Zutily

URL Encoder / Decoder

Encode or decode URLs and query strings with percent-encoding. Three encoding modes, a visual query string builder, full Unicode support, instant swap — free and 100% private.

Share this tool

100% FreePrivacy FirstInstant ResultsNo Sign-Up
Method:
Raw Text / URL
0 chars

Paste a URL or text to percent-encode it

Encoded Output

Output appears here automatically

How Percent-Encoding Works

Every URL you see in a browser address bar follows the RFC 3986 specification, which defines a strict set of allowed characters. Letters, digits, and a handful of symbols (- _ . ~) are “unreserved” and can appear as-is. Everything else — spaces, ampersands, question marks, Unicode characters, emoji — must be percent-encoded: converted to their UTF-8 byte values and prefixed with %.

For example, a space becomes %20, an ampersand becomes %26, and the emoji ☕ becomes %E2%98%95 (three UTF-8 bytes). Without proper encoding, browsers and servers misinterpret special characters — breaking links, corrupting query parameters, and opening the door to injection vulnerabilities like cross-site scripting (XSS) and HTTP parameter pollution.

Encoding Methods Compared

MethodEncodesPreservesUse When
encodeURIComponentAll except A-Za-z0-9 - _ . ! ~ * ' ( )Nothing elseQuery parameter values, path segments
encodeURISpaces, non-ASCII chars: / ? # [ ] @ ! $ & ' ( ) * + , ; =Full URLs that should remain navigable
Query String (+)Same as encodeURIComponentSpaces encoded as + instead of %20HTML form submissions, legacy APIs

Common mistake: using encodeURI on a query parameter value. Since it preserves & and =, a value like price=10&discount=5 would be interpreted as two separate parameters instead of one value. Always use encodeURIComponent for individual values.

Anatomy of a URL: What Gets Encoded Where

https://api.example.com/users/café?name=José&city=São Paulo#résumé

Protocol

https://

Never encoded

Host / Domain

api.example.com

Punycode for internationalized domains (IDN)

Path Segments

/users/café → /users/caf%C3%A9

Use encodeURIComponent per segment

Query String

?name=Jos%C3%A9&city=S%C3%A3o+Paulo

Encode each key and value separately

Where URL Encoding Is Critical

  • REST API Query Parameters

    API filters, pagination tokens, and search queries must be percent-encoded to prevent parameter injection and ensure servers parse them correctly.

  • OAuth & Redirect URIs

    OAuth 2.0 flows require the redirect_uri to be fully encoded. A single unescaped character can cause authentication failures or open redirect vulnerabilities.

  • UTM Tracking & Analytics

    Marketing UTM parameters (utm_source, utm_campaign) often contain spaces and special characters. Proper encoding ensures analytics platforms attribute traffic accurately.

  • Deep Links & Mobile Apps

    iOS Universal Links and Android App Links pass data through URL parameters. Encoding ensures deep link payloads survive parsing across different OS URL handlers.

  • Webhook Payloads & Callbacks

    Payment gateways (Stripe, PayPal) and notification services send callback URLs with signed query parameters that must be encoded to preserve HMAC integrity.

  • Internationalized URLs (IRIs)

    Non-Latin domain names and paths (Arabic, Chinese, Cyrillic) require proper UTF-8 percent-encoding to conform to RFC 3987 and work across all browsers.

Related Tools You'll Love

Other free, privacy-first utilities from Zutily

Frequently Asked Questions

Quick answers to common questions

1What is URL encoding (percent-encoding)?
URL encoding, also known as percent-encoding, replaces unsafe or reserved characters in a URL with a percent sign (%) followed by two hexadecimal digits. For example, a space becomes %20 and an ampersand (&) becomes %26. This ensures URLs are valid and can be transmitted correctly across the internet.
2What is the difference between encodeURIComponent and encodeURI?
encodeURIComponent encodes ALL special characters including :, /, ?, #, and &. Use it for encoding individual query parameter values. encodeURI encodes spaces and non-ASCII characters but preserves URL structure characters like /, ?, and #. Use it when encoding an entire URL that should remain navigable.
3When should I use the Query (+) encoding method?
The Query encoding method replaces spaces with + instead of %20. This is the standard format used by HTML form submissions (application/x-www-form-urlencoded). Use it when building query strings for web forms or APIs that expect plus-sign space encoding.
4Does URL encoding support Unicode and special characters?
Yes. Our URL encoder fully supports Unicode characters including emoji, accented letters, Chinese, Japanese, Korean, Arabic, and all other scripts. Characters are first encoded as UTF-8 bytes and then percent-encoded, following the RFC 3986 standard.
5Is my data secure when using this URL encoder/decoder?
Absolutely. All encoding and decoding happens entirely in your browser using JavaScript's built-in encodeURIComponent, encodeURI, and their decode counterparts. No data is ever sent to a server, stored, or logged. Your input stays completely private.
6What is a query string and how does the builder help?
A query string is the part of a URL after the ? that contains key-value parameters (e.g., ?name=John&age=25). Our query string builder lets you add, remove, and edit parameters visually, and it auto-generates the properly encoded URL so you don't have to worry about manual encoding.
7Can I parse an existing URL to edit its query parameters?
Yes. In the Query String Builder tab, paste any URL into the 'Parse an existing URL' field and click Parse. The tool will extract the base URL and all query parameters into editable fields, letting you modify and rebuild the URL easily.
8What characters are encoded by URL encoding?
Using encodeURIComponent, all characters except A-Z, a-z, 0-9, -, _, ., !, ~, *, ', (, and ) are encoded. This includes reserved URL characters like ?, &, =, /, #, +, and @, as well as spaces and all non-ASCII characters.
9How do I decode a URL that contains %20 or %3D?
Switch to Decode mode and paste the encoded string. The tool will automatically convert %20 back to a space, %3D back to =, and all other percent-encoded sequences back to their original characters. It supports the full range of UTF-8 encoded characters.
10Is this URL encoder free to use?
Yes, Zutily's URL Encoder / Decoder is 100% free to use with no limits, no signup, and no ads. It runs entirely in your browser for maximum speed and privacy.

Disclaimer

This tool is provided “as is” for informational and utility purposes only. While we strive for accuracy, Zutily makes no warranties regarding the completeness, reliability, or suitability of the output for any specific purpose. All processing is stateless — we do not store, log, or share any data you enter. Use the results at your own discretion. For security-critical applications, always verify outputs independently.

Found this tool helpful?

Share it with your friends and colleagues