URL Encoder / Decoder

encode and decode URL percent-encoding for query strings and paths

By Bikram NathLast updated May 19, 2026

Paste a raw query string like `name=John Doe&city=São Paulo` and get back `name=John%20Doe&city=S%C3%A3o%20Paulo`, percent-encoded and safe to append to any endpoint. Unlike running encodeURIComponent() in a browser console, this tool exposes the distinction between full URL encoding and component-level encoding separately, which is the detail that trips up integrations when a parameter value itself contains reserved characters like & or =.

Try it now — free, instant, no signup

What is URL Encoder / Decoder?

URL Encoder / Decoder converts characters that are illegal or reserved in URLs into their percent-encoded equivalents per RFC 3986. Feed it `/search?q=hello world&lang=日本語` and it returns `/search?q=hello%20world&lang=%E6%97%A5%E6%9C%AC%E8%AA%9E`. Each non-ASCII character is UTF-8 encoded first, then each resulting byte is written as a %XX sequence.

Reach for this instead of a browser console's encodeURIComponent() when you want encoded and decoded output side by side without writing throwaway code, or when you need to verify which characters a specific encoding mode leaves untouched. Postman's pre-request scripts can do this too, but they require JavaScript knowledge. For bulk decoding of access logs, grep combined with printf '%b' in bash is faster.

The most common confusion: spaces encode as %20 under RFC 3986, but as + under application/x-www-form-urlencoded, the format HTML forms and many older REST APIs use. This tool follows RFC 3986 and outputs %20. If a server-side decoder interprets + as a space, a literal + in a parameter value will survive encoding but silently corrupt after decoding on the receiving end.

When to use URL Encoder / Decoder

✓Debug an OAuth redirect_uri mismatch by decoding the percent-encoded callback URL your auth server logged back into a readable string.

→Encode a dynamic API path that includes user-supplied email addresses, city names, or product titles before embedding them as query parameter values.

⚡Verify that a webhook handler is receiving the correct payload by decoding its URL-encoded body before manually parsing the key-value pairs.

Frequently Asked Questions

What is the difference between encoding a full URL and encoding a URL component?

Encoding a full URL preserves the structural characters that give the URL its meaning: /, ?, &, =, #, and : are left untouched because they delimit the scheme, host, path, and query. Encoding a component assumes the input is a single value inside the URL, so those same characters get percent-encoded too. If a query parameter value contains a literal &, component encoding is required, or that & will be misread as a parameter separator by any server or router that parses the URL.

Why does my URL contain both %20 and + for spaces?

Two different encoding standards are in play. RFC 3986, which governs URLs in general, requires spaces to become %20. The application/x-www-form-urlencoded specification, used by HTML form submissions and many older REST APIs, uses + to represent a space. Copy a URL from a browser address bar after submitting a search form and you will often see + in the query string. Most server-side frameworks decode both, but when constructing URLs manually or programmatically, %20 is unambiguous across all parsers.

Does double-encoding break the original value, and how do I detect it?

Yes. Percent-encoding an already-encoded string causes the % signs themselves to be encoded as %25, turning %20 into %2520. Decoding once then recovers %20 as a literal two-character string rather than a space. The reliable tell is %25 appearing in decoded output; a correctly encoded value never contains that sequence unless the original input literally contained %25. Run the decoder a second time on the output: if the result changes again, the input was double-encoded.

How are Unicode characters like emoji or CJK script handled?

Unicode characters follow RFC 3986's method: the character is first converted to its UTF-8 byte sequence, then each byte is written as %XX. The emoji character U+1F525 encodes to four UTF-8 bytes F0 9F 94 A5, producing %F0%9F%94%A5. A typical CJK character requires three bytes. The browser's TextEncoder API handles the UTF-8 conversion step, so the output matches exactly what encodeURIComponent() produces in any modern JavaScript runtime, including V8 and SpiderMonkey.

Which characters are never percent-encoded, and why does that matter?

RFC 3986 defines unreserved characters that are safe in any URL position and are never encoded: ASCII letters A-Z and a-z, digits 0-9, and the four symbols hyphen, period, underscore, and tilde. Everything else is potentially encoded depending on context and which encoding function is applied. This matters because characters like !, ', (, ), and * are sometimes left unencoded by encodeURI() but encoded by encodeURIComponent(). If a downstream parser is strict, passing a value through the wrong encoding mode can produce a 400 or a silent data mismatch.

Related Tools

Encoding

Base64 Encoder / Decoder

encode and decode Base64 strings and files in your browser

Encoding

HTML Entity Encoder

encode and decode HTML entities for safe HTML embedding

Text

Slug Generator

convert any text to a URL-friendly slug

Encoding

Hash Generator

generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text