IP/HTTP Header Leak Test

What does this test check?

• HTTP API: Your visible exit IP — the baseline for comparison
• Cross-domain Fetch: CORS request to a different subdomain — tests if proxy covers all domains
• Cross-domain Image: Loading a tracking pixel from a different subdomain
• WebSocket: WebSocket connection to a different subdomain — tests if proxy covers WS protocol
• WebRTC STUN: Browser's STUN-mapped public IP — the classic VPN leak via UDP
• IPv6 / Proxy Headers: IPv6 connections and HTTP headers that expose your real IP
• QUIC / HTTP/3: UDP-based connection on port 443 — TCP-only proxies may not tunnel QUIC, causing the browser to connect directly

QUIC Leak Explained

QUIC (HTTP/3) uses UDP port 443. Many proxy tools (especially HTTP proxies and some SOCKS5 proxies) only handle TCP traffic and don't tunnel UDP. When the browser attempts a QUIC connection:

• If the proxy doesn't support UDP, the browser may bypass it and connect directly via QUIC, leaking your real IP
• If the proxy supports but doesn't properly handle QUIC, the connection falls back to HTTP/2 (TCP) — no leak but loses QUIC performance
• TUN mode captures all UDP traffic (including QUIC), making it the most reliable anti-leak solution

Prevention: ① Enable TUN mode or TPROXY in your proxy tool (captures UDP); ② Disable QUIC in browser: Chrome → chrome://flags/#enable-quic → Disabled; ③ Use proxy protocols that support UDP forwarding (Shadowsocks, Trojan, VLESS+XUDP).