Skip to content
Pricing
Log InStart Free TrialBook a Demo
Risk & Detection

VPN Detection

VPN detection is the identification of visitors routing their traffic through a virtual private network, using signals like IP reputation, timezone mismatches, WebRTC leak analysis, and DNS patterns. It reveals when a user's apparent network location is being masked by an encrypted tunnel.

How it works

How VPN Detection works

The most direct approach checks the connecting IP against reputation data listing known VPN provider endpoints, since commercial VPNs operate from identifiable ranges. This alone catches many users but misses smaller or private VPNs, so detection combines it with behavioral and inconsistency signals.

A powerful class of signals looks for contradictions between what the tunnel presents and what the device reveals. If the IP geolocates to one country but the browser's timezone or locale points elsewhere, the mismatch suggests the network location is masked. WebRTC can also leak a device's real IP even when a VPN is active, and DNS resolution patterns can betray tunneling, both of which sharpen the detection.

Because none of these signals is individually conclusive, they are weighed together. A known VPN IP plus a timezone mismatch plus a WebRTC leak is a far stronger indication than any one alone, and the combined result is expressed as a detection flag or contribution to a risk score rather than a hard fact.

Why it matters

Why VPN Detection matters for fraud prevention

VPNs are dual-use: millions of legitimate people rely on them for privacy, but fraudsters also use them to bypass geographic restrictions, evade IP blocks, and hide the origin of coordinated attacks. Detecting VPN use does not by itself condemn a visitor, but it is an important input that, combined with other signals, helps distinguish a privacy-conscious customer from an attacker deliberately obscuring their location.

With TRACIO

How TRACIO handles it

TRACIO surfaces VPN detection as one of its Smart Signals, computed server-side from IP reputation and reinforced by client-side inconsistency signals such as timezone mismatches and WebRTC leak analysis. The signal is returned as context for the customer's own decisioning rather than an automatic block, reflecting the reality that VPN use alone is not proof of fraud.

FAQ

Frequently asked questions

Identify every device with confidence

Start with a free plan of 2,500 API calls per month. No credit card required.