URL Encoder · Decoder · Punycode · Query Parser
Free URL encoder & decoder with encodeURI / encodeURIComponent toggle, recursive decode, RFC 3492 Punycode for IDN domains (xn--), and visual query-string editor. Pure browser, zero tracking.
Pure browser. Zero upload. URLs never leave this tab.
encodeURI vs encodeURIComponent — pick the right one
encodeURI keeps reserved characters like : / ? # & = + intact, which is what you want for whole URLs. encodeURIComponent encodes everything except A-Z a-z 0-9 - _ . ~ ! * ' ( ), which is correct only for a single query value or path segment. RFC 3986 unreserved is the strictest profile and keeps only A-Z a-z 0-9 - _ . ~ — useful when you want guaranteed round-trip across every parser.
Punycode and IDN (xn--)
Domain names are ASCII-only on the wire. Browsers and resolvers convert Unicode hostnames like münchen.de into the ACE form xn--mnchen-3ya.de using the RFC 3492 Bootstring algorithm. This tool implements RFC 3492 from scratch — no third-party Punycode library — and applies it per label, so example.中国 becomes example.xn--fiqs8s.
+ vs %20 in spaces
URLs reserve %20 for spaces; the application/x-www-form-urlencoded format uses +. They are NOT interchangeable: if you pipe a + form-encoded value into a URL parser that expects %20, the + stays literal. The form-mode toggle here handles both directions, and a literal + is correctly escaped to %2B in form mode so round-trip survives.
Recursive decode for nested redirects
Click trackers and OAuth flows often wrap URLs more than once: a literal space becomes %20, then %2520, then %252520. Toggle Recursive decode to peel up to 16 layers. The footer shows how many iterations were needed — if the counter caps at 16 with leftover percent sequences, the input is malformed or a decode loop.
FAQ
- What is the difference between encodeURI and encodeURIComponent?
- encodeURI preserves reserved URL characters (: / ? # & = + etc.) and is designed for whole URLs. encodeURIComponent escapes those characters so it is safe for query values and path segments. If you wrap a full URL with encodeURIComponent you will get a percent-encoded string starting with https%3A%2F%2F — usually a bug.
- Why does my URL contain xn--?
- Domain names on the wire are ASCII only. When a hostname contains non-ASCII characters (Unicode, CJK, accented Latin), it is converted to ACE form using Punycode and prefixed with xn--. xn--mnchen-3ya is München; xn--fiqs8s is 中国.
- When should I use + instead of %20 for spaces?
- Use + only when the target is parsed as application/x-www-form-urlencoded — for example, the body of a classic HTML form POST or jQuery $.param() output. For URL paths and most query strings, use %20. Mixing the two will silently corrupt values.
- Is my data sent to any server?
- No. Every encode, decode, Punycode, and parse step runs entirely in your browser via JavaScript. No network requests are made with your input.
Related Tools
JWT Decoder
Decode JWT tokens to inspect header, payload, and signature. View algorithm, expiry, and issued-at times. Runs entirely in your browser.
Base64
Encode and decode Base64, Base64URL, percent-encoded URLs, and files (image/PDF preview included). UTF-8 safe, runs entirely in your browser.
Hash
Privacy-first hash generator: MD5, SHA-1/256/384/512, SHA-3, Keccak-256, CRC-32 — text and files up to 4 GB, with HMAC, verify, and security badges. Zero upload.