Tinker Tools

URL Encoder/Decoder Instantly

Encode or decode your URLs securely. All processing is done locally in your browser—your data never leaves your device.

URL Tool
Input
Output

Understanding URL Encoding

URL encoding (also called percent-encoding) is a mechanism for converting characters into a format that can be safely transmitted over the Internet. URLs can only contain a limited set of ASCII characters. Any character outside this set—including spaces, special symbols, non-ASCII Unicode characters, and reserved characters with special meaning in URLs—must be encoded.

The encoding process replaces unsafe characters with a percent sign (%) followed by two hexadecimal digits representing the character's ASCII code. For example, a space becomes %20, an ampersand (&) becomes %26, and a question mark (?) becomes %3F. This ensures that URLs remain unambiguous and can be correctly parsed by web servers, browsers, and other internet infrastructure.

URL-safe characters include letters (A-Z, a-z), digits (0-9), and a few special characters like hyphens, underscores, periods, and tildes (-_.~). Reserved characters such as /, ?, #, [, ], @, !, $, &, ', (, ), *, +, ,, ;, and = have special meanings in URL syntax and must be encoded when used as literal data. Understanding URL encoding is essential for web development, API calls, query parameters, and ensuring data integrity across web services.

How it works

1. Paste URL

Paste the URL, query string, or text you want to encode or decode into the main text area. Works with full URLs or individual parameters.

Privacy Guaranteed

2. Choose Action

Select whether you want to Encode (convert readable text to URL-safe format) or Decode (convert percent-encoded text back to readable format).

Customizable

3. Get Result

Click Execute to process your URL instantly. The result appears in the output panel ready to copy to your clipboard with one click.

Ready to Use

What is URL Encoding?

URL encoding — also called percent-encoding — is the mechanism that converts characters into a format safe for transmission inside a Uniform Resource Locator. URLs can only travel across the internet using the ASCII character set, which means any character outside that set needs to be transformed. The percent-encoding scheme defined in RFC 3986 handles this by replacing unsafe characters with a percent sign followed by two hexadecimal digits representing the character's byte value. A space becomes %20, an ampersand becomes %26, and a forward slash becomes %2F. Without this translation layer, browsers and servers would misinterpret special characters as structural delimiters rather than literal data.

The need for encoding comes down to one thing: URLs have a grammar. Characters like the colon, question mark, hash, and forward slash carry specific meaning inside a URL's structure. The colon separates the scheme from the authority. The question mark introduces a query string. The hash marks a fragment identifier. RFC 3986 splits the full ASCII range into two groups — reserved characters and unreserved characters. Reserved characters include :/?#[]@!$&'()*+,;= and they serve as delimiters in the URL syntax. Unreserved characters are the uppercase and lowercase letters A-Z and a-z, the digits 0-9, and four symbols: hyphen, period, underscore, and tilde. Unreserved characters pass through without any encoding. Everything else gets percent-encoded.

A common mistake is encoding an entire URL blindly. You should only encode the parts that carry user data — path segments, query parameter keys, and query parameter values. Encoding the structural delimiters themselves breaks the URL. That is exactly why JavaScript gives you two different functions: encodeURI handles a full URI and leaves structural characters intact, while encodeURIComponent encodes almost everything and is meant for individual components like a single query value. Knowing which function to reach for saves you hours of debugging malformed requests. The distinction matters more than most developers realize until they hit a bug in production.

Key Features and Benefits

  • RFC 3986 compliance Encodes and decodes characters according to the percent-encoding rules defined in RFC 3986. Every unsafe byte is replaced with a percent sign and two hex digits, giving you predictable and standards-compliant output every time.
  • Reserved character handling Properly distinguishes between reserved characters (:/?#[]@!$&'()*+,;=) that serve as URL delimiters and data characters that need escaping. You control whether a given character keeps its special meaning or gets encoded as literal data.
  • Space encoding modes Supports both %20 and + as representations of the space character. The %20 form follows RFC 3986 for path segments, while the + form follows the application/x-www-form-urlencoded format used in HTML form submissions. Pick the one your context demands.
  • Full Unicode support Handles multi-byte characters by first converting them to their UTF-8 byte sequence and then percent-encoding each byte individually. A single Chinese character might produce three percent-encoded triplets — like %E4%B8%AD for the character meaning 'middle.'
  • Batch component encoding Encode multiple query parameters at once instead of handling them one at a time. Paste a full query string and get each key and value encoded independently while keeping the & and = delimiters untouched.
  • Real-time decode preview See the decoded output as you type or paste encoded text. Quickly inspect opaque strings like %7B%22token%22%3A%22abc%22%7D and confirm they contain the JSON or data you expect before passing them along.

How to Encode and Decode URLs

  1. 1

    Identify the parts that need encoding

    Break the URL into its structural components: scheme, authority, path, query, and fragment. Only the data portions need encoding. For example, in https://api.example.com/search?q=hello world&lang=en, the values 'hello world' and 'en' are data — the rest is structure. Never encode the protocol, the domain, or the delimiters between components. If you are building a URL from scratch, keep the skeleton as plain text and encode each inserted value separately.

  2. 2

    Choose the right encoding function

    In JavaScript, encodeURIComponent is almost always what you want when inserting a value into a URL. It encodes everything except unreserved characters (A-Z a-z 0-9 - _ . ~). Use encodeURI only when you have a complete URL string and want to fix illegal characters without breaking its structure. A common trap: encodeURI does not encode &, =, or +, so query values with those characters slip through unescaped. In other languages, look for equivalents — Python's urllib.parse.quote, Java's URLEncoder.encode, or PHP's rawurlencode.

