MyIPScan
Unified privacy diagnostics

VPN Leak Test: Check Visible IP, DNS, WebRTC and IPv6 Signals

Check visible IP, DNS, WebRTC, IPv6, and browser/session signals in one local report for your current browser and network context.

This is an exposure estimate, not a VPN provider certification. It does not test every server, app, device, browser, or network, and a low-review result is still only a browser/session snapshot.

Check DNS Leaks
Verdict first Safe receipt Details below

Direct answer

VPN Leak Test: Check Visible IP, DNS, WebRTC and IPv6 Signals: answer first

VPN Leak Test compares visible IP, DNS, WebRTC, IPv6, and browser signals for the current browser session. It can highlight mismatches before and after a VPN change, but it does not certify that a VPN is secure.

Last updated

VPN reconnect wizard

Before, connect VPN, re-test, save a safe receipt.

Capture the current browser/session result, connect or change your VPN manually, then re-run the same checks to see what changed.

1. BeforeRun the test and save this result.
2. Connect VPNSwitch server, reconnect, or change network.
3. Re-testRun the same checks again in this tab.
4. What changedCompare IP, DNS, WebRTC, IPv6, and estimate.
5. Safe receiptCopy a reduced receipt without raw IPs or candidates.

Run the test once, then save the before snapshot.

VPN consistency matrix

Compare route, DNS, WebRTC, IPv6, and fingerprint changes

The matrix is local to this browser tab. It is meant for troubleshooting after reconnecting VPN, switching server, changing Secure DNS, or changing browser settings.

Run the test, save a baseline locally, reconnect or change VPN settings, then run again.

Likely scenarios

What the current combination may mean

These are conservative troubleshooting labels. They do not certify provider behavior, device-wide routing, or account-level privacy.

Likely scenarios appear after the first run.

Retest checklist

What to retest after changing VPN, DNS, or browser settings

Reconnect VPNDisconnect, reconnect, wait for the tunnel to settle, then run the same check again.
Switch serverTry a different VPN region or protocol if IP, ASN, DNS, or WebRTC signals look inconsistent.
Review IPv6 carefullyDisable IPv6 only if you understand the device, router, VPN, and app impact.
Check WebRTC settingsReview browser policy, extensions, profile settings, and whether calls or peer-to-peer apps still need WebRTC.
Check Secure DNSBrowser Secure DNS can differ from OS DNS and VPN DNS. Change one setting at a time.
Repeat in same browserUse the same tab/profile when possible so before/after deltas stay meaningful.
Exposure estimate and receipt limits

A higher exposure estimate means more visible browser/session signals may need review. Safe Copy exports use safe summary categories and remove raw IP, exact city, full user-agent, raw fingerprint data, raw resolver IPs, and WebRTC candidates. Read the methodology.

See what Safe Copy includes before sharing or saving a result.

Want the full picture? Run the Privacy Exposure Report.

Combine IP, WebRTC, IPv6, DNS leak, fingerprint, user-agent, and related privacy signals in one report.

Run report

Checks

Diagnostic Signals

Each card runs in your browser and updates independently. If a network request, browser API, or permission path cannot run, the result is marked Inconclusive.

Not tested

Current public IP

Shows the IP address and approximate network details returned by MyIPScan's same-site IP endpoint.

Public IP
Not tested
Network
Not tested
Location
Not tested
Open IP checker
Not tested

DNS leak status

Compares public resolver signals from Cloudflare and Google DoH checks.

Resolvers
Not tested
Signal
Not tested
Open DNS leak test
Not tested

WebRTC exposure

Looks for public IP candidates exposed through WebRTC ICE gathering.

Candidates
Not tested
Signal
Not tested
Open WebRTC leak test
Not tested

IPv6 exposure

Checks whether the current IP endpoint or WebRTC candidates reveal global IPv6 details.

IPv6 observed
Not tested
Signal
Not tested
Open IPv6 leak test
Not tested

Browser fingerprint warning

Summarizes visible browser attributes that a VPN usually does not change.

Browser
Not tested
Signals
Not tested
Open browser fingerprint test
Not tested

Local privacy report

Combines the observed signals into a browser-generated report you can copy for troubleshooting.

Generated
Not tested
Stored
Generated locally in browser.

Next steps

Confirm results with the dedicated tools

Use this unified report as a quick pass, then open the individual tools for deeper output and troubleshooting notes.

VPN Leak Test DNS Leak Test WebRTC Leak Test IPv6 Leak Test Browser Fingerprint Test What Is My IP Methodology

Guides

Related privacy guides

These existing MyIPScan guides explain the signals behind the report and common ways to reduce exposure.

