Percent-encode and decode URLs and URL components, UTF-8 safe.
How to use the URL Encoder
Paste your text or URL.
Choose encode or decode, and component or full-URL scope.
Copy the result.
URLs are only allowed to contain a limited set of characters, so anything outside that set, spaces, accented letters, and reserved symbols like & ? / =, has to be escaped. Percent-encoding replaces each such byte with a percent sign and its two-digit hexadecimal value, so a space becomes %20 and an ampersand becomes %26.
This tool encodes text and URLs to percent-encoded form and decodes them back. It is built on the browser's standard encodeURIComponent and encodeURI functions, so the output matches exactly what your own JavaScript would produce, and it is UTF-8 safe for international text.
Encoding and decoding run entirely in your browser, so nothing you paste is sent to a server, which is reassuring when a URL contains tokens or query parameters you would rather not share.
The scope toggle matters. Component mode (encodeURIComponent) escapes reserved characters like & = ? / and is what you want for a single query-string value or path segment. Full-URL mode (encodeURI) leaves the structural characters intact so a complete URL stays usable.
A common mistake is encoding an entire URL with component mode, which escapes the :// and ? and breaks the link. Another is double-encoding, where an already-encoded string is encoded again and %20 turns into %2520. When in doubt, decode first to see the raw value.
There is also a historical quirk in query strings: form submissions encode a space as a plus sign, while percent-encoding uses %20. Both are seen in the wild, so decoders generally accept either.
Frequently asked questions
Component (encodeURIComponent) escapes reserved characters like & = ? / for a single query value or path segment. Full URL (encodeURI) preserves the URL structure so a whole link stays valid.
Malformed percent-sequences, such as a lone % or an incomplete %2, cannot be decoded. Check the input or re-encode it first.
It is the mechanism URLs use to represent characters that are not allowed directly: each byte is written as a percent sign followed by two hexadecimal digits, based on its UTF-8 value.
Whenever you are inserting a value into a URL, such as a search term in a query string or a name in a path. It escapes the separators that would otherwise change the URL's meaning.
Form submissions (application/x-www-form-urlencoded) encode spaces as +, while standard percent-encoding uses %20. Decoders usually accept both.
No. Encoding and decoding happen in your browser, so the text and URLs you paste never leave your device.
Embed this tool
Add this tool to your own website. Copy the snippet below; it stays up to date automatically.
<iframe src="https://monu.tools/embed/en/url-encoder" width="100%" height="640" style="border:1px solid #e5e5e5;border-radius:12px;max-width:680px" loading="lazy" title="Monu Tools"></iframe>Learn more
URL Encoding Explained: When and Why to Percent-Encode
Why URLs use %20 and other percent codes, which characters are safe, and when to reach for encodeURIComponent instead of encodeURI.
Base64 Explained: Why Encoding Is Not Encryption
What Base64 actually does, why it makes data about a third larger, when to use it, and why it protects nothing on its own.
How to Read a JWT, and Why Decoding Is Not Verifying
A JWT is three Base64url parts anyone can read. Learn how to decode one, what each part means, and why decoding proves nothing.
Hashing vs Encryption: What a Hash Can and Cannot Do
Hashing is one-way and keyless; encryption is two-way and needs a key. Learn the difference, why you cannot decrypt a hash, and when to use each.
How Webhook Signatures Work: HMAC, Shared Secrets, and Timing-Safe Checks
How Stripe and GitHub prove a webhook is genuine using HMAC and a shared secret, and the timing-safe comparison most developers get wrong.
How Passwords Should Be Stored: Salting, bcrypt, and Why Not SHA-256
Why a fast hash like SHA-256 is wrong for passwords, what a salt does, and why bcrypt, scrypt, and Argon2 are the right tools.
Related tools
Encode text to Base64 or decode Base64 back to text. UTF-8 safe with automatic direction detection.
Decode a JSON Web Token to inspect its header and payload, with human-readable expiry and issue times. Runs entirely in your browser; tokens are never uploaded.
Generate SHA-1, SHA-256, SHA-384 and SHA-512 hashes of any text, right in your browser.
Generate an HMAC for a message and secret key using SHA-1, SHA-256, SHA-384 or SHA-512, in your browser.