🔗

URL Encoder, Decoder & Parser

Percent-encode or decode text for URLs and query strings, and dissect any URL into its parts with decoded parameters.

Encode / Decode
URL Parser

About URL Encoding

URLs can only contain a limited set of characters, so everything else — spaces, ampersands, non-English letters, symbols — must be percent-encoded as a % followed by hex bytes. The subtlety is that there are two different jobs: encoding a component (a single query value, where &, = and / must all be escaped) and encoding a whole URL (where those separators must be kept intact). Using the wrong one is the classic cause of broken links and mangled query strings, so this tool offers both, plus the form-post variant that encodes spaces as +.

The parser below splits any URL into protocol, host, port, path, fragment and each query parameter with its decoded value — handy when debugging redirect chains, OAuth callbacks, tracking parameters or overly long SharePoint links. All processing is local JavaScript.

How to Use This Tool

1
Choose a mode: Encode component for a single value going into a query string, Encode full URL to safely encode a whole address without breaking its structure, or Form encode for application/x-www-form-urlencoded bodies where spaces become +.
2
Paste your text and the output updates instantly — no button press needed.
3
For decoding, switch to Decode and paste the encoded string; the URL parser below also splits any full URL into protocol, host, path and individually decoded query parameters.
4
Use ⇅ Use output as input to chain operations, for example decoding twice to unwrap a double-encoded value.

Common Use Cases

  • 🔗
    Building query strings. Encode a search term or redirect URL before appending it to a link so characters like & and ? don't break the URL structure.
  • 🕵️
    Reading tracking links. Paste a long marketing or phishing-suspect URL into the parser to see every query parameter decoded — the destination hidden inside a url= parameter becomes obvious.
  • 🐛
    Debugging webhooks and forms. Decode form-encoded request bodies captured in logs to see what was actually submitted.
  • 📧
    Email link auditing. Unwrap safelink-wrapped URLs from email security gateways to check where they really point before clicking.
  • 🧪
    API testing. Verify the exact percent-encoding your client sends matches what the server expects — especially for values containing +, % or non-ASCII characters.

Which Mode Do I Need?

  • 🧩
    Encode component. You are inserting a value into a query string: ?q= + encoded value. Escapes &, =, /, ? and everything unsafe.
  • 🌐
    Encode full URL. You have a complete URL with spaces or unicode in it and want it clickable without breaking its structure.
  • 📮
    Form encode. Matches application/x-www-form-urlencoded bodies — spaces become +.
  • 🔍
    Decode. Paste anything percent-encoded to read it — works for both variants.

Frequently Asked Questions

Why does my decoded string still contain %25 or %2B?
It was double-encoded: %2525 decodes to %25, which decodes again to %. Use the ⇅ button to feed the output back through Decode until it stops changing.
When should spaces be + and when %20?
+ means a space only inside application/x-www-form-urlencoded data (traditional form submissions). In URL paths and modern query strings, use %20. When in doubt, %20 is always safe; + in a path is a literal plus sign.
Why did my query value break the URL?
If a value contains & or = and is inserted without component encoding, the server sees extra parameters. Encode the value first: Fish & Chips must become Fish%20%26%20Chips.
What is the difference between %20 and + for spaces?
%20 is the universal percent encoding. + means space only inside form-encoded data (query strings and POST bodies using that format). In a path, + is a literal plus sign.
Why does decoding sometimes fail?
A stray % not followed by two hex digits is malformed. The tool reports it rather than guessing — check whether the string was truncated or double-encoded.