URL Encoder / Decoder

Encode and decode URLs with percent-encoding — instantly in your browser.

100% Browser-Based

Files Never Leave Your Device

No Server Uploads

Zero Data Collection

Use URL Encoder / Decoder to make URL parts safe for query strings, redirects, callbacks, and API tests. Encoding is about URL syntax, not secrecy: it protects reserved characters from being misread by a parser, but anyone can decode it. The safest habit is to encode the specific component you are placing into a URL and keep an original copy for comparison.

When to use this tool

Encode a query parameter value before adding it to a URL.
Decode a redirect or callback URL to understand each nested layer.
Compare an original URL with an encoded version while debugging an integration.
Document safe examples for webhook payloads, API calls, or support tickets.

Common issues and fixes

A URL gets double encoded

Decode until the value stops changing, then encode once at the correct layer.

Reserved characters change URL structure

Encode individual parameter values with encodeURIComponent-style encoding instead of blindly encoding the whole URL.

Decoded text exposes sensitive data

Remember that URL encoding is reversible; remove tokens, emails, and private identifiers from examples.

Spaces appear as + in one system and %20 in another

Check whether the destination expects form-style query encoding or RFC 3986 percent encoding.

Privacy note

URL encoding and decoding happens in the browser tab. Do not paste real access tokens, password reset links, private callback URLs, or customer identifiers on shared devices or in screenshots.

Related workflow

Identify the URL part
Decide whether you are encoding a full URL, a path segment, or a single query parameter value.
Encode or decode once
Run the conversion and check reserved characters such as ?, &, =, #, /, spaces, and non-ASCII text.
Test in context
Use the result in the redirect, API request, or browser address bar and keep the original for comparison.

Examples

Query value encoding

Encode a search phrase such as red shoes and socks before adding it to a q parameter.

Redirect debugging

Decode a nested redirect parameter one layer at a time to inspect the true destination without treating encoding as encryption.

Frequently Asked Questions

What's the difference between encodeURI() and encodeURIComponent()?

encodeURI() encodes a full URL but leaves reserved characters (: / ? # & =) intact. encodeURIComponent() encodes everything except letters, digits, and - _ . ~ — use it for query parameter values.

Why is the space character sometimes + and sometimes %20?

In URL query strings (application/x-www-form-urlencoded), spaces become +. In URL paths and other contexts (RFC 3986), spaces become %20. Both are valid in their respective contexts.

Does URL encoding affect SEO?

Search engines decode URLs for display but handle encoded URLs correctly. For readability, use human-readable URL slugs and only encode special characters when necessary.

What is double encoding and how do I fix it?

Double encoding happens when an already-encoded string is encoded again (e.g., %20 becomes %2520). Decode until the output stops changing, then encode once.

Which characters need to be URL-encoded?

Characters outside the "unreserved" set (A-Z, a-z, 0-9, -, _, ., ~) should be percent-encoded. Common examples include spaces (%20), ampersand (%26), equals (%3D), hash (%23), and non-ASCII characters like accented letters.

Is URL encoding the same as encryption?

No. URL percent encoding is reversible formatting for transport, not encryption or access control, so never rely on it to protect secrets.

Should I encode a whole URL or only part of it?

Usually encode the specific component, such as a query parameter value, instead of the entire URL. Encoding the whole URL can hide separators like question marks and ampersands that the destination parser needs.

How do I spot double encoding?

Look for percent signs that have become percent-two-five sequences, such as %2520 instead of %20. Decode one layer at a time, compare the result with the expected original, then encode once for the final destination.

Is encoded data safe to share publicly?

No. URL encoding is reversible formatting, not privacy protection. Treat encoded reset links, callback URLs, emails, and tokens as sensitive if the decoded value would reveal private information.

Why do APIs disagree about plus signs?

Some form-style query parsers treat plus as a space, while path and RFC-style percent encoding use %20 for spaces. Check the receiving API documentation before changing plus signs manually.

Common issues and fixes

A URL gets double encoded

Decode until the value stops changing, then encode once at the correct layer.

Reserved characters change URL structure

Encode individual parameter values with encodeURIComponent-style encoding instead of blindly encoding the whole URL.

Decoded text exposes sensitive data

Remember that URL encoding is reversible; remove tokens, emails, and private identifiers from examples.

Spaces appear as + in one system and %20 in another

Check whether the destination expects form-style query encoding or RFC 3986 percent encoding.

Related workflow

Identify the URL part

Decide whether you are encoding a full URL, a path segment, or a single query parameter value.

Encode or decode once

Run the conversion and check reserved characters such as ?, &, =, #, /, spaces, and non-ASCII text.

Test in context

Use the result in the redirect, API request, or browser address bar and keep the original for comparison.

Frequently Asked Questions

What's the difference between encodeURI() and encodeURIComponent()?

encodeURI() encodes a full URL but leaves reserved characters (: / ? # & =) intact. encodeURIComponent() encodes everything except letters, digits, and - _ . ~ — use it for query parameter values.

Why is the space character sometimes + and sometimes %20?

In URL query strings (application/x-www-form-urlencoded), spaces become +. In URL paths and other contexts (RFC 3986), spaces become %20. Both are valid in their respective contexts.

Does URL encoding affect SEO?

Search engines decode URLs for display but handle encoded URLs correctly. For readability, use human-readable URL slugs and only encode special characters when necessary.

What is double encoding and how do I fix it?

Double encoding happens when an already-encoded string is encoded again (e.g., %20 becomes %2520). Decode until the output stops changing, then encode once.

Which characters need to be URL-encoded?

Is URL encoding the same as encryption?

No. URL percent encoding is reversible formatting for transport, not encryption or access control, so never rely on it to protect secrets.

Should I encode a whole URL or only part of it?

How do I spot double encoding?

Is encoded data safe to share publicly?

No. URL encoding is reversible formatting, not privacy protection. Treat encoded reset links, callback URLs, emails, and tokens as sensitive if the decoded value would reveal private information.

Why do APIs disagree about plus signs?

Some form-style query parsers treat plus as a space, while path and RFC-style percent encoding use %20 for spaces. Check the receiving API documentation before changing plus signs manually.

URL Encoder / Decoder

When to use this tool

Common issues and fixes

A URL gets double encoded

Reserved characters change URL structure

Decoded text exposes sensitive data

Spaces appear as + in one system and %20 in another

Privacy note

Related workflow

Identify the URL part

Encode or decode once

Test in context

Examples

Query value encoding

Redirect debugging

Frequently Asked Questions

Related Tools

URL Encoder / Decoder

When to use this tool

Common issues and fixes

A URL gets double encoded

Reserved characters change URL structure

Decoded text exposes sensitive data

Spaces appear as + in one system and %20 in another

Privacy note

Related workflow

Identify the URL part

Encode or decode once

Test in context

Examples

Query value encoding

Redirect debugging

Frequently Asked Questions

Related Tools