The URL encoder and decoder converts text to percent-encoding and back, following RFC 3986. Characters that would break a URL — spaces, ampersands, question marks, non-ASCII letters — become %XX escape sequences, so any value can travel safely inside a query string or path.
Everything runs client-side in your browser. URLs often carry tokens, session ids and personal data, so the fact that nothing you paste is uploaded matters — it is private by default, free and requires no account.
Use it to build query strings by hand, debug a mangled or double-encoded URL from a log, decode a redirect target, or check exactly what a browser sends when a form value contains special characters.
Component mode (encodeURIComponent) escapes every reserved character including /, ?, & and = — the right choice for a single value going into a query string. Full URL mode (encodeURI) keeps the structural characters intact so an entire URL stays navigable while spaces and non-ASCII characters are escaped. Encoding a full URL with component mode is the classic mistake that breaks links.
Each unsafe character is converted to UTF-8 bytes, and every byte becomes a % followed by two hex digits — a space becomes %20, an ampersand %26, and é becomes the two-byte sequence %C3%A9. Decoding reverses this exactly.
Decode mode resolves %XX sequences back to characters and also treats + as a space, matching the application/x-www-form-urlencoded convention browsers use in query strings — the most common source of confusion when reading real-world URLs.
A % that is not followed by two hex digits is invalid percent-encoding. Rather than silently producing wrong text, the decoder reports the problem so you can spot truncated or double-encoded input.
encodeURIComponent escapes everything including /, ?, & and =, making it right for individual query-string values. encodeURI preserves those structural characters so a whole URL remains valid. Use Component mode for values, Full URL mode for complete addresses.
In query strings, browsers encode spaces as + (the form-urlencoded convention). This tool's decode mode converts + to a space automatically, matching what servers actually receive.
It is the percent-encoded form of a space: % followed by the byte value in hexadecimal. Every unsafe character is encoded this way — %26 is &, %3F is ?, and multi-byte UTF-8 characters become several %XX sequences.
Yes. Signs of double encoding are sequences like %2520 (an encoded %20). Run decode once to peel off the outer layer, then again to recover the original text.
No. Encoding and decoding run locally in your browser, so URLs containing tokens or personal data never leave your machine.