  3. 3

    Handle spaces correctly

    Spaces are the most frequently encoded character, and they have two valid representations. RFC 3986 says a space becomes %20 — this works everywhere in a URL. The application/x-www-form-urlencoded specification says a space becomes a + sign — this only applies inside query strings submitted by HTML forms. If you use + in a path segment, many servers treat it as a literal plus sign and your data breaks. Stick with %20 unless you are explicitly building form-encoded bodies. When decoding, make sure your decoder handles both forms.

  4. 4

    Paste or type your input

    Enter the text you want to encode into the input field. If you are decoding, paste the percent-encoded string instead. The tool processes your input immediately and shows the result. Double-check that you are encoding individual components and not the full URL — pasting https://example.com/path?key=value and hitting encode will turn the colons and slashes into percent codes, producing a broken URL. If you need to encode an entire query string, use the query parameter mode that preserves structural delimiters.

  5. 5

    Verify and use the output

    Copy the result and test it. Drop an encoded URL into your browser's address bar to confirm it resolves correctly. For API work, paste the encoded value into your HTTP client and check that the server interprets the parameter as expected. Watch for double-encoding — if your framework automatically encodes query values and you pre-encode them, you end up with %2520 instead of %20. That is the single most common encoding bug in web development. When something looks wrong, decode the string step by step to find where the extra encoding happened.

Expert Tips for URL Encoding

Double-encoding will bite you eventually. It happens when an already-encoded value passes through an encoding step a second time. The percent sign itself gets encoded — %20 becomes %2520, and the server sees a literal '%20' string instead of a space. This is especially common when you encode a value, store it in a database, then insert it into a URL that your framework encodes again. The fix is simple in principle: encode exactly once, at the boundary where data enters the URL. If you are building a URL with a library, check whether the library encodes parameters automatically. Most modern HTTP clients — like JavaScript's fetch with URLSearchParams, Python's requests library, or Java's HttpClient — handle encoding for you. Passing pre-encoded values to these tools is asking for trouble.

The difference between encodeURI and encodeURIComponent trips up even experienced developers. Here is a quick rule: if the string is a full URL, use encodeURI. If the string is a piece of data going into a URL — a query value, a path segment, a fragment — use encodeURIComponent. The encodeURI function leaves 82 characters untouched, including reserved delimiters like & and =. That means a query value containing an ampersand passes right through and splits your parameter in two. The encodeURIComponent function only spares 71 characters — the unreserved set plus the exclamation mark, single quote, parentheses, and asterisk. For maximum safety in query values, you can manually encode those five remaining characters as well.

International domain names and paths add another layer. When a URL contains non-ASCII characters in the domain — like a .jp or .de address with local-language labels — the domain part uses Punycode, not percent-encoding. The path and query segments still use standard percent-encoding of the UTF-8 byte sequence. Mixing these up causes confusing failures. Modern browsers display the decoded Unicode in the address bar for readability, but the actual request on the wire uses the encoded form. If you are logging or comparing URLs, normalize them to their encoded form first to avoid false mismatches. The same visible URL can be represented by different capitalization of hex digits — %2f and %2F are equivalent per the spec — so case-insensitive comparison of percent-encoded triplets is the correct approach.

Form encoding deserves special attention. When an HTML form uses method GET, the browser serializes the form fields using the application/x-www-form-urlencoded content type. This format encodes spaces as + and uses a slightly different rule set than RFC 3986 percent-encoding. Newlines become %0D%0A, and the asterisk is left unencoded. JavaScript's URLSearchParams class follows this convention, which means its output differs from encodeURIComponent for certain characters. If you are building a query string manually for an API that expects strict RFC 3986 encoding, do not rely on URLSearchParams — use encodeURIComponent on each key and value and join them with & yourself. On the server side, most frameworks decode both + and %20 as spaces in query strings, but testing with edge-case characters like *, !, and ~ is always a good idea before you ship.

Related Tools

Base64 Converter

Encode binary data for URL-safe transmission

HTML Encoder

Escape HTML entities when embedding URLs in markup

JSON Formatter

Format API responses that contain encoded URLs

URL encoding sits at the intersection of several data-formatting concerns. When you send binary payloads through URLs, Base64 gives you an ASCII-safe representation that you can then percent-encode for the query string. If you are embedding a URL inside an HTML attribute, the HTML Encoder makes sure that ampersands in query strings do not get interpreted as HTML entity starts. And when an API hands you a JSON response full of encoded URLs, the JSON Formatter lets you inspect the structure before you start decoding individual values. These tools work well together — chain them in the order that matches your data flow.

Frequently Asked Questions

Common Character Encoding Reference

CharacterDescriptionEncoded
(space)Space%20 or +
!Exclamation%21
#Hash/Pound%23
$Dollar sign%24
&Ampersand%26
+Plus sign%2B
/Forward slash%2F
:Colon%3A
=Equals%3D
?Question mark%3F
@At symbol%40

Common Use Cases

Query Parameters

Encode search terms and filter values in URL query strings to handle spaces, special characters, and non-English text correctly.

API Requests

Properly encode parameters in API calls to ensure data is transmitted correctly without breaking the URL structure.

Social Sharing

Create shareable links with encoded titles, descriptions, and URLs for social media platforms and messaging apps.

Form Submissions

Encode form data before submission to handle user input containing special characters, ensuring proper data transmission.

Dynamic URLs

Build dynamic URLs programmatically with user-generated content, file names, or database values that may contain unsafe characters.

Debugging

Decode encoded URLs from server logs, browser console, or network traffic to understand what data was actually transmitted.

Recommended Tools

JSON Formatter

Validate, beautify, and minify your JSON data with tree view and syntax highlighting.

Base64 Converter

Convert plain text or binary data to Base64 and back. Support for Data URIs included.

Hash Generator

Generate MD5, SHA-1, SHA-256, and other cryptographic hashes from text or files instantly.