Multiple independent audits + transparent operations + strong default leak protection.
Free real-time check. Three leak tests. No signup, no email, no cookies. Just an answer.
Multiple independent audits + transparent operations + strong default leak protection.
Cheaper than the top tier, audited or court-verified. Solid for daily use if budget matters.
Outside Eyes alliances, open-source apps, anonymous payment accepted.
Genuinely safe free tiers backed by audited paid offerings.
Long-running brands with past incidents (HMA 2011, IPVanish 2018, PureVPN 2017) since cleaned up via audits + ownership changes.
Don't see yours? All 15 provider guides →
If our checker says VPN WORKS in green, your VPN is hiding your real IP from websites. The check looks at three signals: whether your IP belongs to a known VPN provider or datacenter, whether your detected country matches your system timezone, and whether your three leak tests (WebRTC, DNS, IPv6) come back clean. When all four agree, you're protected.
The most common reasons are: VPN server is overloaded (try switching server), firewall or antivirus blocking the connection, conflicting VPN apps running at once, expired subscription, or the VPN protocol being blocked by your network (try switching from OpenVPN to WireGuard or vice versa). If our tool shows NO VPN even though your VPN app says connected - your VPN client is lying to you and you should switch providers.
WebRTC is a browser feature for video calls (Zoom, Discord, Google Meet). It can accidentally expose your real IP address even when a VPN is active, because it talks to STUN servers at the OS level rather than through the VPN tunnel. A good VPN blocks WebRTC at the firewall or routes it through the tunnel - that's why our test shows SAFE for proper VPNs. If you see a LEAK badge, your VPN is letting your real IP slip through and websites can see it.
When you visit a website, your computer first asks a DNS server to translate the name (like google.com) into an IP address. If your VPN is configured properly, that DNS query goes through the encrypted tunnel. If not, it goes to your ISP's DNS server - which means your ISP sees every website you visit, completely defeating the point of the VPN.
We don't store your IP, we don't have a server-side database, and we don't have analytics tracking individuals. The leak tests (WebRTC, IPv6, DNS) run in your browser. The IP-info and VPN-flag lookups go through our nginx proxy to public APIs (ipwho.is, proxycheck.io) - that's how we forward your real IP so the lookup is accurate, but we don't log the request. View source - it's a static site, you can see for yourself.
Two common reasons: (1) some smaller VPN providers use IP ranges that haven't made it into public datacenter databases yet, so we can't be 100% sure they're a VPN; (2) if you use split tunneling and our site happens to be in your direct-traffic list, you'll appear unprotected to us specifically. Check your other tabs - if Netflix shows your VPN country, you're fine. The checker is a sanity check, not a court ruling.
Netflix and other streaming services have their own commercial VPN-detection databases and they update them constantly. Just because we don't detect your VPN doesn't mean Netflix can't - they buy access to specialized fraud-detection feeds that flag known VPN IP ranges within hours. The fix is to switch VPN servers (try smaller cities) or use a VPN with dedicated streaming IPs like NordVPN or Surfshark.
If you only browse from home, mostly use HTTPS sites (which is everything now), and don't torrent or watch geo-restricted content - you can probably skip it. If you use public Wi-Fi, want to watch shows that aren't in your country, torrent anything, live in a country with internet restrictions, or just don't want your ISP building a profile of every site you visit - yes, get one.
Quick version: a VPN that "works" in a marketing sense (the app says connected) and a VPN that actually hides you are two different things. This page exists because that gap is bigger than most people realize.
The fastest way to check if your VPN is working is to look at the IP your VPN tells you it has versus the IP that websites actually see. If they match, and the country matches, and no leak tests fail - your VPN is working. If any of those three things disagree, your VPN is leaking somewhere. Our tool above runs all three checks at once, but the principle is something you can check manually too.
The reason a manual check matters: VPN apps are notorious for showing a green "Connected" indicator even when their actual tunnel is broken or only partially routing your traffic. The app polls its own server, gets a response, and declares success - even if half your packets are still leaving through your normal connection.
When you visit any website, the website sees an IP address. If your VPN is on, that IP should belong to your VPN provider, not your ISP. The fastest way to verify: turn the VPN off, note the IP shown above, turn it back on, refresh, and check the IP changed. If it didn't change, your VPN isn't routing your web traffic at all.
If your NordVPN app says you're connected to "Netherlands - Amsterdam #423" and our checker shows you in Germany, something's wrong. Either your VPN connected to a different server than displayed, or its server is mis-labeled, or you're getting routed through a transit network. Either way, you can't trust the location.
WebRTC is a browser technology designed for peer-to-peer connections - video calls, file transfers, multiplayer games. To make those work through firewalls, WebRTC asks your operating system "what are all your network interfaces?" and dutifully shares them with the website. Including the one your VPN is supposed to be hiding.
Good VPNs solve this by either blocking WebRTC's STUN requests at the firewall level or routing them through the tunnel. Bad VPNs (often free ones, browser-extension VPNs, and many corporate VPNs) don't. The result: you get a green padlock and a fake IP from the site's perspective, but anyone running a tiny piece of JavaScript can see your real IP via WebRTC.
Your computer asks DNS questions ("what's the IP for nytimes.com?") constantly - every page load triggers dozens of them. If those questions go to your ISP's DNS server, your ISP sees every site you visit even though the actual page traffic is encrypted. This is called a DNS leak, and it's the most common way VPNs fail without users noticing.
The kicker: DNS leaks often happen on Windows because of a feature called "smart multi-homed name resolution" that sends DNS queries out every interface simultaneously, "for speed." Your VPN tunnel gets the question, but so does your ISP. Killing this requires registry edits or a VPN app that does it for you.
Three reasons, in order of frequency:
Browser-extension VPNs (the kind you install from the Chrome Web Store) are not real VPNs. They're HTTP proxies pretending to be VPNs. They only route browser traffic - not your other apps, not background processes, not even WebRTC in many cases. They're better than nothing for casual unblocking, but if you're worried about privacy or doing anything sensitive, install a real VPN application.
For leak prevention specifically: yes, almost always. Free VPNs are funded by selling your data, injecting ads, or both. They have weaker leak protection because that costs money to maintain. We've tested dozens of free VPNs with this exact tool, and almost all of them have at least one leak - usually DNS.
The exceptions: ProtonVPN's free tier is genuinely safe (limited servers but no leaks), and Cloudflare's 1.1.1.1 with WARP isn't really a VPN but does encrypt DNS. Everything else free should be assumed compromised.
Realistically: once when you first set up a VPN, and once after each major OS update. VPN behavior can change after Windows or macOS updates because the OS sometimes resets network settings or introduces new features (like Apple's Private Relay) that interact weirdly with VPNs.
If you're using a VPN for serious privacy reasons (journalism, activism, living under a hostile government), check before every session. It takes 5 seconds and a leak you don't catch can be the difference between fine and not-fine.
Run through this checklist:
VPNs are infrastructure. Like seatbelts: most of the time you don't need them, the day you need them you really need them, and the only acceptable failure mode is "always works." Test yours occasionally, especially after any system change. The 30 seconds you spend on this page is the cheapest insurance you'll buy this year.