How to avoid a WebRTC Leak with modern browsers

Please be aware that some sites use a leak called WebRTC to track your real IP, if you use a modern browser like Mozilla Firefox or Google Chrome. To avoid that, users must adapt the respective functions manually in their browser settings. 

What is WebRTC?

WebRTC (Web Real Time Communication) refers to a technique for real-time communication directly in a browser, for example, telephone calls and video chats, without the need for plug-ins to be installed. The downside: Queries to the STUN server that is needed for this communication (to identify IPs ) are transmitted over any existing adapter in the computer, which is problematic with OpenVPN based VPNs, where the default gateway is not tunneled and the STUN requests can be used to bypass the VPN and expose the real IP address.

Are you affected?

Whether your web browser version is concerned at all, can be checked on the following website:

Test the page once with and once without CyberGhost. If in both cases the same public IP address is displayed, your browser must be configured manually.

How do you protect yourself against WebRTC?

Please disable the respective feature in your browser:


  1. Type ‚chrome://flags/#disable-webrtc‘ in the address line and confirm
  2. Activate the option (in newer versions this feature can't be deactivated anymore)*
  3. Restart your browser 

Mozilla Firefox

  1. Type ‚about:config‘ in the address line and confirm
  2. Change ‚media.peerconnection.enabled‘ to ‚False
  3. Restart your browser

Chromium-basierte Browser

  1. Open the user path of your browser
  2. Load the file ‘preferences’ into a text editor
  3. Add the line '“webrtc":{"multiple_routes_enabled":false}' before the last '}' 
  4. Restart your browser

* If your Chrome version doesn't support the deactivation of WebRTC anymore, please switch to another (older?) version or better to another browser. Alternatively you can try the instructions for Chromium based browsers.

Have more questions? Submit a request


Article is closed for comments.
Powered by Zendesk