URL Encoder / Decoder
Percent-encode text and URLs, or decode them back instantly in your browser. Switch between component and full-URL modes, parse query strings into a readable table, and handle Unicode and emoji correctly with UTF-8 — everything runs locally, so your data is never uploaded.
| Key | Value |
|---|
How the URL encoder / decoder works
This tool converts between plain text and percent-encoded text entirely in your browser. Nothing is ever transmitted to a server — the conversion is performed by JavaScript running on your device.
Encoding
When you encode, each unsafe or reserved character is converted to its UTF-8 bytes
and every byte is written as a percent sign followed by two hexadecimal digits. A space becomes
%20, an accented letter such as é becomes %C3%A9, and an emoji expands to
several escapes. ASCII letters, digits, and a handful of unreserved symbols are left untouched.
Decoding
When you decode, the tool reads each %XX sequence, reconstructs the original UTF-8
bytes, and turns them back into text. Whitespace and line breaks are preserved. If a %
is not followed by two valid hex digits, you get a clear message pointing at the problem rather
than a cryptic browser error.
Component vs Entire URL
Component mode (encodeURIComponent) escapes the reserved characters
: / ? # & = too, which is what you want for a single query-parameter value.
Entire URL mode (encodeURI) leaves those structural characters intact
so you can safely encode a whole, already-assembled URL.
Query parser, auto-detect & swap
Paste a URL or query string and the tool also breaks it into a decoded key/value table. Auto-detect chooses encode or decode for you, and Swap moves the result into the input and flips the action so you can round-trip a value and confirm it matches.
What is URL encoding?
URL encoding — also called percent-encoding — is a mechanism for representing characters in a URL that are unsafe, reserved, or outside the ASCII range. It is defined in RFC 3986 and is one of the most fundamental encodings on the web. Its job is to let arbitrary data ride inside a URL without colliding with the characters that give a URL its structure.
How it works
- Each character is first expressed as its UTF-8 bytes
- Each byte becomes
%+ two hex digits - A space becomes
%20 - Unreserved characters (
A–Z a–z 0–9 - _ . ~) stay as-is
Why it matters
?starts the query,#starts the fragment&separates parameters,=splits key from value/separates path segments- Any of these inside a value must be encoded
Encoding, not encryption: percent-encoding is fully reversible and uses no key. Anyone can decode it. Never use it to hide passwords or tokens — use proper encryption and HTTPS for confidentiality.
Common URL-encoded characters
These are the percent-encoded forms you will run into most often. The two digits after the
% are simply the character's byte value in hexadecimal.
| Character | Name | Encoded |
|---|---|---|
| (space) | Space | %20 |
| ! | Exclamation | %21 |
| # | Hash / fragment | %23 |
| $ | Dollar | %24 |
| % | Percent | %25 |
| & | Ampersand | %26 |
| + | Plus | %2B |
| Character | Name | Encoded |
|---|---|---|
| / | Slash | %2F |
| : | Colon | %3A |
| ; | Semicolon | %3B |
| = | Equals | %3D |
| ? | Question mark | %3F |
| @ | At sign | %40 |
| é | e-acute (UTF-8) | %C3%A9 |
Common uses for URL encoding
Percent-encoding turns up wherever data has to travel inside a URL. Here are the places developers and IT professionals encounter it most often.
- Query parameters — encoding search terms, filters, and IDs in
?key=value - REST API calls — passing values with spaces or symbols in a path or query
- Form submissions —
application/x-www-form-urlencodedrequest bodies - OAuth & redirects — encoding a
redirect_uriinside another URL
- Tracking links — UTM parameters and campaign tags
- Webhooks — embedding callback URLs as parameter values
- Internationalized text — non-Latin scripts and emoji in links
- Debugging — decoding a long URL to read what each parameter actually contains
Tip: when you only need to encode one query value, use Component mode so
that characters like &, =, and / in the value are escaped
and cannot break the surrounding URL.
Privacy: processed locally in your browser
Everything this tool does happens entirely in your browser. When you type or paste text, it is handled exclusively by JavaScript running in your browser tab — it is never transmitted to any server, never logged, and never stored anywhere outside your device.
That makes the tool safe for inspecting URLs that contain session tokens, API keys, or other sensitive query values. Remember, though, that percent-encoding provides no secrecy: if a URL contains a credential, decoding it reveals that credential in plain text, so treat the result accordingly.
