How URL Encoding Works (RFC 3986)
URLs can only contain a limited set of ASCII characters. Anything outside that set (spaces, Unicode, reserved delimiters used as data) must be "percent-encoded": a % followed by two hex digits representing the byte value. A space becomes %20, a forward slash in a query value becomes %2F, and the Japanese character γ becomes %E3%81%82 (three UTF-8 bytes).
This isn't optional. If you stick a raw & in a query parameter value, the server sees it as a parameter separator, not as data. I've debugged this exact issue at least a dozen times: an API returning "missing parameter" because someone forgot to encode the & in a company name like "Ben & Jerry's."
The spec (RFC 3986, Section 2.1) defines "unreserved characters" that never need encoding: A-Z, a-z, 0-9, and - _ . ~. Everything else is either reserved (has special meaning in URLs) or must be encoded. The tricky part: whether you encode reserved characters depends on context. A / in the path component is a delimiter, but a / inside a query parameter value is data and must be encoded as %2F.
How to Use
- 1Choose Encode or Decode mode.
- 2Paste or type your text: a full URL, a query parameter value, or an already-encoded string.
- 3The result updates as you type. Copy it with one click.
- 4For encoding: paste just the value part (not the whole URL) to avoid double-encoding the structure.
When You'll Need This
Building query strings with user input
User searches for "shoes & bags". If you don't encode that &, the server splits it into two parameters. encodeURIComponent("shoes & bags") gives you "shoes%20%26%20bags" which is safe to drop into ?q=.
Debugging OAuth and redirect URLs
OAuth flows pass redirect_uri as a query parameter. That URI itself contains ? and & characters. You need to encode the entire redirect URL so it travels safely as a single parameter value. Double-encoding bugs here cause "invalid redirect_uri" errors that are painful to trace.
Decoding tracking links and UTM parameters
Marketing tools generate URLs with encoded UTM parameters that are unreadable. Paste the full URL here to see what utm_campaign, utm_source, and utm_content actually say without manually parsing %20 and %3D.
Passing JSON or special data in URL parameters
Some APIs accept JSON in query strings (bad practice, but it exists). The { } " characters all need encoding. This tool shows you exactly what the encoded version looks like before you hardcode it.
Common Mistakes to Avoid
Don't encode the entire URL, only the values
encodeURIComponent("https://example.com/path?q=hello") encodes the :// and ? too, breaking the URL structure. Encode individual parameter values, not the whole thing. Use encodeURI() only if you need to encode a full URL while preserving its structure.
Watch out for double-encoding
If a value is already encoded (%20), encoding it again turns %20 into %2520 (the % gets encoded to %25). This is the #1 bug I see in URL handling code. Always check if your framework already encodes before you add another layer.
+ vs %20 for spaces: know the difference
In query strings (application/x-www-form-urlencoded), spaces can be + or %20. In path segments, only %20 is valid. JavaScript's encodeURIComponent always uses %20. If you're decoding and see +, you might need to replace them with spaces first. decodeURIComponent won't do that automatically.
UTF-8 encoding happens before percent-encoding
The character Γ© is first encoded as UTF-8 bytes (0xC3 0xA9), then each byte is percent-encoded (%C3%A9). If your system uses Latin-1 instead of UTF-8, you get %E9 (one byte instead of two). This mismatch causes mojibake. Always use UTF-8.
Examples
Encoding a search query with special characters
A user searches for "C++ tutorials & guides". All three special characters need encoding.
Input
C++ tutorials & guidesOutput
C%2B%2B%20tutorials%20%26%20guidesDecoding a tracking URL parameter
A marketing URL contains an encoded redirect. Decode it to see where it actually goes.
Input
https%3A%2F%2Fexample.com%2Flanding%3Futm_source%3Dnewsletter%26utm_campaign%3DspringOutput
https://example.com/landing?utm_source=newsletter&utm_campaign=springLimitations
- Uses JavaScript encodeURIComponent/decodeURIComponent β does not encode characters that are valid in URLs (like / : @ in the path).
- Cannot process entire multi-part URLs intelligently (e.g., encoding only query parameters while preserving path separators). Paste one component at a time.
- Does not support custom encoding tables or non-standard percent-encoding schemes.
- Maximum input limited by browser memory β extremely long strings (>10MB) may freeze the tab.
Features
- Encode and decode modes with instant switching
- Uses standard encodeURIComponent/decodeURIComponent, same as browsers
- Full Unicode support (emoji, CJK characters, multi-byte sequences)
- Shows results as you type. No submit button needed
- One-click copy to clipboard
- Your data stays in your browser. Zero network requests, no data collection
Frequently Asked Questions
What's the difference between encodeURI() and encodeURIComponent()?
encodeURI() is for encoding a complete URL. It leaves :, /, ?, #, and & alone because they're structural. encodeURIComponent() encodes everything except A-Z, 0-9, and - _ . ! ~ * ' ( ). Use encodeURIComponent() for parameter values, encodeURI() for full URLs. In practice, you almost always want encodeURIComponent() because you're encoding a value to put inside a URL, not the URL itself.
Why does my URL break when I include a & or = in a parameter value?
Because & separates parameters and = separates key from value in query strings. If your value contains these characters literally, the parser splits on them. Encode the value: "Tom & Jerry" becomes "Tom%20%26%20Jerry". Now the parser sees one parameter with an encoded ampersand, not two separate parameters.
Should I use %20 or + for spaces?
It depends on context. In the query string of application/x-www-form-urlencoded (HTML forms), + means space. In URL path segments and other contexts, only %20 is valid. JavaScript's encodeURIComponent() always produces %20. Most servers accept both in query strings, but if you're building path segments, stick with %20.
How do I encode Unicode characters like emoji or Chinese text?
The character is first converted to UTF-8 bytes, then each byte is percent-encoded. The emoji π is 4 UTF-8 bytes: F0 9F 8E 89, so it becomes %F0%9F%8E%89. Chinese character δΈ is 3 bytes: E4 B8 AD β %E4%B8%AD. This tool handles all of this automatically. Just paste and it works.
What causes double-encoding and how do I fix it?
Double-encoding happens when you encode an already-encoded string. %20 becomes %2520 because the % is encoded to %25. Common cause: your framework encodes automatically, and you also call encodeURIComponent(). Fix: decode first (to get the raw value), then encode once. Or check if your HTTP library already handles encoding (most do, including axios and fetch with URLSearchParams).
Is it safe to encode sensitive URLs or API keys here?
Yes. This tool uses the browser's native encodeURIComponent() and decodeURIComponent() functions. Everything runs in your browser's JavaScript engine with zero server communication. No data you paste here is ever transmitted anywhere. You can verify by opening DevTools β Network tab: no requests fire when you encode or decode. Safe for API keys, OAuth tokens, and any URL parameter you'd rather not paste into an unknown online service.
Last reviewed:
Your Privacy
All encoding and decoding happens entirely in your browser. No data is uploaded to any server. Your URLs and parameters never leave your device.
In-Depth Guide
URL Encoding Guide: Percent-Encoding Rules Explained
Why URLs break when you paste special characters, how percent-encoding works, and the difference between encodeURI and encodeURIComponent.
Read guideTips & Related Workflows
- Working with binary data instead of URL parameters? The Base64 Encoder/Decoder.
- Putting JSON in a URL? Format it first with the JSON Formatter.
- If you need a scannable link from your encoded URL, try the QR Code Generator.
- Need a cache-busting hash for your URLs? The Hash Generator.