URL Encoder and Decoder: Free Online Tool
Paste any text or URL. Get the encoded or decoded version instantly. No account needed, nothing to download.
Your encoded URL will appear here
What is URL encoding?
URL encoding converts characters that can't be safely transmitted in a URL into a percent-encoded format. A space becomes %20. The @ symbol becomes %40. The # becomes %23.
Every URL can only contain a limited set of ASCII characters. Anything outside that set (spaces, special characters, non-ASCII letters) has to be encoded before it can travel safely across the internet.
The technical name for this is percent-encoding, because every encoded character starts with a % followed by 2 hexadecimal digits representing its byte value.
How URL encoding works
When a character gets URL-encoded, here's what happens:
- The character is converted to its byte value in UTF-8
- Each byte gets written as % followed by the hexadecimal value
So a space (byte value 32 in decimal, 20 in hex) becomes %20. The euro sign € (3 bytes in UTF-8: E2, 82, AC) becomes %E2%82%AC.
Most URL encoders today use UTF-8, which means they can handle any character in any language. Old encoders sometimes used ASCII or ISO-8859-1, which caused problems with international characters. UTF-8 is the standard now per RFC 3629.
Reserved vs unreserved characters in a URL
Not all characters need encoding. URLs recognize 2 categories.
Unreserved characters never need encoding. They can appear in a URL as-is:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 - _ . ~
Reserved characters have special meaning in a URL. If you're using them as data (not as URL structure), they need encoding:
| Character | Encoded form | Meaning in URL |
|---|---|---|
| / | %2F | Path separator |
| ? | %3F | Query string start |
| # | %23 | Fragment identifier |
| & | %26 | Query param separator |
| = | %3D | Key-value separator |
| + | %2B | Space (in form data) |
| @ | %40 | Used in email and auth |
| : | %3A | Protocol separator |
| ; | %3B | Param separator |
| , | %2C | Value list separator |
This list comes from RFC 3986 (January 2005), the current standard for Uniform Resource Identifier (URI) syntax.
Percent-encoded characters: quick reference
The most common characters you'll encounter:
| Character | Encoded form | Notes |
|---|---|---|
| Space | %20 | Also written as + in form data |
| ! | %21 | Reserved |
| " | %22 | |
| # | %23 | Reserved |
| $ | %24 | Reserved |
| % | %25 | Must encode the percent sign itself |
| & | %26 | Reserved |
| ' | %27 | |
| ( | %28 | |
| ) | %29 | |
| * | %2A | |
| + | %2B | Reserved |
| , | %2C | Reserved |
| / | %2F | Reserved |
| : | %3A | Reserved |
| ; | %3B | Reserved |
| < | %3C | |
| = | %3D | Reserved |
| > | %3E | |
| ? | %3F | Reserved |
| @ | %40 | Reserved |
| [ | %5B | Reserved |
| \ | %5C | |
| ] | %5D | Reserved |
| ^ | %5E | |
| ` | %60 | |
| { | %7B | |
| | | %7C | |
| } | %7D | |
| ~ | %7E | Unreserved but sometimes encoded |
What is URL decoding?
URL decoding is the reverse. It takes a percent-encoded string and converts it back to human-readable text.
Hello%20World%21 decodes to Hello World!. user%40example.com decodes to user@example.com.
You'll use this most often when debugging API responses or trying to understand what's in a URL that arrived at your server.
URL encoding vs URL decoding
| URL encoding | URL decoding | |
|---|---|---|
| Direction | Plain text to percent-encoded | Percent-encoded to plain text |
| When to use | Before sending data in a URL | After receiving an encoded URL |
| Example | hello world → hello%20world | hello%20world → hello world |
Encode before sending. Decode after receiving.
Why is URL encoding important?
A URL can only contain characters from a specific ASCII subset. If your data contains anything outside that range (a space, a #, or a non-English character), the URL either breaks or is misinterpreted.
Say you're passing a user's email address as a query parameter: ?email=user@domain.com. The @ sign isn't a reserved character in a query string, but many servers and proxies will misread it. Encoded: ?email=user%40domain.com. Now it's unambiguous.
Or a search query with C# programming. Without encoding: ?q=C# programming. The # tells the browser you've started a fragment, so the server never sees "programming". Encoded: ?q=C%23%20programming. The server gets the whole thing.
When do you actually need URL encoding?
API query parameters
Any time you pass user input as a URL parameter, encode it. Search terms, email addresses, anything that might contain spaces or special characters.
OAuth and authentication tokens
Access tokens sometimes contain + and = characters. If you paste them raw into a redirect URI, they'll be misinterpreted. Encode them first.
