URL Encoder / Decoder
Encode or decode URLs and query string parameters.
Navigation
Private by default
Files stay in your browser. Nothing is uploaded unless a tool says otherwise.
encodeURIComponent encodes all special characters — use for query string values.
Decoded (Plain Text)
Encoded
☕ This tool is free forever. If it saved you time, buy me a coffee.
When to use this
You're building a URL with query parameters and one of the values contains an ampersand, a space, or a non-English character. Without encoding, the URL breaks — the browser interprets that & as a parameter separator, the space terminates the URL, and the Unicode character gets mangled. Percent-encoding makes every character URL-safe so the full value arrives intact on the server side.
Decoding is the mirror scenario. You're reading server logs or inspecting a redirect URL and it's full of %20, %3D, and %26. Paste the encoded string here to see the human-readable version. This comes up constantly when debugging OAuth callbacks, tracking parameters, and deep links.
URL encoding (formally "percent-encoding" per RFC 3986) replaces unsafe characters with a % followed by two hex digits representing the character's byte value. A space becomes %20, an ampersand becomes %26, and a multi-byte emoji like a flag might become six or more percent-encoded bytes.
Good to know
encodeURIComponent vs. encodeURI — they're not interchangeable. encodeURIComponent() encodes almost everything except A-Z a-z 0-9 - _ . ! ~ * ' ( ). Use it for individual query string values. encodeURI() leaves URL-structural characters like : / ? # [ ] @ alone, so it's safe for encoding a complete URL without destroying its structure. Using the wrong one is a top-5 URL bug.
Spaces can be %20 or + — and it matters which. In URL query strings (the application/x-www-form-urlencoded format used by HTML forms), spaces are encoded as +. In the path segment and everywhere else in a URI, spaces are %20. JavaScript's encodeURIComponent always produces %20. If you need + for form data, you'll need to post-process.
Double-encoding is a silent data corrupter. If a value is already encoded and you encode it again, %20 becomes %2520. The server decodes it once and gets the literal string "%20" instead of a space. Always check whether your input is already encoded before running it through an encoder.
Power user tip: RFC 3986 defines "unreserved" characters that never need encoding. These are A-Z a-z 0-9 - . _ ~. Everything else is either "reserved" (has structural meaning in URIs) or must be percent-encoded. Knowing this list saves you from over-encoding.
Quick Reference
| Character | Encoded | Why it needs encoding |
|---|---|---|
| (space) | %20 | Terminates URLs in many contexts |
| & | %26 | Separates query parameters |
| = | %3D | Separates key from value in query strings |
| ? | %3F | Marks the start of the query string |
| # | %23 | Marks the start of the fragment |
| / | %2F | Path separator (encode only inside values) |
| @ | %40 | Used in userinfo (user@host) |
| + | %2B | Interpreted as space in form data |