URL Encoder and Decoder Online Free — Encode Special Characters Instantly
URLs can only carry a safe subset of ASCII characters. Everything else — spaces, ampersands, accented letters, emoji — must be converted to percent-encoded sequences before a browser or server can handle them correctly. A browser-based URL encoder does that conversion in milliseconds: paste in a URL or a query string value, click Encode or Decode, and copy the result. Everything runs locally; your data never leaves the browser. This guide explains why percent encoding exists, how to use the tool, which characters need encoding, and the common mistakes that silently break URLs in production.
- RFC 3986 defines which characters are safe in a URL and which must be percent-encoded as
%XXhex sequences. - Spaces become
%20in URLs (not+, which is only correct inside HTML form data). encodeURIComponentis the right JavaScript function for parameter values;encodeURIis for complete URLs.- Double-encoding (
%2520instead of%20) is the most common mistake and silently breaks redirect chains and API calls. - Unicode characters are converted to UTF-8 bytes first, then each byte is percent-encoded.
What Is URL Encoding and Why Does It Exist?
URL encoding — formally called percent encoding — is the mechanism defined in RFC 3986 for representing characters that are either unsafe or carry reserved meaning inside a URL. Each unsafe character is replaced by a percent sign followed by two hexadecimal digits representing the character's byte value: a space becomes %20, an ampersand becomes %26, a hash becomes %23.
A URL has strict structural rules. Certain characters — ?, &, =, #, / — are reserved: they delimit parts of the URL. If one of these characters appears inside a value rather than as a delimiter, the parser cannot tell the difference. The only way to include a literal & in a query string value is to encode it as %26, so the parser knows it is data, not a separator.
A second category is unsafe characters: those that browsers, proxies, and servers may silently modify or strip. Spaces are the obvious example — a bare space in a URL is invalid and gets interpreted inconsistently across systems. The percent-encoded form %20 travels safely through every HTTP intermediary without ambiguity.
Non-ASCII characters add a third layer. Unicode characters like é, π, or emoji have no direct place in a URL. The convention — required by RFC 3986 and IRI processing rules — is to encode them as UTF-8 bytes first, then percent-encode each byte. The euro sign € becomes three UTF-8 bytes E2 82 AC and therefore %E2%82%AC in a URL.
How to Encode or Decode a URL with the Tool
The FusionPDF URL encoder runs entirely in your browser. No data is transmitted to any server — you can confirm this by watching the browser's network tab during use. Encoding and decoding are instant for any text you are likely to paste.
Go to fusionpdf.pro/url-encoder. No account, no sign-up. The tool loads immediately and works offline once the page is cached.
Paste the full URL, a query string, or just a parameter value into the input field. The tool handles both complete URLs and bare values like hello world & more.
Encode converts special characters to %XX sequences. Decode reverses that, converting %XX sequences back to their original characters. Both directions are instant.
Click the copy button next to the output field to copy the encoded or decoded string to your clipboard, ready to paste into your code, terminal, or API client.
Quick tip: If you are encoding a query string value that contains an entire URL (a common pattern in redirect parameters), encode only the inner URL, not the outer one. Encoding the whole thing together produces double-encoded output that most servers will not decode correctly.
Common Encoded Characters Quick Reference
The table below shows the most frequently encountered characters and their percent-encoded equivalents. RFC 3986 unreserved characters — letters, digits, -, _, ., ~ — never need encoding anywhere in a URL. Everything else listed here does.
| Character | Percent encoding | Where it appears / why it matters |
|---|---|---|
| Space | %20 |
The most common encoding need; bare spaces are invalid in URLs |
& (ampersand) |
%26 |
Separates query string parameters; must be encoded inside a value |
= (equals) |
%3D |
Separates key from value in query strings; encode when it appears in a value |
? (question mark) |
%3F |
Begins the query string; encode when a ? appears inside a parameter value |
# (hash / pound) |
%23 |
Starts the fragment identifier; browsers strip everything after it before sending to the server |
+ (plus) |
%2B |
Means a space in form-encoded data; encode as %2B to preserve a literal plus sign |
/ (slash) |
%2F |
Path segment separator; encode only when a slash appears inside a segment value |
: (colon) |
%3A |
Separates scheme from authority (e.g. https:); encode inside path segments |
@ (at sign) |
%40 |
Used in authority for userinfo; encode when it appears as data in a path or query |
% (percent) |
%25 |
The encoding prefix itself; a literal percent sign must be encoded as %25 |
- _ . ~. Every other character must be percent-encoded when used as data.
encodeURI vs encodeURIComponent — When to Use Each
JavaScript provides two built-in encoding functions that are frequently confused. encodeURI is for encoding a complete URL and deliberately leaves structural characters like /, ?, #, and & untouched. encodeURIComponent is for encoding a single value that will be placed inside a URL, and it does encode those reserved characters. Use encodeURIComponent for parameter values; use encodeURI only when you have an already-structured URL.
