URL Encoder/Decoder
Encoders & DecodersPercent-encode and decode URLs, query strings, and form data. Free, private — all processing in your browser.
The URL Encoder / Decoder is a free online tool for percent-encoding (URL encoding) and decoding strings according to RFC 3986. Any time you put arbitrary text into a URL — query parameters, path segments, fragments, or form data — special characters must be encoded as % followed by their two-digit hexadecimal byte values. This tool handles encoding and decoding instantly for single values or entire URLs, with options for full-URL encoding versus component-level encoding (equivalent to JavaScript's encodeURI vs encodeURIComponent).
URL encoding is essential for correct web behavior: characters like space, &, =, ?, #, /, +, and non-ASCII characters (Unicode) have special meaning or cannot be safely transmitted in URLs. Without encoding, they break parsing, get truncated, or cause security issues. This tool is frequently used by developers debugging malformed query strings, constructing API URLs with user-supplied parameters, analyzing logs, building redirect URLs, or decoding URL-encoded data captured from web traffic. Processing is entirely client-side — no data is uploaded, logged, or tracked.
URL Encoder/Decoder — key features
Encode and decode instantly
Paste any string and see the encoded/decoded result in real-time. Switch between encode and decode modes with one click.
Component vs full URL encoding
Choose `encodeURIComponent` (encode everything except safe chars) for query values, or `encodeURI` (preserve URL structure) for full URLs.
Space as %20 or +
Toggle between strict RFC 3986 encoding (space as %20) and form-encoded (space as +). Match the format your API expects.
Handle Unicode correctly
Unicode characters (emoji, Chinese, Arabic, Greek) are encoded as UTF-8 byte sequences (%XX%XX) per the WHATWG URL standard.
Bulk encoding
Encode or decode a list of strings — one per line. Useful for processing batches of URLs from log files or spreadsheets.
Inspect query parameters
Paste a full URL to see each query parameter decoded separately. Useful for debugging URL-encoded webhooks and redirect flows.
Copy, download, and share
Copy results to clipboard or download as a text file. Works with any amount of data your browser can hold in memory.
100% client-side, private
Nothing leaves your browser. Safe to encode sensitive data (API keys in query params, OAuth codes, signed URLs).
How to use the URL Encoder/Decoder
- 1
Choose encode or decode
Select Encode to convert a plain string to URL-safe form, or Decode to reverse percent-encoded text back to the original.
- 2
Paste your input
Type or paste the string you want to process. Can be a single value, a full URL, or a list of strings.
- 3
Pick encoding mode
Use Component for individual query parameters or path segments. Use Full URL for entire URLs where `:`, `/`, `?` must remain unencoded.
- 4
Choose space representation
Toggle between `%20` (standard) and `+` (form-encoded). Most APIs accept both, but match the target system's convention.
- 5
Copy the result
The output updates instantly. Click Copy to put it on your clipboard, or Download to save as a file.
Common use cases for the URL Encoder/Decoder
API integration
- →Construct API URLs with user input: When a user searches for `cats & dogs`, encode the query as `cats%20%26%20dogs` before putting it in the URL.
- →Encode OAuth redirect URLs: OAuth 2.0 `redirect_uri` parameters must be URL-encoded when included in an authorization URL.
- →Build webhook URLs with query parameters: Include signed tokens or payload hashes in webhook URLs with proper encoding.
- →Handle special characters in REST paths: Path segments containing `/`, `?`, or `#` must be encoded to avoid breaking the URL structure.
Web development
- →Encode form data: HTML forms with `application/x-www-form-urlencoded` content type use URL encoding. Construct form bodies manually when needed.
- →Decode query strings: When parsing `?name=Jane%20Doe&city=S%C3%A3o%20Paulo`, decode each value to get the original strings.
- →Debug malformed URLs: Copy a URL from a log or error report and decode it to see what was actually intended.
- →Create shareable links with parameters: When building share URLs (Twitter, WhatsApp, email), encode user-generated content correctly.
Debugging and analysis
- →Analyze suspicious URLs: Phishing URLs often hide malicious parameters with aggressive encoding. Decoding reveals their true intent.
- →Inspect webhooks and callbacks: Decode URL-encoded webhook payloads to understand what data is being sent.
- →Read log files: Server access logs often contain URL-encoded query strings. Decode to make them human-readable.
Content management
- →Build SEO-friendly URLs: Convert titles like `How to Use React Hooks & Context` into URL-safe slugs by encoding or by creating a slug (see our [Text to Slug tool](https://tooleras.com/tools/text-to-slug)).
- →Encode filenames for downloads: When generating download URLs for files with spaces or special characters, encode the filename.
- →Create mailto links with body: `mailto:?subject=Hello&body=This%20is%20important` — encode body and subject before constructing the link.
URL Encoder/Decoder — examples
Encode a query value
A search term with spaces and special characters.
Hello World & Co.
Hello%20World%20%26%20Co.
Decode percent-encoded string
Reverse the encoding to get readable text.
