An Internet Protocol address, or IP address, is a unique number assigned to every device that speaks on the internet. It plays roughly the same role as a postal address: every packet of data carries the address it came from and the address it's going to, and routers along the way use those addresses to decide where to forward the packet next.

Two versions are in active use today. IPv4, the original, uses a 32-bit number written as four dotted decimals (192.0.2.1). IPv6, the successor, uses a 128-bit number written as eight colon-separated groups of hexadecimal digits (2001:db8::1). We'll dig into the difference lower on the page.

What your browser just showed you is your public IP — the one the rest of the internet sees. Inside your home or office network, your actual device typically has a different, private IP (starting with 10., 172.16.–172.31., or 192.168.), as defined by RFC 1918. A router translates between the two.

At the lowest level, an IP address does two things: it identifies a network endpoint, and it lets packets be routed between endpoints. Every other use in the list below is a layer built on top of those two facts.

• Routing. Every internet router keeps a table mapping address ranges to the next hop. Your IP is how the response to a request finds its way back to you.
• Identification. Servers can distinguish connections from different clients by their source IP, at least at the network level.
• Access control. Firewalls and ACLs allow or deny traffic based on IP addresses and ranges. This is the "open a port for my IP" use case that probably brought you here.
• Rate limiting and abuse prevention. Services count requests per IP to block scrapers, brute-force attacks, and denial-of-service traffic.
• Geolocation. The regional registry that assigned a block of addresses, plus commercial IP-geolocation databases, can usually place an IP in a country and often a city.
• Logging and analytics. Server logs almost universally record the client IP alongside each request, for security investigations, analytics, and compliance.

Your IP address is not a secret — every site you visit sees it, as does every server you connect to — but it isn't nothing either. Worth understanding what it does and doesn't reveal.

What an IP can reveal:

• Your approximate physical location, usually down to the city level.
• Your ISP, which often implies the kind of connection (home broadband, mobile carrier, data center, VPN provider).
• That the same "visitor" returned — not by identity, but as a rough fingerprint for a session or a multi-request interaction.

What an IP generally doesn't reveal:

• Your name, address, or account — those come from logged-in sessions, cookies, and browser fingerprinting, not the IP alone.
• Your home address. Geolocation databases are approximate; most map an IP to the ISP's regional hub or a populated point nearby.
• The contents of what you did. That's what encryption (HTTPS) is for.

Risks worth knowing about:

• Subpoena-able identification. Your ISP knows which IP was assigned to which customer at a given time, and law enforcement can compel that mapping with a warrant or subpoena.
• Targeted attacks. A known IP is the starting point for a DDoS or port-scan, which matters most for publicly exposed servers and gaming rigs running peer-to-peer services.
• Cross-site correlation. The same IP showing up on many different services is one signal among several that advertising networks and fraud systems use to link activity.

The Electronic Frontier Foundation has extensive, readable material on how IPs factor into broader online privacy if you want to go deeper.

Outside of routing, here's where your IP ends up in practice:

• Corporate firewalls and cloud security groups. "Allow-list my IP so I can SSH into the jump host" is the single most common use of a page like this one. Administrators paste your IP into a rule and traffic from it flows through.
• Content delivery networks. Cloudflare, Akamai, Fastly and their peers inspect client IPs at the edge to block abusive traffic before it reaches the origin server.
• Streaming services. Netflix, Hulu, BBC iPlayer and similar use IP geolocation to decide what content you're allowed to stream — which is why VPNs that change your apparent country are a cat-and-mouse game with them.
• Social media platforms. Twitter/X, Facebook, Instagram, TikTok and others use IP addresses as one signal among many to flag suspicious logins, detect ban-evasion accounts, enforce country-specific content rules, and fight spam. You'll see this when a "login from a new location" email arrives the first time you open an app on an airport Wi-Fi.
• Advertising networks. IP is a weak per-device identifier (many people share one), but ad networks combine it with browser fingerprinting, cookies, and logged-in identity to target ads and attribute conversions.
• Fraud detection. Banks, e-commerce platforms, and ticket resellers score the reputation of every incoming IP. Data-center IPs, known VPNs, Tor exit nodes, and IPs that have historically produced chargebacks get more scrutiny.
• Law enforcement. An IP logged by a service, subpoenaed to the assigning ISP, can be traced back to a subscriber account. This is how most "person behind an online threat" investigations actually unfold.
• Diagnostic tooling. ping, traceroute, whois, and every network troubleshooting tool start from an IP address.

The internet runs on two versions of IP simultaneously. IPv4 is the original; IPv6 is its long-delayed replacement. Most devices now speak both (this is called "dual stack"), picking whichever one works for a given destination.

IPv4 (1981)

IPv4 was specified in RFC 791 in September 1981. Its addresses are 32 bits long, giving a maximum of roughly 4.3 billion — an enormous number in 1981, an obviously-too-small number by the 1990s. The dotted-quad notation (192.0.2.1) is the human-readable form of that 32-bit integer.

The addresses effectively ran out starting in the early 2010s, as the five regional internet registries (ARIN, RIPE NCC, APNIC, LACNIC, AFRINIC) exhausted their IPv4 pools between 2011 and 2019. The internet didn't collapse because of NAT (Network Address Translation): your home router presents a single public IPv4 to the world and hands out private addresses internally, so an entire household shares one public address. Mobile carriers take this further with carrier-grade NAT, with thousands of subscribers sharing a single public IPv4.

IPv6 (1995, updated 2017)

IPv6 was first specified in the mid-1990s and is now defined by RFC 8200 (2017). Its addresses are 128 bits — 3.4 × 10³⁸ of them, a number large enough that every grain of sand on Earth could have its own subnet and never run out.

Beyond more addresses, IPv6 was designed with the benefit of twenty years of IPv4 operational experience: a simpler, fixed-size header that routers can forward faster; built-in autoconfiguration (SLAAC) so devices can generate their own addresses without DHCP; mandatory multicast; and originally-mandatory, now-optional IPsec for end-to-end encryption. NAT is no longer needed — every device can have its own globally-routable address.

Adoption has been slow but steady. Google's running count of the share of its users arriving over IPv6 hovers around the mid-40s as a percent in early 2026, up from essentially zero in 2010. The long tail of IPv4-only infrastructure, combined with the fact that NAT made IPv4 exhaustion survivable, is why the transition has taken decades rather than years.

Quick comparison