How to detect VPN users on your website

Learn how to detect VPN users on your website using the IPLocate API. Useful for fraud prevention, geo-restrictions, and threat detection.

← Back to all posts

If you’re building a website or web app that needs to detect users connecting through a VPN—whether to prevent fraud, enforce geo-restrictions, or flag suspicious traffic—you can do it in just a few lines of code using IPLocate.

IPLocate provides fast, accurate IP geolocation and threat detection, including VPN and proxy detection. You can get started for free by signing up for an API key.

Below are some simple examples using Javascript to detect VPN usage via the IPLocate API.

Example: Detect VPN client-side with Javascript

const response = await fetch('https://iplocate.io/api/lookup/?apikey=YOUR_API_KEY');
const data = await response.json();

if (data.privacy && data.privacy.is_vpn) {
  console.log("This user is likely using a VPN.");
  // You can log, flag, or block the user here
} else {
  console.log("User is not using a VPN.");
}

This fetches IP data for the current user and checks the privacy.is_vpn field—true means the IP is known to be part of a VPN network.

The response also includes other helpful fields like is_proxy, is_tor, and is_hosting, which you can use for additional filtering or analysis. See our API documentation for details on all available fields.

Example: Detect VPN server-side with Express.js

const express = require('express');
const fetch = require('node-fetch');

const app = express();
const API_KEY = 'YOUR_API_KEY';

app.get('/', async (req, res) => {
  const ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
  const url = `https://iplocate.io/api/lookup/${ip}?apikey=${API_KEY}`;

  try {
    const response = await fetch(url);
    const data = await response.json();

    if (data.privacy && data.privacy.is_vpn) {
      console.log(`VPN detected for IP: ${ip}`);
      // Handle VPN logic here
    } else {
      console.log(`No VPN detected for IP: ${ip}`);
    }

    res.send('Request processed.');
  } catch (err) {
    console.error('Error checking VPN status:', err);
    res.status(500).send('Error checking IP address.');
  }
});

app.listen(3000, () => console.log('Server running on port 3000'));

You can find other code snippets — including Python, PHP, others, and our client libraries — on our docs page.

Want to start detecting VPNs on your site? Sign up for a free API key.

The best VPN detection API, period.

Our data is updated multiple times throughout the day to track the latest VPN networks. Find out why others trust the accuracy of IPLocate‘s VPN detection and threat intelligence.

Sign up for free See the quick start guide