URL Encoder / Decoder
Encode and decode URLs
Suggested Next Steps
Related Tools
Base64 Encoder / Decoder
Quickly encode text to Base64 or decode Base64 back to text.
HTML Entity Encoder / Decoder
Encode special characters to HTML entities or decode them back
String Escape / Unescape
Escape and unescape strings for HTML, JSON, JavaScript, SQL, and more
Number Base Converter
Convert numbers between binary, octal, decimal and hexadecimal
Timestamp Converter
Convert between Unix timestamps and human-readable dates
ASCII / Unicode Lookup
Search and look up ASCII and Unicode character codes
How to Use
Paste or Type Input
Enter your text, code, or data into the input area.
Choose Options
Select the transformation or format you want to apply.
Copy the Result
Copy the output to your clipboard with one click.
Why Use This Tool
100% Free
No hidden costs, no premium tiers — every feature is free.
No Installation
Runs entirely in your browser. No software to download or install.
Private & Secure
Your data never leaves your device. Nothing is uploaded to any server.
Works on Mobile
Fully responsive — use on your phone, tablet, or desktop.
URL Encoding: Percent-Encoding for Safe Web Addresses
Key Takeaways
- URL encoding (percent-encoding) replaces unsafe characters with %XX hex values to ensure URLs are transmitted correctly.
- Spaces, ampersands, question marks, and non-ASCII characters all require encoding when used in URL parameters.
- All encoding and decoding is performed in your browser — no data is sent to any server.
URLs can only contain a limited set of ASCII characters. When you need to include spaces, special characters, or Unicode text in query parameters or path segments, URL encoding (also called percent-encoding) converts them into a universally safe format. Proper URL encoding prevents broken links, security vulnerabilities, and data corruption in web applications.
Improper URL encoding is among the OWASP Top 10 causes of web application injection vulnerabilities.
Security Impact
Key Concepts
Reserved vs. Unreserved Characters
RFC 3986 defines unreserved characters (A-Z, a-z, 0-9, -, _, ., ~) that need no encoding. Reserved characters (: / ? # [ ] @ ! $ & ' ( ) * + , ; =) have special meaning in URLs and must be encoded when used as data.
encodeURI vs. encodeURIComponent
encodeURI() encodes a full URI but preserves reserved characters. encodeURIComponent() encodes everything except unreserved characters, making it correct for encoding individual query parameter values.
Unicode and UTF-8 Encoding
Non-ASCII characters (Chinese, Arabic, emoji) are first converted to UTF-8 bytes, then each byte is percent-encoded. The character '日' becomes %E6%97%A5.
Double Encoding Pitfalls
Double encoding occurs when already-encoded values are encoded again (% becomes %25). This creates broken URLs and is a common source of bugs in URL construction.
Pro Tips
Always use encodeURIComponent() for query parameter values, never encodeURI() — the latter will not encode & and = characters.
Decode URLs before displaying them to users for readability, but always keep them encoded in HTTP requests.
Be careful with the '+' character — in query strings it represents a space (application/x-www-form-urlencoded), but in path segments it is literal.
Test URL encoding with international characters (CJK, Arabic, emoji) to ensure your application handles multibyte UTF-8 correctly.
All URL encoding and decoding is performed entirely in your browser. Your URLs and query parameters are never sent to any external server.