How to Hide Your IP AddressPractical ways to reduce public IP exposure. What Is a DNS Leak?How DNS routing can reveal browsing requests. What Is a WebRTC Leak?Why browser real-time features can reveal IP candidates. VPN Setup Troubleshooting HubFollow the cluster for VPN reconnects, DNS mismatch, WebRTC, IPv6, and before/after checks. How to Check Your IPv6 AddressWhat IPv6 means for VPN and privacy checks. Proxy vs VPN vs TorCompare privacy tools and routing tradeoffs. VPN Kill Switch ExplainedSee what a kill switch can cover before interpreting leak-check results. Auto-Connect VPN on StartupSet a baseline, reconnect, and repeat IP, DNS, WebRTC, and IPv6 checks. VPN Keeps Disconnecting on iPhoneRetest after mobile reconnects, Wi-Fi changes, and VPN profile changes. Guides HomeOpen the MyIPScan blog for newer privacy guides.

Before / after privacy flow

Compare one browser or VPN change at a time

This page is focused on visible IP, DNS, WebRTC, IPv6, and browser/session signals. Run the focused VPN Leak Test first, then use Public Exposure Report for the combined route map. Results are visible browser/session signals, not a certification.

1. BaselineRun the focused check before changing VPN, DNS, browser, profile, or network settings.
2. Change one thingConnect or switch VPN, change Secure DNS, adjust WebRTC/fingerprint settings, or move networks.
3. RetestRun the same check again in the same browser/session when possible.
4. CompareReview changed and unchanged IP route, DNS, WebRTC, IPv6, fingerprint, and User-Agent signals.
5. Safe receiptUse Safe Copy or the Safe Privacy Receipt instead of sharing raw identifiers.

Status language

Use conservative result labels

These labels keep the result understandable without implying a VPN, browser, device, or account is safe.

Visible

A browser/session signal was visible and should be compared with what you expected.

Expected

The observed signal appears consistent with the stated route or browser behavior.

Review

The signal may need closer review before relying on this setup for the current session.

Limited

The check ran, but this page cannot cover every app, device route, server, or future connection.

Not detected

The tested signal was not observed in this browser/session.

Not checked

The signal has not run yet or the browser did not provide enough data.

Fix checklist

Where to review settings after a signal needs attention

Settings names change. Treat this as a route to verify, then rerun the focused check and the Public Exposure Report.

ChromeReview Secure DNS, WebRTC policy/extensions, profile state, and site permissions.
EdgeReview Chromium privacy settings, managed policies, Secure DNS, and VPN split tunneling.
FirefoxReview Enhanced Tracking Protection, DNS over HTTPS, and advanced WebRTC preferences when appropriate.
BraveReview Shields, fingerprinting protections, and WebRTC IP handling policy.
SafariReview website permissions, iCloud Private Relay context, and operating-system privacy settings.
iOSRetest after VPN profile, relay, mobile data, or Wi-Fi changes. Browser controls may be limited.
AndroidReview per-app VPN, Private DNS, browser permissions, and Wi-Fi versus mobile data behavior.
WindowsReview VPN adapter DNS, split tunneling, IPv6, browser Secure DNS, and firewall/proxy rules.
macOSReview VPN profile order, DNS settings, iCloud Private Relay context, and browser-specific privacy controls.
Public Exposure ReportDefault next step for a combined route map and Safe Privacy Receipt. Is My VPN Working?Before/after VPN workflow for visible browser/session signals. What Websites Can See About MePlain-language map of signals websites may read from this browser/session. Check My Browser PrivacyFocused path for fingerprint, WebRTC, IPv6, User-Agent, and browser settings.

VPN Before/After Checklist

Keep the privacy workflow free and receipt-first

This is not a monetized VPN recommendation block. The useful conversion path is a safe checklist and receipt for users who need repeatable troubleshooting.

BaselineRun the check before changing VPN, DNS, browser, profile, or network settings.
Connect and retestChange one thing, then run the same checks again in the same browser/session.
Compare visible signalsReview IP route, DNS, WebRTC, IPv6, browser fingerprint, and status labels.
Copy safe receiptShare reduced categories and next steps instead of raw identifiers.
Run free VPN check Review monitoring beta

One-time scans are free. Monitoring beta is optional, requires approved public targets, and does not mean public signup, automatic alerts, billing, or dashboards are live. See How We Make Money and the Affiliate Disclosure.

