Addressing in Browsers

This document is a guide to how to address IPFS content paths on the web.

HTTP Gateways

Gateways are provided strictly for convenience: in other words, they help tools that speak HTTP but do not speak distributed protocols such as IPFS. They are the first stage of the upgrade path for the web.

Centralization Concerns

HTTP gateways have worked well since 2015, but they come with a significant set of limitations related both to the centralized nature of HTTP and some of HTTP’s semantics. Location-based addressing of a gateway depends on both DNS and HTTPS/TLS, which relies on a trust in certificate authorities (CA) and public key infrastructure (PKI). In the long term, these issues should be mitigated by use of opportunistic protocol upgrade schemes.

Protocol Upgrade

Tools and browser extensions should detect IPFS content paths and resolve them directly over IPFS protocol. They should use HTTP gateway only as a fallback when no native implementation is available in order to ensure a smooth, backward-compatible transition.

Gateway Types

Path Gateway

In the most basic scheme, a URL path used for content addressing is effectively a resource name without a canonical location. The HTTP server provides the location part, which makes it possible for browsers to interpret an IPFS content path as relative to the current server and just work without a need for any conversion:



Subdomain Gateway

When origin-based security perimeter is needed, CIDv1 in Base32 (RFC4648, no padding) should be used in the subdomain:



The gateway provided by the IPFS daemon understands the Host header present in HTTP requests, and will check if DNSLink exists for a specified domain name. If DNSLink is present, the gateway will return content from a path resolved via DNS TXT record. This type of gateway provides full origin isolation.

Example: (this website)

For a more complete DNSLink guide, including tutorials, usage examples and FAQs, check out

Native URLs

Subdomain convention can be replaced with a native handler. The IPFS URL protocol scheme follows the same requirement of case-insensitive CIDv1 in Base32 as subdomains:


An IPFS URL does not retain the original path, but instead requires a conversion step to/from URI representation:


The first element after the double slash is an opaque identifier representing the content root. It is interpreted as an authority component used for origin calculation, which provides necessary isolation between security contexts of different content trees.




Technical Specification for Implementers

The best and most up-to-date source of truth about IPFS addressing can be found in the IPFS in-web-browsers repo.

Background on Address Scheme Discussions

Discussions around IPFS addressing have been going on since @jbenet published the IPFS whitepaper, with a number of other approaches being proposed. This long-standing design discussion includes many lengthy GitHub issue threads, but a good summary can be found in this PR .

Companion Browser Extension

IPFS Companion is a browser extension that simplifies access to IPFS resources.

It provides support for native URLs and will automatically redirect IPFS gateway requests to your local daemon so that you are not relying on, or trusting, remote gateways.

Future: Shared Dweb Namespace

The distributed web community is exploring the idea of a shared dweb namespace to remove the complexity of addressing IPFS and other content-addressed protocols. Currently investigated approaches include: