What Is URL Encoding?

Quick Answer

URL encoding (also called percent encoding, URI encoding, or uri encode) converts characters that would break a URL into a safe %XX format. Spaces, ampersands, angle brackets, and other special characters each get replaced with a percent sign followed by their hexadecimal byte value.

To url decode a string, paste it and the tool replaces each %XX sequence with the original character. This is a two-way tool: you can encode and url decode in the same place.

If you need to encode or decode a URL component right now, use the tool directly.

What Is URL Encoding?

URLs have structure. A slash separates path segments. A question mark separates the path from the query string. An ampersand separates query parameters from each other. An equals sign separates a key from its value.

The moment your data contains any of those characters, the URL parser faces an ambiguity. Say you want to pass the search query rock & roll as a parameter. An unencoded URL looks like this:

?q=rock & roll

The parser sees & and thinks a new parameter is starting. Your query gets split into q=rock and a stray roll parameter that the server never requested.

URL encoding fixes this by replacing every unsafe character with a percent sign followed by the character's byte value in hexadecimal. A space becomes %20. An ampersand becomes %26. A colon becomes %3A. The encoded version looks like this:

?q=rock%20%26%20roll

No ambiguity. The parser sees one parameter. The server decodes it back to rock & roll before your code reads it.

Why It Matters

Unencoded characters in URLs cause silent data loss. A space in a query value might be stripped or interpreted as a separator. An ampersand ends one parameter and starts another. A hash character jumps to a page fragment. The browser or server never receives the data you intended to send.

URL encoding is not optional: RFC 3986 requires that any character outside the defined "unreserved" set must be percent-encoded when used as data. Applications that skip encoding work by accident on simple inputs and fail unpredictably on any input containing special characters.

How It Works

Each encoded character maps to its UTF-8 byte sequence, written in hex. For ASCII characters the mapping is direct: a space is Unicode code point U+0020, which is the single byte 0x20, so it encodes as %20. A forward slash is U+002F → %2F.

Non-ASCII characters require more bytes. The accented letter é (U+00E9) takes two bytes in UTF-8: 0xC3 and 0xA9. Both bytes get encoded, giving %C3%A9. An emoji like 🚀 (U+1F680) takes four bytes and becomes %F0%9F%9A%80.

The safe characters (the letters A–Z and a–z, the digits 0–9, and - _ . ! ~ * ' ( )) are left as-is. Everything else gets encoded.

Spaces are a special case. In query strings sent by HTML forms, they can be encoded as either %20 or +. The + shorthand comes from older form encoding specs and only applies in that specific context. Outside of form data, a + is a literal plus sign, not a space.

When to Use URL Encoding

URL encoding appears anywhere data travels through a URL. For example:

• Search queries, A search term like C# async/await encodes to C%23%20async%2Fawait so the # and / don't fragment the URL.
• Email addresses as parameters: user@example.com becomes user%40example.com. The @ sign has structural meaning in URLs (it separates credentials from the host), so it must be encoded in data.
• OAuth redirect URIs: A redirect URL embedded as a query parameter must be fully encoded, since it contains its own ://, /, and ?.
• File paths with spaces: A filename like my document.pdf becomes my%20document.pdf in a URL path.
• API tokens and keys: Keys often contain +, =, or / (especially Base64-encoded ones). Encoding them prevents those characters from being misread as URL syntax.
• Internationalized content: A URL like /products/café encodes the é as /products/caf%C3%A9 for safe transmission.

Common Mistakes

Related Tools

• Base64 Encoder & Decoder: Encode binary data for transmission through text channels.
• HTML Entity Encoder & Decoder: Escape reserved characters for safe use inside HTML.