S%C3%A3o%20Paulo%2C%20Brazil
São Paulo, Brazil
Full URL encoding
Preserves URL structure, encodes unsafe chars in path and query only.
https://tooleras.com/search?q=hello world & friends
https://tooleras.com/search?q=hello%20world%20&%20friends
Component encoding
Encodes everything reserved — for individual query values.
hello world & friends
hello%20world%20%26%20friends
Unicode emoji
Emoji are encoded as UTF-8 byte sequences.
I love 🚀 and ☕
I%20love%20%F0%9F%9A%80%20and%20%E2%98%95
Form-encoded space (+)
Alternative for application/x-www-form-urlencoded form data.
Mode: form-encoded Input: hello world
hello+world
Decode query string
Parse multiple parameters from a URL query.
?name=Jane%20Doe&city=S%C3%A3o%20Paulo&tags=js%2Creact
name = Jane Doe city = São Paulo tags = js,react
Technical details
URL encoding, formally called percent-encoding, is defined in RFC 3986 Section 2. The rules:
Unreserved characters (never encoded, always safe in URLs):
- A-Z, a-z, 0-9, -, _, ., ~
Reserved characters (have special meaning, must be encoded when used literally):
- Generic delimiters: : / ? # [ ] @
- Subdelimiters: ! $ & ' ( ) * + , ; =
Everything else must be percent-encoded: convert each byte of the UTF-8 representation to %XX where XX is the uppercase two-digit hex value.
Examples:
- Space: %20 (or + in form-encoded data)
- &: %26
- =: %3D
- ?: %3F
- /: %2F
- Unicode: é (UTF-8: 0xC3 0xA9) → %C3%A9
Full URL encoding vs component encoding:
- encodeURI(url) — encodes a full URL but does not encode characters that are legal in URLs (; / ? : @ & = + $ , #). Use when you have an entire URL.
- encodeURIComponent(value) — encodes everything except unreserved characters. Use for individual query values, path segments, or form fields.
Important difference in form encoding: HTML forms with application/x-www-form-urlencoded encoding replace space with + instead of %20. Both are valid in query strings but %20 is the universal form. Modern APIs typically use %20. This tool supports both.
Common problems and solutions
⚠Double-encoding
Encoding an already-encoded string turns `%20` into `%2520` (because `%` becomes `%25`). This breaks URLs. Always decode first if the input might already be encoded, or use a function that is idempotent for safe characters.
⚠Confusing encodeURI with encodeURIComponent
`encodeURI` leaves `:`, `/`, `?`, `&`, `=`, `#`, `+` unencoded — fine for a full URL but wrong for query values (the `&` in a value would be misread as a parameter separator). Use `encodeURIComponent` for individual parameter values.
⚠Space as + vs %20
Form-encoded data (`application/x-www-form-urlencoded`) uses `+` for space. URLs use `%20`. Both are valid but confusing — make sure the decoder expects the format you used. Most modern code handles both.
⚠Encoding the wrong character set
JavaScript's `encodeURIComponent` uses UTF-8 by default (correct for 99% of cases). Legacy code may use Latin-1 or other encodings — if you see garbled characters after decoding, check that both ends agree on UTF-8.
⚠Forgetting to encode reserved characters
Characters like `&` and `=` have structural meaning in query strings. If a user's search query contains `cats & dogs`, the raw `&` will split the query — always encode values.
⚠Over-encoding safe characters
Encoding `A-Z`, `a-z`, `0-9`, `-`, `_`, `.`, `~` is unnecessary and makes URLs harder to read. Stick to encoding only what needs it.
⚠Not encoding path segments with /
If a path segment contains `/`, it must be encoded as `%2F` or it will be interpreted as a new path level. Example: to reference file `folder/sub`, encode as `folder%2Fsub`.
⚠URL length limits
URLs have practical length limits (~2048 characters for older IE, ~8000 for modern browsers, server-dependent). If you URL-encode large payloads, switch to POST request body instead — it has no such limits.
URL Encoder/Decoder — comparisons and alternatives
URL encoding vs Base64: Both represent arbitrary data as text, but for different channels. URL encoding targets URL contexts with ~2% size overhead (only unsafe chars expand). Base64 targets binary-to-text channels with ~33% size overhead. Use URL encoding for query strings, Base64 for binary payloads inside JSON or email.
URL encoding vs HTML entity encoding: URL encoding uses %XX for bytes; HTML entity encoding uses <, & (or numeric <) for characters. URL encoding targets URL context; HTML entity encoding targets HTML content. Not interchangeable.
encodeURIComponent vs encodeURI (JavaScript): encodeURIComponent encodes everything except unreserved characters. encodeURI leaves common URL delimiters (: / ? # & = +) unencoded. Use Component for parameter values, URI for whole URLs.
URL encoding vs URL slug generation: For human-readable URLs, use slugification (convert Hello, World! to hello-world by our Text to Slug tool) instead of encoding. Slugs are SEO-friendly; URL-encoded characters are ugly.
Percent-encoding vs punycode: Internationalized domain names (IDNs) use punycode, not URL encoding. Example: münchen.de → xn--mnchen-3ya.de. Percent-encoding applies to paths and query strings, not to hostnames.