Technical verification: Open your browser's developer tools (F12), select the Network tab, and encode or decode something. You will see zero outgoing requests. The tool works entirely through in-memory JavaScript execution.
Frequently asked questions
What is URL encoding?
URL encoding, also called percent-encoding, is a way to represent characters in a URL that are
unsafe, reserved, or non-ASCII. Each such character is replaced by a percent sign (%)
followed by two hexadecimal digits that give the character's byte value in UTF-8 — for example a
space becomes %20 and a slash becomes %2F. It is defined in RFC 3986 and
lets data containing spaces, symbols, accents, or emoji travel safely inside a URL without breaking
its structure.
What is the difference between component encoding and full-URL encoding?
Component mode uses encodeURIComponent and escapes everything that is not unreserved,
including the reserved characters : / ? # & = and the plus sign. Use it when you are
encoding a single piece of a URL such as one query-parameter value, because those reserved
characters would otherwise change the meaning of the URL. Full-URL mode uses encodeURI
and leaves reserved structural characters like : / ? # intact, so it is meant for
encoding a whole URL that is already assembled, only fixing spaces and other unsafe characters.
Picking the wrong one can either break a URL's structure or leave a value under-encoded.
Why do URLs need to be encoded?
A URL has a strict syntax in which certain characters have special meaning: ? starts the
query string, & separates parameters, = separates a key from its value,
# starts a fragment, and / separates path segments. If a value you want to
put into a URL contains any of those characters, or a space, or a non-ASCII character, it must be
percent-encoded so it is treated as data rather than as part of the URL's structure. Without
encoding, a value such as first&last in a query parameter would be misread as two
separate parameters.
Is URL encoding the same as encryption?
No. URL encoding is a reversible representation, not encryption. It uses no key and provides no secrecy — anyone can decode a percent-encoded string back to its original content with a tool like this one. Its only purpose is to let data pass safely through a URL. Never rely on URL encoding to hide passwords, tokens, or other sensitive data; use real encryption such as TLS (HTTPS) for confidentiality.
Does this tool support Unicode, emoji, and accented characters?
Yes. Encoding and decoding use UTF-8, which is the standard for modern URLs, so accented letters,
non-Latin scripts, and emoji are handled correctly in both directions. A character outside ASCII is
first converted to its UTF-8 bytes and each byte is percent-encoded, so for example é becomes
%C3%A9 and 😀 becomes %F0%9F%98%80. Decoding reverses the process and
reconstructs the original character, so values round-trip exactly.
What do %20, %2F, %3A, and %3F mean?
They are the percent-encoded forms of common reserved or unsafe characters. %20 is a
space, %2F is a forward slash (/), %3A is a colon
(:), %3F is a question mark (?), %23 is a hash
(#), %26 is an ampersand (&), %3D is an equals
sign (=), and %2B is a plus sign (+). The two hexadecimal
digits after the % are simply the character's byte value, so you can look any of them up
in an ASCII table. This tool decodes all of them automatically.
How does the query-string parser work?
If your input contains a query string — a full URL with a ? or a bare string of
key=value pairs joined by & — the tool splits it into individual
parameters and shows each key and value decoded in a table. Plus signs are treated as spaces, the
way browsers handle form-encoded data, and each part is percent-decoded independently. This makes it
easy to read a long, messy URL at a glance and see exactly what each parameter contains.
Why am I getting a malformed percent-encoding error?
A decode error means the input contains a % that is not followed by two valid
hexadecimal digits. Common causes are a stray % sign that was meant literally (it should
be written %25), an incomplete sequence such as %2 at the end of the
string, or invalid characters after the % such as %ZZ. The tool points to
the first bad sequence and its position so you can fix it. If you actually want a literal percent
sign in encoded output, encode it first and it becomes %25.
Should a space be encoded as %20 or as a plus sign?
Both appear in practice, but they belong to different contexts. In a URL path and in modern
percent-encoding (RFC 3986) a space is %20. The plus sign represents a space only in the
older application/x-www-form-urlencoded format used by HTML form submissions and some
query strings. This tool encodes spaces as %20, which is the safe, general-purpose
choice, and when parsing a query string it also interprets a + as a space so form-style
URLs read correctly.
Is my data uploaded to any server?
No. All encoding, decoding, and query parsing happen entirely in your browser using JavaScript. Your text is never sent to any server, never logged, and never stored anywhere outside your own browser tab. You can confirm this by opening your browser's Network tab in developer tools while using the tool — you will see no outgoing requests. You can even disconnect from the internet after the page loads and it will keep working.