HTML form submissions
When a form submits via GET, the browser automatically encodes the data as application/x-www-form-urlencoded. Spaces become +, everything else gets percent-encoded. This is why + and %20 both represent spaces, depending on context.
Email links
mailto: links with pre-filled subjects need encoding. A subject like Meeting at 3 pm? becomes subject=Meeting%20at%203pm%3F.
Webhook payloads
If you're building a redirect URL and need to pass a callback URL as a parameter, encode the entire callback URL. A URL inside a URL has to be encoded.
URL encoding in Python, JavaScript, and PHP
from urllib.parse import quote, unquote, urlencode
# Encode a single value
encoded = quote("hello world & more")
# Result: 'hello%20world%20%26%20more'
# For query string parameters (encodes space as +)
params = {"q": "hello world", "lang": "en"}
query_string = urlencode(params)
# Result: 'q=hello+world&lang=en'
# Decode
decoded = unquote("hello%20world%20%26%20more")
# Result: 'hello world & more'// Encode a query parameter value
const encoded = encodeURIComponent("hello world & more");
// Result: 'hello%20world%20%26%20more'
// Encode a full URL (leaves :, /, ?, # intact)
const encodedURL = encodeURI("https://example.com/search?q=hello world");
// Result: 'https://example.com/search?q=hello%20world'
// Decode
const decoded = decodeURIComponent("hello%20world%20%26%20more");
// Result: 'hello world & more'// Encode a query parameter value
$encoded = rawurlencode("hello world & more");
// Result: 'hello%20world%20%26%20more'
// For form data (encodes space as +)
$encoded_form = urlencode("hello world & more");
// Result: 'hello+world+%26+more'
// Decode
$decoded = rawurldecode("hello%20world%20%26%20more");
// Result: 'hello world & more'
// Build a complete query string
$params = array("q" => "hello world", "lang" => "en");
$query_string = http_build_query($params);
// Result: 'q=hello+world&lang=en'Quick rule of thumb
Python: use quote() for path segments, urlencode() for query strings.
JavaScript: use encodeURIComponent() for parameter values, encodeURI() for full URLs.
PHP: use rawurlencode() for path segments and parameter values, http_build_query() for form-style query strings.
Common URL encoding mistakes
Double encoding
If you run an already-encoded string through the encoder again, %20 becomes %2520. The % gets encoded to %25. Your server receives hello%2520world instead of hello world. Check whether your string is already encoded before encoding it again.
Encoding the entire URL
Encode individual parameter values, not the whole URL. Encoding https://example.com/search?q=hello turns the ://, /, and ? into %3A%2F%2F and %3F, which breaks the URL entirely. Encode values, not structure.
Confusing + and %20
Both represent a space, but in different contexts. + means space in application/x-www-form-urlencoded data (HTML forms). %20 means space in a URL path. They're not interchangeable. For URL paths, use %20.
Not encoding nested URLs
If you're passing a full URL as a query parameter (such as a redirect URL), encode it in full. ?redirect=https://example.com/callback?code=123 will confuse any parser. It should be ?redirect=https%3A%2F%2Fexample.com%2Fcallback%3Fcode%3D123.
Forgetting to encode the % sign
If your data contains a literal %, it needs to become %25. Otherwise, it'll be read as the start of an encoded sequence.
How to use BotGauge URL Encoder/Decoder
Step 1 - Choose your mode
Click "Encode" or "Decode" depending on what you need.
Step 2 - Paste your text
Enter the string you want to process. This can be a query parameter value, a full URL, a token, or any block of text.
Step 3 - Get your result
The output appears instantly. Click "Copy" to copy it to your clipboard.
The tool uses UTF-8 encoding, the current web standard. No configuration needed for most use cases.
Summary
URL encoding is one of those things you only notice when something breaks. A form submission fails. An API returns a 400. Nine times out of 10, the culprit is a single unencoded character: a raw &, a space that stayed a space, or a % that never became %25. The fix is always the same: encode values before they go into a URL, decode them when they come back out. This tool handles both instantly.
But encoding is just one piece of building reliable web workflows. Your application needs to handle those URLs correctly across browsers, API calls, form submissions, and redirect chains. The only way to know it does is to test it.
BotGauge's Autonomous QA as a Solution (AQaaS) owns the entire test lifecycle. Share your PRDs, demo videos, and UX flows, and our AI agents generate and run tests across your APIs, UI, form submissions, and critical paths. Our domain FDA pod validates every test before it runs.
Teams typically hit 80% coverage in 2 weeks, with self-healing AI that adapts when the UI changes. The URL encoder above is free. If you want that kind of coverage across your whole web application, AQaaS is where to start.