URL encoding in Java/Python/PHP/Go: Every language has URL encoding: Java URLEncoder.encode() (always uses + for space, different from JS), Python urllib.parse.quote() (uses %20), PHP urlencode() (uses +) vs rawurlencode() (uses %20), Go url.QueryEscape() (uses +) vs url.PathEscape(). Match the spec your target API expects.
Frequently asked questions about the URL Encoder/Decoder
▶What is URL encoding?
URL encoding (also called percent-encoding) is the process of converting characters that have special meaning in URLs (like &, =, ?, /, and spaces) into a format that can be safely transmitted in URLs. Unsafe characters are replaced with % followed by their two-digit hexadecimal byte value. For example, a space becomes %20 and & becomes %26. Defined in RFC 3986.
▶When do I need to URL-encode?
Whenever you put user-supplied or arbitrary data into a URL: query parameters (?search=...), path segments (/category/...), URL fragments (#section), or form bodies. If the data contains any character outside A-Z, a-z, 0-9, -, _, ., ~, it should be encoded to avoid breaking the URL structure or losing data.
▶What is the difference between %20 and + for space?
Both represent a space, but in different contexts. %20 is the standard RFC 3986 encoding, used in URLs (paths, query strings). + is an alternative used specifically in application/x-www-form-urlencoded form bodies. Most modern servers and client libraries accept both, but generating URLs with %20 is safer and works everywhere.
▶What is the difference between encodeURI and encodeURIComponent?
encodeURI(url) encodes a full URL but preserves characters with URL structure meaning: : / ? # & = +. Use when you have a complete URL. encodeURIComponent(value) encodes almost everything except unreserved chars. Use when encoding a single query value, path segment, or form field. A common mistake is using encodeURI for individual values, which fails when the value contains &.
▶How are Unicode characters (é, 中, 🚀) encoded?
Unicode characters are first encoded as UTF-8 bytes, then each byte is percent-encoded. é (UTF-8: 0xC3 0xA9) becomes %C3%A9. 中 (UTF-8: 0xE4 0xB8 0xAD) becomes %E4%B8%AD. Emoji use 4 bytes in UTF-8, so 🚀 becomes %F0%9F%9A%80. This is the standard WHATWG URL encoding used by all modern browsers and libraries.
▶Is URL encoding the same as Base64?
No. URL encoding expands only unsafe characters (~2% size increase for mostly-ASCII text). Base64 expands all data uniformly (33% size increase) and uses a 64-character alphabet that happens to be URL-safe. Use URL encoding for query strings, Base64 for binary data or tokens inside URLs.
▶Can URL encoding be used for security?
No. URL encoding is not a security mechanism. Anyone can decode URL-encoded strings instantly — it is just a representation change. Sensitive data like passwords or API keys should not rely on encoding for protection. Use HTTPS (TLS) for confidentiality, authentication tokens for access control, and never put secrets in URLs (they appear in logs, browser history, Referer headers).
▶Why do I get %25 in my decoded output?
Double-encoding. Someone encoded the string, and then encoded the result again — so % became %25. When you decode once, %2520 → %20 instead of back to a space. To fix: decode twice, or fix the encoding pipeline so encoding happens only once.
▶Does URL encoding apply to domain names?
No. Domain names use a different encoding called Punycode for internationalized domain names (IDNs). münchen.de becomes xn--mnchen-3ya.de. URL encoding applies only to the path, query, and fragment portions of a URL, not the scheme, host, or port.
▶What characters should I always encode?
Encode any character outside the unreserved set: A-Z, a-z, 0-9, -, _, ., ~. This includes space, <, >, #, %, {, }, |, \, ^, ` `, [, ], and all non-ASCII characters. For query parameter values, also encode &, =, +, ?` because they have query-string meaning.
Additional resources
- RFC 3986 — Uniform Resource Identifier (URI): Generic Syntax — Official spec that defines URL structure and percent-encoding rules.
- MDN — encodeURIComponent — JavaScript reference for the standard URL component encoder.
- WHATWG URL Standard — Living specification for URL parsing and encoding as implemented by browsers.
- application/x-www-form-urlencoded — W3C specification for form-encoding (uses + for space).
- Punycode (RFC 3492) — The encoding used for internationalized domain names.
Related tools
All Encoders & DecodersBase64 Encoder/Decoder
Encode and decode Base64 strings, files, and images instantly
Extract URLs from Text
Extract every URL from pasted text with deduplication, validation, and export to CSV, JSON, or newline-separated list.
Hex to Text Converter
Convert hexadecimal byte sequences to readable ASCII or UTF-8 text with flexible input formatting.
HTML Entity Encoder/Decoder
Encode special characters to HTML entities (&, <, ", ©) or decode entities back to their literal characters.
JSON Escape/Unescape
Escape JSON for embedding in code or unescape JSON strings back to readable format
JWT Decoder
Decode and inspect JSON Web Token (JWT) headers, payloads, and signatures
Learn more
Explore more tools
200+ free tools that run in your browser.
Browse all tools →