Encode and decode URL strings
Encode or decode URL strings online. Convert special characters to percent-encoding or decode percent-encoded URLs. Free URL encoder/decoder.
Paste or type the URL or text you want to encode into the input field. This can be a complete URL with query parameters, a single parameter value, or any text containing special characters.
Click the Encode button to convert special characters to percent-encoding (e.g., spaces become %20, ampersands become %26). This makes the text safe for use in URLs.
To decode, paste a percent-encoded URL or string and click the Decode button. The tool converts all percent-encoded sequences back to their original characters.
Copy the result to your clipboard for use in your application code, API requests, browser address bar, or configuration files.
URLs have a restricted character set. Characters like spaces, ampersands (&), question marks (?), hash signs (#), and non-ASCII characters must be percent-encoded to be safely included in URLs. Incorrect encoding causes broken links, failed API requests, and data corruption.
When building dynamic URLs with query parameters, proper encoding prevents parameter injection and ensures data is transmitted correctly. This is essential for API integrations, form submissions, redirect URLs, and any system that passes data through URL parameters.
Debugging URL encoding issues is a common developer task. When an API returns unexpected results or a link does not work, decoding the URL often reveals the problem: double-encoded characters, missing encoding, or incorrectly encoded special characters.
All encoding and decoding happens in your browser. URLs containing sensitive parameters like authentication tokens, API keys, and user data are never sent to any external server.
The tool handles all standard URL encoding cases including UTF-8 multibyte characters, reserved characters, and commonly mishandled edge cases like plus signs and tildes.
Remember the difference between encodeURI() and encodeURIComponent() in JavaScript: encodeURI() preserves URL-safe characters like :, /, ?, &, while encodeURIComponent() encodes everything except letters, digits, and - _ . ~
Spaces in URLs can be encoded as either %20 or + (in form data). Be aware of which format your target system expects.
Avoid double-encoding: if a URL is already properly encoded, encoding it again will turn %20 into %2520, breaking the URL. If you are unsure, decode first and then encode.
When debugging API issues, decode the full URL to see the actual parameter values being sent. This often reveals encoding problems that are not visible in the encoded form.
URL encoding (also called percent-encoding) converts characters that are not allowed or have special meaning in URLs into a safe format using percent signs followed by hexadecimal values. For example, a space becomes %20 and an ampersand becomes %26. This is necessary because URLs have a restricted character set (RFC 3986), and characters outside this set must be encoded to be transmitted correctly. Without proper encoding, URLs can break, data can be corrupted, and security vulnerabilities can arise.
Characters that must be encoded include: spaces ( ), exclamation marks (!), hash (#), dollar signs ($), ampersands (&), single quotes ('), parentheses (()), asterisks (*), plus signs (+), commas (,), semicolons (;), equals signs (=), at signs (@), square brackets ([]), and any non-ASCII characters (like accented letters, Chinese characters, emoji). Letters (A-Z, a-z), digits (0-9), and a few special characters (- _ . ~) are safe and do not need encoding.
In JavaScript, encodeURI() encodes a complete URL while preserving characters that have special meaning in URL structure (:, /, ?, #, &, =). encodeURIComponent() encodes a URL component (like a parameter value) and encodes all special characters including those that have URL structural meaning. Use encodeURI() for complete URLs and encodeURIComponent() for individual parameter values.
Double encoding occurs when an already-encoded URL is encoded again, turning sequences like %20 into %2520. To fix this, decode the URL once: if the result still contains percent-encoded sequences, decode again until no more encoded sequences remain. Then encode once from the clean text. To prevent double encoding, always check if text is already encoded before encoding it.
Yes, completely safe. All encoding and decoding operations happen entirely in your browser using JavaScript's built-in encodeURIComponent() and decodeURIComponent() functions. No data is transmitted to any server. This makes the tool safe for URLs containing authentication tokens, API keys, user identifiers, and any other sensitive parameters.
Both are valid but used in different contexts. In URL paths and most contexts, spaces should be encoded as %20 (this is the standard percent-encoding). In HTML form data submitted via GET method (application/x-www-form-urlencoded), spaces are encoded as +. Most modern APIs and web frameworks handle both correctly, but if you encounter issues, try switching between the two formats.