URL encoding for safe web data transmission
URLs have strict rules. The protocol, domain, and path can only contain unreserved characters: letters, digits, hyphens, underscores, periods, and tildes. Everything else—spaces, special characters, non-ASCII text—must be percent-encoded (also called URL encoding). For example, a space becomes %20, a forward slash becomes %2F, and an equals sign becomes %3D. This encoding ensures that special characters don't break URL syntax or get misinterpreted by servers. When you search Google for "hello world", your browser encodes it as "hello%20world" before sending the request. URL encoding is essential for query parameters, form submissions, API calls, and any scenario where user input enters a URL.
This tool encodes plain text or URLs into their percent-encoded equivalents, and decodes them back. It's lossless—no information is lost, and decoding always recovers the original. Understanding URL encoding is critical for web developers debugging API requests, crafting query strings, handling international characters (Unicode), and ensuring data reaches servers correctly without corruption or syntax errors.
How URL encoding works
- Safe vs. unsafe characters: Unreserved characters (A–Z, a–z, 0–9, -, _, ., ~) pass through unchanged. Everything else is encoded.
- Percent encoding: Each unsafe character is converted to a percent sign followed by its two-digit hexadecimal UTF-8 byte value. Space (ASCII 32) is %20; é (UTF-8 0xC3 0xA9) is %C3%A9.
- Query parameters:In URLs, the query string (after ?) separates parameters with & and key-value pairs with =. Both & and = must be encoded when they appear as data values.
- Decoding reversal: Replace each %HH (percent + hex) with the corresponding byte, then decode UTF-8 to recover the original text.
- Context matters: Different URL parts (path, query, fragment) have slightly different rules. This tool uses standard encodeURIComponent rules—safe for query strings and form data.
Common URL encoding scenarios
- Search queries.Encode user search input before appending to a search URL: "hello world" becomes "hello%20world".
- API query parameters. Encode filter values, email addresses, and other parameters in REST API calls to prevent syntax errors.
- Form submissions. HTML forms automatically encode data, but custom requests need manual encoding.
- International text in URLs. Encode UTF-8 characters for non-English languages, allowing URLs to work across browsers and servers globally.
- Debugging API calls. Decode obfuscated URLs to inspect what parameters a server received, spotting issues with special characters or encoding mismatches.
Frequently asked questions
Why do spaces become %20 instead of +?
Both are valid in different contexts. Standard URL encoding uses %20 (the hex code for space). The "+" convention is specific to application/x-www-form-urlencoded form submissions. This tool uses %20 for correctness in all URL contexts.
Can I encode an entire URL?
Partially. The protocol, domain, and path have their own rules. Use this tool for individual components like query parameters and values. For full URLs, be selective: encode the query string and fragment, but not the domain or path separators.
What's the maximum URL length?
Browsers and servers limit URLs to around 2,000 characters. When encoding data, the length grows—spaces and special characters expand to %XX. For large data, use POST requests with form bodies instead of GET with query strings.
Is my data private when I encode here?
Yes. All encoding and decoding happens in your browser. Your input is never sent to a server. You can safely encode sensitive information, passwords, or API keys without privacy concerns.