URL Encoder / Decoder Free
Percent-encode any string for safe use in URLs, or decode URL-encoded strings back to plain text. Supports encodeURIComponent (query param encoding) and full URL encoding modes. Handles UTF-8 characters correctly. Runs entirely in your browser — data never leaves your device.
Input
Output
Pro — bulk URL encode, query string builder, API access, batch decode
API access · Priority queue · Team workspace
How It Works
Paste Your String
Paste any text string you need to encode for safe inclusion in a URL, or paste a URL-encoded string you want to decode back to readable text. The input can be a single query parameter value, an entire URL, a JSON payload, or any text containing special characters. Click Sample to load a realistic example showing a search query string with spaces, symbols, and Unicode characters.
Select Mode
Choose encodeURIComponent mode to encode a single query parameter value — this encodes all characters except letters, digits, and - _ . ! ~ * ' ( ). This is correct for individual values in a query string like name=Alice+Müller. Choose encodeURI mode to encode a complete URL while preserving /, :, ?, #, @, and other URL-structural characters that should not be encoded.
Copy or Download
The encoded or decoded result appears in the output panel. Copy to clipboard for use in code, HTML, HTTP headers, or config files. The stats bar shows the number of characters encoded and the percentage of characters that required encoding, which is useful for estimating URL length growth when embedding complex values in query strings with character limits.
URL Encoder Features
RFC 3986 compliant percent-encoding with component and full URL modes
Component vs Full URL Mode
encodeURIComponent encodes everything except unreserved characters (letters, digits, - _ . ! ~ * ' ( )), making it correct for individual parameter values. encodeURI preserves characters that have structural meaning in a URL (: / ? # [ ] @ ! $ & ' ( ) * + , ; =) so it is safe for encoding complete URLs while keeping their structure intact.
UTF-8 Percent-Encoding
Non-ASCII characters (accented letters, CJK characters, emoji) are first encoded to UTF-8 bytes, then each byte is percent-encoded as %XX. For example, é becomes %C3%A9 (its two-byte UTF-8 representation). This follows RFC 3986 and is what all modern browsers and HTTP clients do automatically when constructing request URLs.
Bidirectional
Both encode and decode operations are supported. Decoding reverses percent-encoding — %20 becomes a space, %2B becomes +, multi-byte UTF-8 sequences are reconstructed into Unicode. Decoding is tolerant of mixed-case hex digits (%2b and %2B are both valid) and correctly handles plus-as-space encoding used in HTML form submissions.
Error Handling
Invalid percent-encoded sequences (such as %GG or a lone % not followed by two hex digits) are caught and reported with a clear error message instead of silently failing or producing malformed output. This helps identify corrupted or manually edited URL strings that would cause parsing errors in downstream applications.
Encoding Stats
After encoding, the stats bar shows the total input character count, the number of characters that required percent-encoding, and the output length. This is useful for diagnosing URL length issues — browsers and servers typically impose limits of 2048–8192 characters on URLs, and query strings with many encoded Unicode characters can grow significantly from their original length.
100% Private
All encoding and decoding uses the browser's native encodeURIComponent and decodeURIComponent JavaScript functions. No data leaves your browser. Safe for encoding authentication tokens, API keys, sensitive query parameters, and personal data in URL strings — your information is never transmitted to any server.
Free vs Pro
| Feature | Free | Pro |
|---|---|---|
| Encode/decode text | ||
| Component & full URL modes | ||
| Bulk encode (list of values) | — | |
| Query string builder/parser | — | |
| REST API access | — | |
| Custom safe character sets | — |
Frequently Asked Questions
URL encoding, also called percent-encoding, is a mechanism for encoding characters that are not allowed or have special meaning in a URL. Each character is replaced by a percent sign followed by two hexadecimal digits representing the character's byte value in UTF-8. For example, a space becomes %20, an ampersand becomes %26, and the copyright symbol © becomes %C2%A9. This ensures the URL remains valid when transmitted over HTTP.
Use encodeURIComponent when encoding an individual query parameter value that will be embedded in a URL. It encodes all characters that could break URL parsing, including &, =, ?, and /. Use encodeURI when you have a complete URL that is already well-formed and you only want to encode characters that are completely invalid in URLs (like spaces and non-ASCII characters) without breaking the URL structure by encoding its delimiters.
Both %20 and + represent a space, but in different contexts. In modern URL encoding (RFC 3986), spaces are encoded as %20. The + sign as a space substitute is an older convention from HTML form encoding (application/x-www-form-urlencoded), where + means space in query strings submitted via HTML forms. This tool uses %20 (the standard), but decoding handles + as space for compatibility with form-encoded query strings.
RFC 3986 defines "unreserved characters" that never need to be percent-encoded: uppercase and lowercase letters A–Z and a–z, digits 0–9, and the symbols - _ . ~. All other characters must be encoded in a query parameter value. The encodeURIComponent mode in this tool leaves those 66 unreserved characters unencoded and encodes everything else, matching the behavior of the JavaScript encodeURIComponent() function.
Garbled characters usually mean the original URL was encoded using a character set other than UTF-8, such as Latin-1 or Windows-1252. Older web servers and form-handling code sometimes encode query parameters in the page's legacy character set. This tool assumes UTF-8, which is correct for all modern applications. Legacy encoding decoding is available in the Pro version with character set selection.
Yes — all encoding and decoding runs entirely in your browser using JavaScript. No data is sent to any server, and no network requests are made. You can verify this by disconnecting from the internet after loading the page and confirming the tool still works. This makes it safe for encoding sensitive API keys, authentication tokens, passwords embedded in URLs, and other credentials that must not be exposed to third-party services.