What Is URL Encoding? Percent-Encoding Explained Simply

Paste a link with a space in it into a browser and something odd happens: the space turns into %20. That %20 is URL encoding at work, and understanding it clears up a whole category of confusing bugs around links, forms, and APIs. This guide explains what URL encoding is, why it exists, and when you need to encode versus decode, written for developers but approachable for anyone who works with links.

Why URLs need encoding at all

A URL is allowed to contain only a limited set of characters: letters, digits, and a handful of symbols like hyphens, periods, and slashes. Everything else has to be represented some other way.

The trouble is that real data is full of characters outside that set. Spaces, question marks, ampersands, slashes, accented letters, and emoji all appear in the things we want to put into URLs, such as search terms and form values. Many of those characters also have a special structural job inside a URL, so dropping them in raw would confuse whatever is reading the link. URL encoding is the agreed way to carry that data safely.

What percent-encoding does

URL encoding is also called percent-encoding, and the name describes the mechanism exactly.

Any character that is not allowed gets replaced by a percent sign followed by two hexadecimal digits representing that character’s byte value. A space becomes %20. An ampersand becomes %26. A forward slash becomes %2F. A question mark becomes %3F.

So the phrase fish & chips inside a URL becomes fish%20%26%20chips. The data is fully preserved, just written in a form every browser and server agrees how to read. Decoding simply reverses the process, turning each %XX sequence back into the original character.

Where it matters most: query strings

The part of a URL after the ? is the query string, and it is where encoding earns its keep.

A query string is a list of key and value pairs joined by & and =, like this:

?city=New%20York&sort=price

Those & and = characters are structural. They separate one pair from the next and split keys from values. So if a value itself contains an ampersand or an equals sign, it must be encoded, otherwise it would be mistaken for the structure of the query string and the whole thing would be parsed wrongly. Encoding the value keeps the user’s data and the URL’s plumbing from being confused for one another.

When to encode and when to decode

The two directions cover two different moments in a link’s life.

• Encode when you are building a URL from raw values: a search term a user typed, a filename, an email address, anything going into a path segment or a query parameter. Encode it first so special characters cannot break the link.
• Decode when you are reading a URL someone else built: pulling a value out of a query string, inspecting a link from a log, or turning a %20-riddled address back into something human-readable.

A quick rule of thumb: if you are about to put data into a URL, encode it. If you are taking data out of one, decode it.

How it differs from Base64

URL encoding is sometimes confused with Base64, but they solve different problems.

Percent-encoding is built specifically for URLs and only touches the characters that are unsafe in that context, leaving normal letters and digits readable. Base64 instead rewrites all of its input into a compact alphabet of letters, digits, and a couple of symbols, which is meant for moving binary data through text-only channels, not for making a clean URL. The two are not interchangeable: use percent-encoding to make a value URL-safe, and Base64 when you need to represent binary content as plain text.

Encode and decode in your browser

You do not need to look up hex codes by hand. The free URL Encode/Decode tool converts text to percent-encoded form and back with a single click, so you can prepare a query value or read a messy link in seconds.

Because the URL Encode/Decode tool runs entirely in your browser, there is no sign-up and nothing you paste is uploaded anywhere. That makes it safe for links and parameters that might contain sensitive values.

Related tools

Encoding rarely travels alone, so a few neighbors are worth knowing. When you need to carry binary data as text rather than make a URL safe, the Base64 Encode/Decode tool handles that conversion. To protect characters like < and & inside web page content rather than links, the HTML Encode/Decode tool escapes them correctly. And when an API response comes back as a dense string of data, the JSON Formatter makes it readable with proper indentation.

The short version

URL encoding, or percent-encoding, replaces unsafe characters with %XX codes so spaces and special characters cannot break a link, which matters most inside query strings. Encode when building a URL, decode when reading one, and reach for Base64 only when you need binary-as-text instead. When you want it done for you, the URL Encode/Decode tool handles both directions in your browser.