URL encoding, also called percent-encoding, rewrites characters that are not allowed in a web address as a percent sign followed by two hexadecimal digits, so any text can travel safely inside a link. The tool below encodes text into that URL-safe form or decodes an encoded string back to readable text, entirely in your browser.
What URL Encoding Is
A URL can only contain a limited set of characters. Anything outside that set, such as a space, a slash inside a value, or a non-English letter, has to be escaped so it is not mistaken for part of the address structure. URL encoding solves this by converting each unsafe character to its byte value written as a percent sign and two hexadecimal digits. The result looks less readable but carries the exact same information, and decoding restores the original text exactly.
How to Use This URL Encoder and Decoder
- Paste your text or an encoded string into the box.
- Choose Encode to make text URL-safe, or Decode to turn an encoded string back into readable text.
- Read the result, which updates as you type and when you switch modes.
- Press Copy to drop the result into your link, query string, or request.
How Percent-Encoding Works
Percent-encoding splits characters into two groups. Unreserved characters, the letters A to Z and a to z, the digits 0 to 9, and the symbols hyphen, period, underscore, and tilde, are always left as they are. Reserved characters such as the slash, question mark, hash, ampersand, and equals sign have a special meaning in a URL, so when they appear inside a value they are encoded to keep that meaning clear. Every other character, including spaces and non-English letters, is encoded by taking its byte value and writing it as a percent sign with two hexadecimal digits. A space, byte value 32, becomes %20.
Where URL Encoding Is Used
You meet URL encoding any time text is passed through a web address. Query strings carry it when a search term or filter contains spaces or symbols, so a search for blue shoes arrives as q=blue%20shoes. Shared links use it when a page title or path holds punctuation. API requests rely on it to pass parameters and tokens that would otherwise break the URL, which is why encoding values correctly is a routine step when calling a web service from a browser or a script.
Is It Private? Yes, It Runs in Your Browser
This tool encodes and decodes entirely on your device using the browser built-in encodeURIComponent and decodeURIComponent functions. Nothing you type is uploaded, logged, or stored on any server, so it is safe to use for private values such as access tokens or query parameters. Keep in mind that URL encoding is not encryption: it is fully reversible and offers no protection by itself, so it should never be relied on to hide sensitive data.
Related Tools
Encode text or data into Base64 and decode it back, another reversible transform used in URLs and APIs.
Escape characters such as less-than and ampersand so text displays safely inside an HTML page.
Format and validate JSON, the data shape most often carried inside the API requests you encode.
Last Thoughts on URL Encoding
URL encoding is one of those quiet mechanics that holds the web together. Every time a link carries a search term, a shared title, or an API parameter, percent-encoding is what keeps the special characters from breaking the address. Understanding it turns a confusing string of percent signs into something you can read at a glance.
Encode your next value before you drop it into a query string, and decode any string that looks like a wall of percent signs to see what it really says. For the wider context of how parameters travel between systems, see our guide on what an API is, and explore the rest of our free online tools.
Key Takeaways:
- URL encoding, or percent-encoding, replaces unsafe characters with a percent sign and two hexadecimal digits so text is safe inside a web address.
- A space becomes %20; reserved characters such as the slash and ampersand are encoded when used as data, not structure.
- Unreserved characters, the letters, digits, hyphen, period, underscore, and tilde, are left unchanged.
- Encoding and decoding are reversible: it is not encryption and provides no security on its own.
- It is used in query strings, shared links, and API requests wherever text passes through a URL.
- This tool runs entirely in your browser; nothing you enter is sent anywhere.
Frequently Asked Questions (FAQs)
What is URL encoding?
URL encoding, also called percent-encoding, replaces characters that are not allowed in a web address with a percent sign followed by two hexadecimal digits. For example a space becomes %20 and a question mark becomes %3F. It lets you put any text, including spaces and symbols, safely inside a link or a query string.
What is the difference between encoding and decoding a URL?
Encoding turns readable text into the percent-encoded form a URL can carry, so name=John Doe becomes name=John%20Doe. Decoding reverses that, turning the percent-encoded form back into readable text. This tool does both: pick Encode to make a string URL-safe, or Decode to read one back.
Is URL encoding the same as encryption?
No. URL encoding is not encryption and provides no security. It is a reversible transformation that anyone can undo, and its only job is to make text safe to place in a URL. To protect data in transit you need HTTPS, and to protect stored data you need actual encryption.
Why does a space become %20 in a URL?
A raw space is not permitted in a URL, so it has to be escaped. Its byte value in ASCII is 32, which is 20 in hexadecimal, so it is written as %20. In the query part of a URL a space is sometimes written as a plus sign instead, which is a form-encoding convention rather than strict percent-encoding.
Which characters need to be URL encoded?
Unreserved characters, the letters A to Z and a to z, the digits 0 to 9, and the symbols hyphen, period, underscore, and tilde, are left as they are. Everything else, including spaces, slashes, question marks, ampersands, and non-English letters, is percent-encoded so it cannot be mistaken for part of the URL structure.
Does this URL encoder send my text anywhere?
No. Encoding and decoding happen entirely inside your browser using the built-in encodeURIComponent and decodeURIComponent functions. Your text is never uploaded, logged, or stored on any server, so it is safe to use for private values such as tokens or query parameters.
