or anything else you use the internet for.

There are two types of IP address formats, IPv4 and IPv6, but we’ll get to the last one later. Your IPv4 address will look similar to this: 198.51.100.1.

There’s no need to get bogged down in the fine details, but the main thing to take away from this is that your IP address counts as personal information – it can be used to identify your physical location as well as everything you do online.

What Is an IP Leak?

An IP leak happens when your VPN fails to mask your true IP address with one of its own, making it available for any prying eyes to see.

It’s a huge issue that puts your privacy at significant risk – once your ISP or any other nosy third party is able to see your true IP address they are able to link anything you do online back to you as an individual.

How to Test for IP Leaks

It’s pretty easy to discover whether your IP address is leaking – just follow these simple steps:

1. Open up a credible leak testing website – we use browserleaks.com. Run an IP leak test while the VPN is disconnected and note down your IP address.

2. Connect to any VPN server and refresh the browser page to re-run the test once the VPN has successfully connected.

Screenshot of an IP Leak Test While Disconnected From a VPN

IP Address Results When Disconnected from the VPN

3. Check the IP address again. It should be different to your original IP address and match the country and city server location you have connected to. If the IP address is the same as your own IP address, it is leaking. 

If the IP address is different but the location doesn’t match the server you’re supposedly connected to it could mean that VPN isn’t working as it should be. Try reconnecting and test again, but if the issue persists get in touch with your VPN provider’s customer support.

IP Address Results When Connected to ExpressVPN

IP Address Results When Connected to ExpressVPN’s New Jersey Server

How to Fix and Prevent IP Leaks

If your true IP address is leaking, the VPN isn’t doing it’s job; it’s as simple as that. Generally, the only way to prevent IP leaks is to use a good quality VPN.

Top-level VPNs will include a VPN kill switch feature which blocks internet traffic in the event of an unexpected VPN connection drop. This prevents your IP address and other personal data from leaking while the VPN connection is down. You can usually find this feature within the settings menu of the VPN app.

Screenshot of ExpressVPN Kill Switch Settings

ExpressVPN Kill Switch Settings

If your original IP address still shows up on leak tests, check with your VPN’s customer support team to ensure your computer is set up correctly and isn’t overriding the VPN connection.

If that fails to solve the issue, it’s time to get a new VPN, pronto.

What Is DNS?

Illustration of DNS

DNS, which stands for Domain Name System, is a bit like a phone directory. A global network of DNS servers look up domain names, which are used in URLs such as www.top10vpn.com, and returns the IP addresses (e.g. 151.101.22.49) they are associated with. This ‘translation’ allows your device to access all kinds of content online.

These servers sometimes log the DNS queries (the websites or apps you’re browsing or using) along with the personally identifiable IP addresses that are making those queries. In short, they link you to your online activities.

What is a DNS Leak?

When DNS requests travel outside of the encrypted VPN tunnel, and are handled by your ISP, it’s called a DNS leak.

DNS leaks expose your browsing habits to your ISP or any on-path eavesdroppers, allowing them to track the websites you visit and the apps you use. In some countries, such as the US, ISPs can sell and share this information to advertising companies or the authorities.

Take a look at ExpressVPN’s useful guide on DNS leaks, with a handy animation of how they happen and how to prevent them.

How to Test for DNS Leaks

Testing for DNS leaks is pretty similar to the previous leak test, just look at the DNS servers instead of the IP address:

1. Open browserleaks.com/ip while the VPN is disconnected and make a note of your DNS servers’ IP addresses (found in the ‘Your DNS Servers’ section). Unless you have changed your device’s DNS settings, the DNS servers shown will be those belonging to your ISP. You can see our DNS servers in the screenshot below.

Screenshot of DNS Leak Test While Not Connected to a VPN

DNS Results When Disconnected From the VPN

2. Connect to any server on the VPN server list. Then, refresh the leak test page on your browser.

3. Look at the DNS server results again. If any of your ISP’s DNS servers appear, your VPN is leaking DNS requests.

Here are two examples of DNS leak tests we ran while connected to two different VPNs.

The first is ExpressVPN – only one DNS server appears and it belongs to the VPN company. The DNS servers listed above in the first test are not showing, therefore it’s not leaking DNS requests.

Screenshot of DNS Leak Test While Connected to ExpressVPN

DNS Results When Connected to ExpressVPN

The second is VPN99 – you can see both Google DNS and our ISP’s DNS servers. VPN99 uses Google DNS rather than first-party servers, however the presence of our ISP’s servers in the results shows that it’s leaking our DNS requests.

Screenshot of DNS Leak Test While Connected to VPN99

DNS Results When Connected to VPN99

How to Fix and Prevent DNS Leaks

There are few simple ways to fix DNS leak issues, but the most effective way it to pick a trusted VPN service that maintains its own zero-log DNS servers. The VPN should force all traffic to go through those and not any third-party servers (including your ISP’s), which prevents leaks from happening.

When you can, use the VPN’s custom apps. Manually configuring the VPN connection and DNS settings increases the risk of DNS leaks if you aren’t 100% sure of what you’re doing.

Sometimes you have to ‘switch on’ the DNS leak protection feature within the VPN’s app settings. This will force DNS requests to go through the VPN’s own DNS servers.

Screenshot of ExpressVPN DNS Leak Protection Settings

ExpressVPN DNS Leak Protection Settings

As always, remember to switch on the VPN kill switch to ensure that no traffic reaches your ISP if the VPN connection drops unexpectedly.

