URL Encoder / Decoder

Encode and decode URLs for safe use on the web. Supports both full URL (encodeURI) and component (encodeURIComponent) encoding. Real-time preview as you type.

Encode or Decode

Enter text below to instantly see the encoded or decoded result. Switch between Encode and Decode tabs, or choose between full URL and component encoding.

Characters typed: 0
Try examples:

Why URL Encoding Matters for Web Development

Security & Injection Prevention

Proper URL encoding prevents injection attacks and URL manipulation. Without encoding, special characters like <script> tags or SQL-like patterns in query parameters could be interpreted as code rather than data, leading to XSS (Cross-Site Scripting) or SSRF vulnerabilities.

Universal Compatibility

URLs must use ASCII characters only. URL encoding converts Unicode, non-Latin scripts (Cyrillic, Chinese, Arabic), and special symbols into a safe %XX format that every web server and browser can process consistently, regardless of encoding settings.

Reliable API Integration

APIs and web services require properly encoded URLs. Query parameters with special characters like &, =, #, or + must be encoded to avoid breaking the URL structure. An unencoded & in a parameter value will be interpreted as a new query parameter separator.

Analytics & Tracking Accuracy

UTM parameters and tracking URLs with unencoded spaces, ampersands, or special characters can be truncated or misread by analytics platforms, leading to inaccurate campaign data. Always encode tracking parameters for reliable analytics.

URL Encoding Best Practices

  • Always encode query parameter values:Use encodeURIComponent() for individual parameter values, not the entire URL.
  • Never double-encode:If you receive already-encoded input, don't encode it again. Check with decodeURIComponent() first.
  • Use the right encoder: encodeURI() for full URLs (preserves ://?#), encodeURIComponent() for individual parameters.
  • Encode spaces as %20, not +:While + represents a space in query strings (application/x-www-form-urlencoded), %20 is the correct URL encoding for spaces everywhere.
  • Encode non-ASCII characters:Characters like é, ñ, ü, and CJK characters must be UTF-8 encoded first, then percent-encoded for URLs.
  • Validate before encoding:Check if the input already contains encoded sequences (%XX) to avoid double encoding.
  • Use HTTPS URLs:Always encode URLs used in secure contexts (HTTPS pages, API calls, redirects) to prevent mixed content issues.

Frequently Asked Questions

What is URL encoding?

URL encoding (also called percent-encoding) is a mechanism for encoding information in a Uniform Resource Identifier (URI) by replacing unsafe ASCII characters with a "%" followed by two hexadecimal digits. For example, a space character becomes "%20" and a slash "/" becomes "%2F". This ensures that URLs are transmitted safely over the internet without ambiguity, since some characters have special meanings in URLs (like "/" for path separation and "?" for query string start).

Why do I need to encode URLs?

URL encoding is essential because URLs can only be sent over the internet using the ASCII character set. If a URL contains characters outside the ASCII range (like spaces, Unicode characters, or special symbols), those characters must be encoded. Common scenarios include: form submissions with special characters, URLs containing spaces or non-ASCII text, query parameters with ampersands or equals signs, links in HTML emails or documents, and API requests with complex parameters. Without proper encoding, URLs can break, return errors, or be misinterpreted by servers.

What is the difference between encodeURI and encodeURIComponent?

encodeURI() is used to encode a complete URL while preserving characters that are part of the URL syntax (like ://?#[]@). It assumes the input is a full URL and will NOT encode characters that have special meaning in the URL structure. encodeURIComponent(), on the other hand, encodes EVERYTHING including the characters that have special meaning in URLs. Use encodeURI() when you have a full URL with a few special characters in the path. Use encodeURIComponent() when encoding individual query parameter values or hash fragments — but NOT the entire URL, as it would make the URL unusable.

What characters need to be encoded in a URL?