// encodeURI — preserves URL structure, encodes only truly unsafe chars
const url = "https://example.com/search?q=hello world&lang=en";
console.log(encodeURI(url));
// → "https://example.com/search?q=hello%20world&lang=en"
// Notice: & and = are left alone because they are structural
// encodeURIComponent — encodes everything including reserved chars
const value = "hello world & goodbye";
console.log(encodeURIComponent(value));
// → "hello%20world%20%26%20goodbye"
// Notice: & is now %26, safe to embed as a parameter value
// Building a URL with parameters — the correct pattern
const base = "https://api.example.com/search";
const query = encodeURIComponent("C# async/await");
const lang = encodeURIComponent("en-US");
const final = `${base}?q=${query}&lang=${lang}`;
// → "https://api.example.com/search?q=C%23%20async%2Fawait&lang=en-US"
Python equivalents: urllib.parse.quote(s, safe='/') behaves like encodeURI for paths; urllib.parse.quote(s, safe='') behaves like encodeURIComponent. For building query strings from a dictionary, use urllib.parse.urlencode(params), which handles the key=value&key=value structure and encodes values automatically.
URL Decoding: Reading Percent-Encoded Strings from Logs
When you pull access logs, inspect redirect chains, or read raw HTTP requests, URLs appear in their encoded form. A request like GET /search?q=caf%C3%A9%20menu&city=S%C3%A3o%20Paulo is much easier to understand once decoded to /search?q=café menu&city=São Paulo. Decoding is the reverse of encoding: each %XX sequence is replaced by the byte it represents, then bytes are interpreted as UTF-8.
Log analysis is the most common reason developers reach for a URL decoder. Web server logs, CDN logs, and API gateway logs all record raw encoded URLs. Search queries, file paths, and user-submitted values show up as strings of percent signs and hex digits. Pasting a line into a decoder takes one second and immediately reveals what the user actually searched for or what path they hit.
Redirect chains compound this. A redirect from page A to page B to page C often carries the original destination URL as a parameter in the redirect URL. After two or three hops, the destination is a doubly or triply encoded string. Decoding it step by step — decode once, inspect, decode again if needed — is the fastest way to trace where a redirect is pointing.
Query strings in analytics platforms are another source. UTM parameters, attribution tokens, and campaign IDs often contain encoded characters when copied from a tracking URL builder or exported from an analytics dashboard. Decoding reveals the readable campaign names and source values.
Common Mistakes: Double-Encoding and Encoding Slashes
The two most damaging URL encoding errors are double-encoding and incorrectly encoding path separators. Double-encoding produces %2520 where %20 was intended, because the percent sign itself got encoded a second time. Encoding path slashes removes the separator between URL segments and causes a server to treat the whole path as a single flat segment, returning a 404 or routing to the wrong handler.
Double-encoding
This happens when you encode something that is already encoded. If you receive a URL like /file?name=hello%20world and then run the whole string through encodeURIComponent, the % in %20 becomes %25, producing hello%2520world. The server decodes it once and gets hello%20world as the literal string, not hello world.
The fix is to always encode raw unencoded values, never re-encode an already-encoded string. If you are unsure whether input is encoded, decode it first to guarantee you have the raw value, then encode it exactly once before inserting it into a URL.
Encoding path slashes when you should not
If your path is /api/v1/users/123 and you run it through encodeURIComponent, the slashes become %2F and the server receives a single path segment %2Fapi%2Fv1%2Fusers%2F123 rather than a four-level path. Most servers will either 404 or route it incorrectly. Use encodeURI for complete paths (which leaves / alone) or encode each segment individually with encodeURIComponent and then join them with literal / characters.
Watch out for the percent sign itself. A URL that already contains %20 is encoding a space. If you copy that URL into a system that encodes it again, the % becomes %25 and you get %2520 — double-encoded garbage. Always check your inputs: if they already contain % followed by two hex digits, they are already encoded.
