URL encoder / decoder

Encode and decode URL components and query parameters. Includes a URL parser that breaks any URL into its parts.

Encode →← Decode

URL parser

What is URL encoding?

URL encoding (also called percent-encoding) is the mechanism for representing characters in a URL that aren't allowed in the standard ASCII character set or that have special meaning in URL syntax. Defined by RFC 3986, it replaces unsafe characters with a % sign followed by two hexadecimal digits representing the character's byte value.

For example, a space becomes %20, an ampersand becomes %26, and a forward slash becomes %2F. Non-ASCII characters (like accented letters or emoji) are first encoded as UTF-8 bytes, then each byte is percent-encoded individually — so the é character (U+00E9) becomes %C3%A9 (two UTF-8 bytes).

URLs have a strict syntax where characters like ?, #, &, and = serve as structural delimiters. If these characters appear in data (like a search query containing an ampersand), they must be percent-encoded to prevent the URL parser from misinterpreting them as structural boundaries.

When to encode URLs

Query parameters with special characters — if a parameter value contains &, =, #, or spaces, it must be encoded. The URL ?q=rock&roll has two parameters (q=rock and roll=), while ?q=rock%26roll correctly passes the single value "rock&roll".

User-generated content in URLs — any time user input becomes part of a URL (search queries, profile names, file paths), encode it to prevent URL injection and broken links.

API requests — when constructing API calls programmatically, always encode parameter values. Most HTTP client libraries do this automatically, but manual URL construction requires explicit encoding.

Redirects and callbacks — OAuth flows and payment gateways often pass URLs as parameter values (e.g. ?redirect_uri=https%3A%2F%2Fexample.com%2Fcallback). The inner URL must be fully encoded.

Frequently asked questions

What's the difference between %20 and + for spaces?
Both represent a space, but in different contexts. %20 is the standard percent-encoding defined by RFC 3986 and works everywhere in a URL — path segments, query strings, and fragments. The + sign represents a space only in the application/x-www-form-urlencoded format, which is what HTML forms submit by default. When building URLs programmatically, %20 is always the safer choice. JavaScript's encodeURIComponent() produces %20, while form submissions produce +.
What's the difference between encodeURI and encodeURIComponent?
encodeURI() encodes a complete URI, preserving characters that have structural meaning in URLs: : / ? # [ ] @ ! $ & ' ( ) * + , ; =. Use it when you have a full URL and want to encode only the unsafe characters. encodeURIComponent() encodes everything except - _ . ~ A-Z a-z 0-9 — including /, ?, and =. Use it when encoding a single value that will be placed inside a URL component, like a query parameter value.
Why do emojis work in URLs?
When you paste an emoji into a browser's address bar, the browser automatically percent-encodes it using UTF-8. The emoji 😀 (U+1F600) becomes the UTF-8 bytes F0 9F 98 80, which are percent-encoded as %F0%9F%98%80. For domain names, internationalised domain names (IDN) use Punycode encoding — for example, münchen.de becomes xn--mnchen-3ya.de. Both mechanisms allow non-ASCII characters while keeping URLs compatible with ASCII-only systems.

Related tools

Base64 encoder/decoderEncode text to Base64 or decode Base64 to text./converters/base64Slug generatorConvert any text into a URL-friendly slug./generators/slugJSON formatterPrettify, minify, and validate JSON./formatters/jsonRegex testerTest regular expressions with live match highlighting./explainers/regex