VPN leaks: What they are and how to test your VPN security

Your online privacy and security are important, especially when you use public Wi-Fi. That’s where the benefits of using a VPN — a virtual private network — come in.

A VPN hides information about your IP address and encrypts communication traveling to and from your device. Your data travels through a secure “tunnel” to the VPN service provider’s servers where your data is rerouted to whatever site you are reaching out to.

So what could go wrong? Leaks.

What are VPN leaks?

Leaks occur when your real IP address becomes visible, even though you’re using a VPN, which is intended to mask your true IP address and help protect your online privacy.

VPN leaks may be more common than you might expect. A 2016 study found that 84 percent of Android free VPN apps tested by researchers leaked users’ IP addresses.

Free VPN apps for iOS devices may also leak.

Your IP address identifies the connection of your device to the internet and your location. A leaked IP address could allow your online actions to be traced back to you. You might choose to hide your IP address for a variety of reasons, including your safety and privacy.

Leaks occur most often in one of three ways.

1. WebRTC Leaks

WebRTC leaks occur when your true IP address is leaked and exposed through your browser’s WebRTC functionality. What’s that? WebRTC is a basic technology feature that assists with peer-to-peer functionalities on your browser without the need to install plugins or other apps.

2. DNS Leaks

DNS stands for domain name system. It’s the system by which website names are translated into the long IP addresses that identify specific websites. In a DNS leak, your true IP address becomes unprotected when your DNS request is either sent unencrypted outside of your VPN or when your VPN server somehow is bypassed.

3. Browser extension leaks

Something called “prefetching” is a browser function that makes searches quicker and more efficient, but it comes at the cost of reduced privacy and security through VPN leaking. Browser-extension VPN leaks happen when Chrome VPN extensions “prefetch” a domain name by predicting what websites you are going to visit to speed up connections.

WebRTC VPN leaks and how to test for them

WebRTC uses Session Transversal Utilities for NAT protocol — also known as STUN protocol. This enables your public IP address to make peer connections that expose your public IP address even if you are using a VPN.

The first step in solving the problem? Finding out whether you have the problem. So it’s important to test to see if your VPN is leaking your IP address.

Here’s what to do to find out if your VPN has a WebRTC leak.

  1. Go to Google or another web browser and type in “what is my IP address.” Before you do this, make sure you’re not connected to your VPN. Write down your IP address.
  2. Log in to your VPN and verify that you are connected to the server of your choice.
  3. Go back to your browser and type in “what is my IP Address” and check your IP address again. It should show the masked IP address of your VPN.
  4. Finally, use one of several free websites that will enable you to run a WebRTC test to check if your VPN is leaking your public IP address.

If both steps 3 and 4 do not show your public IP address, you should be fine. But if your search shows your VPN-masked address — but the WebRTC test shows your public IP address — you have a leak.

What should you do? If you have a leak, you should disable WebRTC on your browser. This is done differently for each browser, either by changing settings or installing a plug-in to do it. Worth noting: Secure VPNs such as Norton Secure VPN will help protect against WebRTC leaks.

DNS VPN leaks and how to test for them

Sometimes when you are using a VPN, a DNS leak can occur. This happens when your DNS queries are sent outside of the secure VPN encrypted tunnel and your data is sent through your default DNS servers rather than the secure, anonymous VPN server. Often, a DNS VPN leak is due to improper configuration of your network settings.

There are a number of free websites that you can use to test for a DNS leak, such as*.

Browser extension VPN leaks and how to test for them

Browser extension VPN leaks occur due to prefetching. Prefetching is activated by default when using Chrome browsers.

Here are steps you can take to test whether you have a browser extension VPN leak.

  1. Activate the Chrome plugin on your VPN.
  2. Go to chrome://net-internals/#dns and click on “clear host cache.”
  3. Then go to any website to confirm the leak.

You can stop the leak by following these steps.

  1. Go to Chrome://settings in your address bar.
  2. Next go to “Search settings” and type in “predict.”
  3. Then disable the options “Use a prediction service to help complete searches and URLs typed in the address bar” and “Use a prediction service to load pages more quickly.”

Using a trusted VPN can enhance your online privacy and security, but it’s important to make sure that your VPN is not leaking.

A final note about VPNs and public Wi-Fi

It’s important to remember to use a trusted VPN when using public Wi-Fi.

Why? Even if you use a password-protected public Wi-Fi hotspot, you can’t be sure how secure that public Wi-Fi connection really is.

Here’s just a sample of the things you probably wouldn’t know.

  • Who set up the network.
  • What security steps they took.
  • Who else may be on the same public Wi-Fi network. Could they pose a threat to your online privacy or security?

And keep in mind, you may think you are on a legitimate public Wi-Fi network, but you may be using the Wi-Fi network set up by an identity thief sitting nearby who could monitor the data you send and receive from your device.

Using public Wi-Fi while you shop or conduct personal banking or other financial transactions could put you at risk of having your data accessed and your identity compromised.

A VPN can help you avoid these dangers. Just make sure it doesn’t leak.

Keep your online activity more secure and private in one click

Norton Secure VPN helps prevent companies from tracking your online activities or location by encrypting your information on our no-log VPN.

Browse the web anonymously from Internet service providers and cybercriminals

* The inclusion of websites or links does not imply endorsement or support of any companies, materials, products and/or providers listed herein.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.