Free URL encoder and decoder. Percent-encode a URL or any string for safe use in URLs, query parameters, or form data; or decode an already-encoded string back to plain text. Round-trips cleanly with malformed input flagged.
A URL can only carry a limited set of characters safely. Everything else, including spaces, non-ASCII letters, and reserved characters such as ?, &, #, and =, has to be percent-encoded. Encoding takes each byte of the character's UTF-8 representation and writes it as a percent sign followed by two hexadecimal digits, so a space becomes %20 and an ampersand inside a value becomes %26. This keeps the structural characters of the URL from being confused with data.
This tool percent-encodes any string for safe use in a URL, a query parameter, or a form body, and decodes an already-encoded string back to plain text. It runs in your browser and flags malformed input, such as a stray percent sign that is not followed by two valid hex digits, instead of silently producing garbage.
The common mistake is encoding an entire URL when you only meant to encode one query value. Reserved characters like /, :, ?, and & are the delimiters that give a URL its structure, so encoding them away breaks the address. When you are inserting a value into a query string, encode only that value so its own & or = characters cannot be read as separators.
The other frequent bug is double-encoding: running an already-encoded string through an encoder again turns %20 into %2520 because the percent sign itself gets encoded. If a decoded value still shows stray %25 sequences, it was encoded twice and needs decoding twice.
URL encoding, also called percent-encoding, replaces characters that are unsafe or reserved in a URL with a percent sign followed by the hexadecimal value of each UTF-8 byte. It lets you carry spaces, symbols, and non-ASCII text in a URL without breaking its structure.
In the path and most of a URL a space is encoded as %20. In the application/x-www-form-urlencoded format used by HTML form submissions and query strings, a space can instead be encoded as a plus sign. Both decode back to a space.
Usually just the parameter value. Encoding an entire URL escapes the slashes, colons, and separators that give it structure and breaks the address. Encode only the value you are inserting so its own special characters cannot be misread.
Yes. Percent-encoding is a fully reversible transformation with no key involved, so decoding restores the original text exactly. It is not encryption and provides no security.