Check my VPN

What this checks

Visible browser-session signals that should be reviewed together: public IP route, DNS resolver owner, WebRTC candidates, IPv6 visibility, and browser fingerprint summary.

Limits

What this cannot check

It cannot inspect every app, VPN server, device route, account risk system, browser profile, network policy, or future connection.

Read results

How to interpret results

A good result means the visible IP, DNS, WebRTC, and IPv6 signals align with the route you expected, and no unexpected non-VPN route appears in this browser session.

Warnings

What a warning means

A warning means one visible signal may not match your expected route. It is a reason to review settings, not proof that the VPN, device, or account is unsafe.

Fix path

What to do next

Change one setting at a time, such as VPN server, Secure DNS, IPv6, WebRTC, or browser profile, then run the same test again for comparison.

Retest

When to retest

Retest after reconnecting the VPN, switching networks, changing DNS, updating browser privacy settings, or moving between normal and private profiles.

Related tools

Continue with the closest checks

Public Exposure ReportFull browser-session report with Safe Copy, issues, fixes, and clear limits. DNS Leak TestLimited resolver-signal check with before/after review. WebRTC Leak TestBrowser ICE candidate behavior and WebRTC exposure signals. IPv6 Leak TestIPv6 visibility alongside IPv4 in the current session. MethodologyReview how MyIPScan labels signals, limitations, and Safe Copy output.

SEO and AI citation summary

VPN Leak Test: what this tool does

Checks visible IP, DNS, WebRTC, IPv6, and browser signals for common VPN exposure clues.

How to use

  1. Run the tool in the same browser and network context you want to review.
  2. Change only one VPN, DNS, browser, WebRTC, IPv6, or privacy setting at a time.
  3. Run the Public Exposure Report afterward if you need a combined receipt.

What the result means

Treat the output as visible browser-session or public network evidence. It helps compare current settings, but it does not certify anonymity, VPN safety, or every app route.

Limitations

  • This tool reports observable signals only; it is not a guarantee or certification.
  • Browser-local checks plus /api/ip for visible public IP.
  • Results can change after VPN reconnects, DNS propagation, browser updates, cache changes, or provider configuration changes.

VPN Leak Test — Common Questions

What does a VPN leak test check?

This test checks five layers simultaneously: your visible public IP (does it show the VPN server or your real ISP IP?), DNS resolver (is it your VPN provider's DNS or your ISP's?), WebRTC (does the browser expose your real IP through WebRTC APIs?), IPv6 (is your IPv6 address leaking alongside a masked IPv4?), and browser fingerprint signals. A working VPN should show all five pointing to the VPN — not your home network.

How do I know if my VPN is actually working?

Run this test while connected to your VPN. Your visible IP should match your VPN server's location (not your real city). The DNS should show your VPN provider's servers. No WebRTC public IP should appear that differs from your VPN IP. IPv6 should either be blocked or routed through the VPN. If any of these differ — you have a leak specific to that layer.

My IP looks correct but something else is leaking — why?

This is common. A VPN can route your IPv4 traffic correctly while DNS queries still go to your ISP (DNS leak), or while WebRTC exposes your real IP (WebRTC leak), or while your IPv6 address bypasses the tunnel entirely (IPv6 leak). Each layer is independent. Check each result individually and run the specific test for the leaking layer.

Which VPNs pass all leak tests?

Mullvad and IVPN consistently pass all five layers including DNS, WebRTC, and IPv6. ProtonVPN passes on most configurations with the kill switch enabled. ExpressVPN and NordVPN pass on desktop but may show IPv6 leaks on mobile or after reconnecting. Free VPNs frequently fail DNS and WebRTC tests. Always test your specific VPN on your device — results vary by OS and version.

What should I do if my VPN is leaking?

1. Enable the VPN kill switch (blocks all traffic if VPN drops). 2. Disable IPv6 in your OS network settings if your VPN does not tunnel it. 3. Install the VPN provider's browser extension to block WebRTC. 4. Set your DNS manually to your VPN's servers. 5. If leaks persist, switch to Mullvad or IVPN which have the strongest leak protection by default. Full guides: What Is a VPN Leak | IVPN vs Mullvad 2026 comparison.

Next checks and references

Privacy DiagnosticsParent hub for this tool category.DNS Leak TestLimited DNS resolver-signal check.WebRTC Leak TestBrowser WebRTC candidate check.IPv6 Leak TestIPv6 exposure signal check.Browser Fingerprint TestBrowser-visible fingerprint surface overview.Relevant guideBackground reading for interpreting this result.MethodologyHow MyIPScan labels confidence, limits, and safe-copy outputs.