Plus sign confusion
Some URL builders encode spaces as + instead of %20. The plus-as-space convention comes from the application/x-www-form-urlencoded format used in HTML form submissions — it is not part of RFC 3986. A + in a path segment is a literal plus sign, not a space. Mixing contexts leads to searches that literally include a + character when the user typed a space. The safe choice is always %20.
Use Cases: API Query Strings, Redirect Debugging, Form Data
URL encoding comes up in three recurring practical scenarios: building API request URLs with parameter values that contain special characters, debugging redirect loops where the destination URL is embedded as an encoded parameter, and inspecting or reconstructing form data submitted via HTTP POST.
Building API query strings
REST API calls frequently include search terms, filter values, or identifiers as query parameters. A search for C# async/await tutorial becomes ?q=C%23%20async%2Fawait%20tutorial once properly encoded. Forgetting to encode the # is especially damaging: browsers treat it as the start of a URL fragment and discard everything after it before making the HTTP request. The server never sees the query.
Debugging redirect loops
Redirect chains often carry a returnTo or next parameter that holds the URL the user should land on after authentication or a middleware step. That inner URL is percent-encoded. When a redirect loop occurs, pasting the full URL into a decoder and reading the embedded destination is the fastest way to diagnose whether the redirect is pointing somewhere that immediately redirects back.
Form data encoding
HTML forms submitted with method="GET" append field values to the URL as a query string. The browser encodes them automatically, but when you build form-style strings programmatically — for an OAuth request body, a webhook payload, or a URL-encoded POST — you need to encode each value with encodeURIComponent (or Python's urllib.parse.urlencode) and join pairs with &. Skipping encoding for "simple" values is the source of subtle bugs that surface only when users have names or addresses containing ampersands or equals signs.
Testing API calls: If your API request returns a 400 or unexpected results, paste the full URL into the decoder and check whether your parameter values look correct. Unintended percent signs, misencoded characters, or missing encoding on special characters are among the top causes of API request failures that don't produce an obvious error message.
Frequently Asked Questions
Which characters are safe in a URL without encoding?
RFC 3986 defines unreserved characters as letters (A–Z, a–z), digits (0–9), hyphens, underscores, periods, and tildes. These 66 characters never need encoding. Everything else — spaces, ampersands, equal signs, hash marks, and all non-ASCII characters — must be percent-encoded when placed inside a URL component. Reserved characters like / ? # & = are safe as structural delimiters but must be encoded when they appear as data values.
What is the difference between + and %20 for encoding a space?
Both represent a space, but in different contexts. %20 is correct everywhere per RFC 3986 and works in URL paths, query strings, and fragment identifiers. The plus sign + encodes a space only inside application/x-www-form-urlencoded data, which is the format used by HTML form submissions. In a URL path segment, a literal + means a plus sign, not a space. Use %20 when in doubt — it is universally correct.
How do I decode a URL in Python or JavaScript?
In Python, use urllib.parse.unquote('your%20url') to decode percent encoding, or urllib.parse.unquote_plus() if the input may contain + signs from form data. In JavaScript, use decodeURIComponent('your%20url') for a component value, or decodeURI() for a full URL where structural characters like / and ? should remain untouched. Both are built-in functions; no library is required.
Does the URL encoder handle Unicode characters?
Yes. Unicode characters like accented letters, CJK characters, or emoji are first encoded to UTF-8 bytes, then each byte is percent-encoded. For example, the euro sign € encodes to three UTF-8 bytes and appears as %E2%82%AC in a URL. The FusionPDF URL encoder follows this UTF-8 convention, which matches what browsers and RFC 3986 require. Non-UTF-8 encodings are not supported, but UTF-8 covers all modern use cases.
What is the difference between encodeURI and encodeURIComponent?
encodeURI encodes a full URL and intentionally leaves reserved characters like / ? # & unencoded because they have structural meaning. encodeURIComponent encodes a single value intended for a query string or path segment and does encode those reserved characters. Use encodeURIComponent for parameter values and individual path segments; use encodeURI only for complete, already-assembled URLs where the structure must be preserved.
Encode or Decode Your URL Now
Free, instant, private. Handles Unicode, query strings, and form data. Nothing leaves your browser — no upload, no account.
Open URL Encoder / Decoder →