Characters that MUST be encoded in a URL include: spaces (encoded as %20), non-ASCII characters (Unicode), and characters with special meaning in URLs such as control characters, # (fragment identifier), % (percent encoding itself), & (query separator), + (space in query strings), = (key-value separator), and in some contexts /, ?, :, @, $, ,, ;. The specific set of reserved characters depends on which part of the URL you are encoding. A good rule: if a character is not a letter, digit, or one of - _ . ~, consider encoding it.

When would I use full URL encoding vs component encoding?

Use full URL encoding (encodeURI) when you have a complete URL that contains a few characters needing encoding in the path — for example, encoding a filename with a space: "https://example.com/my file.pdf" becomes "https://example.com/my%20file.pdf". Use component encoding (encodeURIComponent) when encoding individual query parameter values or path segments that might contain characters like &, =, or # — for example, a search query like "rock & roll" should be encoded as "rock%20%26%20roll" when used as a query parameter value. Never use encodeURIComponent on an entire URL — it will encode the :// and break it.

Can URL encoding affect SEO?

Yes — proper URL encoding affects SEO in several ways. First, clean, readable URLs with proper encoding are more likely to be clicked in search results. Second, improperly encoded URLs (especially those with spaces or non-ASCII characters) can cause duplicate content issues if CMS systems generate different encodings for the same page. Third, encoded URLs that are too long or complex may be truncated in search results. Fourth, search engines prefer URLs that use hyphens (-) rather than encoded spaces (%20). Always encode URLs correctly and use descriptive, human-readable slugs where possible.

How do I encode a URL in JavaScript?

JavaScript provides three main functions for URL encoding. encodeURI(str) encodes a full URI but preserves characters that are part of the URI syntax (like ://?#[]@). encodeURIComponent(str) encodes a URI component by escaping all characters except letters, digits, and - _ . ! ~ * ' ( ). It is ideal for encoding query string parameter values. decodeURI(str) and decodeURIComponent(str) reverse the encoding. For older browser support, you can also use escape() and unescape(), but these are deprecated. Our URL Encoder/Decoder tool uses these same JavaScript methods, giving you the same results as running code in your browser console.

What is double encoding and why is it a problem?

Double encoding occurs when a URL-encoded string is encoded again. For example, a space encoded as %20 that gets encoded again becomes %2520 (the % is encoded as %25, so %25 is the encoded form of %, making %2520 = %25 + 20). Double encoding can cause problems because servers may not recognize the doubly-encoded value or may apply encoding twice, leading to broken URLs. This commonly happens when developers encode user input that is already encoded, or when web frameworks apply automatic encoding on top of manual encoding. Always check whether your input is already encoded before applying encoding again.

How does URL encoding differ from HTML encoding?

URL encoding (percent-encoding) is used to safely transmit characters in URLs by replacing them with %XX hexadecimal notation. HTML encoding (HTML entities) is used to display reserved characters in HTML content by replacing them with entity references like & for &, < for <, and > for >. They serve completely different purposes: URL encoding ensures URLs are valid for transmission over the internet, while HTML encoding prevents characters from being interpreted as HTML markup. A common mistake is using HTML encoding where URL encoding is needed (and vice versa). For example, an ampersand in a URL query string needs URL encoding as %26, not the HTML entity &.

Suggested Workflow

Use URL encoding as part of a comprehensive website migration or content optimization strategy. View the Website Migration Workflow →

Reviewed Jun 2026 · Sources and limitations

Review details: 2026-06-10 · Marc LaClear · v1.0

Reference sources:

Known limits:

  • Checks are based on publicly fetchable HTML, response headers, and browser-side input. They do not use private Google Search Console, analytics, or ranking data.
  • Scores and warnings are diagnostic aids, not guarantees of ranking improvement or Google indexation.
  • Pages blocked by robots.txt, login walls, bot protection, heavy JavaScript, or network timeouts may return incomplete results.
  • Validate critical fixes with official Google tools such as Search Console, Rich Results Test, Lighthouse, and your own crawl data.

Report an issue with this tool