URL Encoder & Decoder
Encode and decode URLs online. Convert special characters to percent-encoding for safe URLs. Free URL encoder/decoder tool for developers
URL encoding (percent-encoding) replaces characters that are unsafe or reserved in a URL with %XX sequences where XX is the hex code of the byte. The catch is that the rules differ by URL component — a slash is fine in a path but illegal in a query parameter value, and a plus sign means space in a query but a literal plus in a path. This tool encodes and decodes per RFC 3986, with separate modes for full-URL encoding and component encoding (the difference between encodeURI and encodeURIComponent in JavaScript).
encodeURI vs encodeURIComponent
JavaScript ships two URL encoding functions because URLs have different escaping rules for different parts. encodeURI is for entire URLs — it leaves reserved characters like /, ?, &, =, # alone because they have structural meaning. encodeURIComponent is for individual values inside a URL — it escapes ALL reserved characters because at that level, a literal & or = in your data would corrupt the URL structure.
Practical rule: use encodeURIComponent on any string you are inserting into a URL component (path segment, query value, fragment). Use encodeURI only when you have a complete URL whose structure is already correct and you just need to handle non-ASCII characters.
Working example
Input
Search query: jdoe@example.com & friends? Full URL: https://api.example.com/search?q=jdoe@example.com & friends?
Output
encodeURIComponent: jdoe%40example.com%20%26%20friends%3F (every special character escaped, safe inside ?q=...) encodeURI: https://api.example.com/search?q=jdoe@example.com%20&%20friends? (preserves URL structure, only escapes spaces — the result is BROKEN because the & is interpreted as a parameter separator)
This is the most common URL-encoding bug: using encodeURI when you should have used encodeURIComponent. The output looks correct to a human but the server parses an unexpected parameter.
Characters that need encoding (and ones that often do not)
- Always encode in component values: space → %20 (or +), &, =, ?, #, /, +, % itself
- Sometimes encode: : @ — fine in paths and queries, escape them in fragments
- Never encode (unreserved per RFC 3986): A-Z, a-z, 0-9, hyphen, period, underscore, tilde
- Special: + means space in application/x-www-form-urlencoded query strings, but means literal + in URL paths. The distinction matters for form submissions vs REST endpoints.
- High-bit bytes (UTF-8 sequences for non-ASCII): always encoded byte-by-byte. "ł" (0xC5 0x82 in UTF-8) becomes %C5%82.
When to reach for this tool
- A URL in your bug report is broken and you need to see what the actual decoded query parameter is.
- You are constructing a deep link or share URL by hand and want to verify the escaping before publishing.
- You are debugging an OAuth flow where redirect_uri must be exactly registered — including identical encoding.
- You are reverse-engineering a third-party API where the docs show URL-encoded examples and you need readable equivalents.
What this tool will not do
- It will not validate the URL structure. A syntactically encoded but semantically wrong URL (https://example.com/?? not%20a%20parameter) will encode/decode happily without warning that there is something off.
- It will not handle IDN domains. https://exämple.com must be Punycode-encoded (xn--exmple-cua.com) at the DNS level — separate from percent-encoding the path.
- It will not undo double-encoding. If a URL was encoded twice (a common bug when proxies re-encode already-encoded URLs), one decode pass leaves %2520 → %20, and a second pass produces a space. Decode twice if your input came through multiple URL-mangling hops.
Frequently asked questions
Why does + sometimes decode to a space and sometimes to a literal +?
Application/x-www-form-urlencoded (the format for HTML form GET/POST bodies) treats + as space, but RFC 3986 percent-encoding in URL paths treats + as a literal character. The query string is ambiguous in practice — most server frameworks decode + as space in query strings, but spec-compliant clients should percent-encode spaces as %20.
Do I need to encode the slash in a URL?
In path segments where the slash is the segment separator, no — but if you have a slash inside a single segment (a literal forward-slash in a filename), encode it as %2F. Some servers reject %2F in URL paths for security reasons; if so, you cannot use that character in path segments at all.
Why does encodeURIComponent escape my apostrophe but my OAuth library does not?
Different libraries use different "safe character" sets. RFC 3986 marks apostrophe as a sub-delimiter (mostly reserved), encodeURIComponent escapes it, but OAuth libraries (which follow RFC 5849) leave it alone. Both are spec-compliant for different specs. Encode strictly to match what the server expects.
How do I encode a JSON object as a URL parameter?
JSON.stringify the object, then encodeURIComponent the result. This produces ?data=%7B%22a%22%3A1%7D which the server decodes and parses. Avoid putting nested objects in query strings — POST a JSON body instead.
My URL contains %20 in some places and + in others. Is that wrong?
Both encode to space when decoded by browsers, but they are technically different in spec. Pick one and use it consistently — %20 is safer because it works in both path and query contexts.
Why does the URL bar in my browser show ł but the page source shows %C5%82?
Modern browsers display the decoded form for readability but transmit the percent-encoded UTF-8 bytes over HTTP. The server sees %C5%82 in the request line. Both forms refer to the same character.
Related tools
Encode and decode HTML entities online. Convert special characters like <, >, &, quotes to HTML entities. Free HTML escape/unescape tool
Encode and decode Base64 strings online. Convert text, files and images to Base64 format. Free Base64 encoder/decoder tool with copy button
Generate SEO-friendly URL slugs from text. Convert titles to clean URLs with diacritics removal. Free online slug generator for websites
Debug CORS issues, analyze headers, generate server configurations. Support for Express, Nginx, Apache, Django, Flask, Spring Boot. Learn CORS concepts. Free online CORS tester
Generate SEO meta tags, Open Graph, Twitter Cards with live preview. Optimize website metadata for search engines and social sharing
Create QR codes for URLs, text, WiFi, vCard contacts. Customize colors and download PNG/SVG. Free online QR code maker with logo support
Published · Updated · E-Utils editorial team