If you’re still experiencing DNS leaks, let your VPN provider know. This helps the tech team to find out if the issue is coming from their end or yours, and that way they can solve it…

… But if they can’t it’s time to switch to another provider with a proven leak-free history.

What is WebRTC?

Illustration of Internet Video Calling

WebRTC is a browser technology that allows audio and video communications to work inside web pages.

‘RTC’ stands for ‘real time communications’ – the technology helps deliver content more quickly as there is no need to download plugins (browser extensions) or native apps.

WebRTC is almost always enabled in your browser by default.

What is a WebRTC Leak?

WebRTC leaks are vulnerabilities within web browsers, such as Google Chrome and Firefox, that reveal your true IP address.

These leaks aren’t really flaws within the browser; it’s part of their design. Efficient IP sharing is supposed to provide convenience and speed, so WebRTC uses clever techniques to figure out your true IP address and get around any firewalls that might otherwise prevent your real-time connection from taking place.

However, it’s a huge threat to online privacy if you’re using a VPN, as your ISP – or any other snooping third parties – will have access to your personal data and online activity.

How to Test for WebRTC Leaks

Follow these simple steps to check for WebRTC leaks while using a VPN:

1. Run a WebRTC leak test when you’re disconnected from your VPN and make a note of the public IP address you see.

Screenshot of WebRTC Leak Test While Not Connected to a VPN

WebRTC Results When Disconnected From the VPN

2. Connect to any VPN server location and refresh the browser page to re-run the leak test.

3. If your true public IP address appears while connected your VPN is leaking WebRTC. Don’t worry about the local (internal) IP address as this isn’t personally identifiable information.

Screenshot of WebRTC Leak Test While Connected to ExpressVPN

WebRTC Results When Connected to ExpressVPN

How to Fix and Prevent WebRTC Leaks

Fixing WebRTC leaks isn’t as simple as getting a good VPN, although that helps. It’s a browser issue and not really your VPN’s fault.

But, if your VPN does offer a WebRTC blocking feature, be sure to enable it. These tend to be included in VPN browser extensions, though.

If your VPN doesn’t block WebRTC by default or through a setting, disable WebRTC in your browser settings if it’s possible.

Unfortunately, certain browsers such as Google Chrome don’t allow you to this and instead you have to use a browser add-on or extension. It’s important to note that these aren’t always 100% effective, so using a browser that allows you to disable WebRTC is recommended. You can see our most highly-recommended VPN browsers here.

What is IPv6?

Selection of Internet Connected Devices

When we talked about IP addresses, we mentioned that there are two formats: IPv4 and IPv6. Now it’s time to address the latter.

Currently, the most widespread version of the Internet Protocol is IPv4, but we are running out of IPv4-format IP addresses as the number of internet-enabled devices continues to grow. IPv6 has been designed to meet that demand.

IPv6 addresses look like this: 2001:4860:4860::8888

What is an IPv6 Leak?

While IPv6 is the future, it’s not currently supported by all VPN providers, which leaves them vulnerable to leaks. Many VPNs only route IPv4 traffic through the encrypted VPN tunnel, leaving IPv6 traffic unprotected.

IPv6 leaks cause both IP leaks and DNS leaks, meaning that your personal information and online activities could be visible to your ISP or other third parties.

How to Test for IPv6 Leaks

First and foremost, check if you actually have an IPv6 address – not every ISP offers them yet.

Use browserleaks.com and take a look at the ‘IPv6 Leak Test’ section. If it doesn’t show an IP address there, you don’t need to worry about IPv6 leaks as you don’t have an IPv6 address.

IPv6 Leak Test Not Connected to a VPN

IPv6 Leak Test Results While Disconnected From the VPN – No IPv6 Address Found

If it does show an IPv6 address, make a note of it and re-test again when the VPN is connected.

Screenshot of IPv6 Leak Test While Connected to Perfect Privacy

IPv6 Leak Test Results on BrowserLeaks.com – Perfect Privacy US IPv6 Address

If you see your true IPv6 address, the VPN is leaking.

How to Fix and Prevent IPv6 Leaks

Other than choosing a VPN provider that supports IPv6 – there aren’t many that currently do – there are two ways to stop IPv6 leaks from jeopardizing your online privacy:

1. Block IPv6 traffic by enabling IPv6 leak protection within your VPN’s app settings. Some VPNs have it baked into their apps so you don’t have to mess around with settings. Be warned, though, not all VPNs provide this feature.

Screenshot of ExpressVPN IPv6 Leak Protection Settings

ExpressVPN IPv6 Leak Protection Settings

2. If you can’t block IPv6 traffic through the VPN, disable IPv6 at router or OS level. Many VPNs provide their own guides for this, so be sure to look there first. If not, check out this wikiHow guide to disabling IPv6 on PC or Mac.

Disabling IPv6 shouldn’t cause many issues as the vast majority of online services are still accessible through IPv4. However, if you absolutely need to use IPv6 make sure to choose a VPN that supports, rather than blocks, it.

Perfect Privacy is one of the few VPNs to offer support for IPv6 and you can see which of its servers are compatible by looking at the server list on its website.

Screenshot of Perfect Privacy's IPv6 Supported Servers

Perfect Privacy’s IPv6 Supported Servers

About the Author


  • JP Jones - CTO @ Top10VPN

    JP Jones

    JP is our CTO and with over 25 years of software engineering and networking experience oversees all technical aspects of our VPN testing process. Read full bio