What Is URL Encoding?
URL encoding (also called percent-encoding) is a method of converting characters that are not safe for use in URLs into a format that is. It replaces unsafe characters with a % sign followed by two hexadecimal digits representing the character's ASCII or UTF-8 byte value.
For example, a space becomes %20, the @ symbol becomes %40, and the / character (when used as data, not a path separator) becomes %2F.
Why URL Encoding Is Necessary
URLs can only contain a limited set of characters: letters (A–Z, a–z), digits (0–9), and a handful of special characters (-, _, ., ~). Everything else has either a reserved meaning in URL syntax or is not permitted.
- Reserved characters (
?,&,=,/,#) have special meaning in URL structure. Using them as literal data would break URL parsing. - Unsafe characters (spaces, quotes, angle brackets) can cause issues in browsers, proxies, and servers.
- Non-ASCII characters (accented letters, emoji, Chinese characters) are not valid in URLs — they must be UTF-8 encoded and then percent-encoded.
The Percent-Encoding Rules
The encoding process:
- If the character is unreserved (A–Z, a–z, 0–9,
-,_,.,~), leave it as-is - If the character is a reserved character being used as a literal value (not as a separator), encode it
- For all other characters: convert to UTF-8 bytes, then encode each byte as
%XXwhere XX is the hex value
Common Encoded Characters
| Character | Encoded | Common use case |
|---|---|---|
| Space | %20 (or + in form data) |
Search queries, file names |
& |
%26 |
Literal ampersand in query string values |
= |
%3D |
Literal equals sign in values |
+ |
%2B |
Literal plus in values (since + means space in form encoding) |
/ |
%2F |
Slash in path values (like base64url) |
@ |
%40 |
Email addresses in URLs |
# |
%23 |
Literal hash (not a fragment identifier) |
? |
%3F |
Literal question mark in values |
| é (UTF-8: 0xC3 0xA9) | %C3%A9 |
Accented characters |
URL Encoding vs Form Encoding
There are two common encoding schemes that are often confused:
- Percent-encoding (RFC 3986): The standard URL encoding. Spaces become
%20. - application/x-www-form-urlencoded: Used in HTML form submissions. Spaces become
+, and+becomes%2B. This is what browsers use forGETandPOSTform data.
If you're building APIs that accept URLs in query strings, this distinction matters a + in a form submission, means space, but a + In a raw URL means a literal plus character.
Encoding in Different Languages
| Language | Function | Notes |
|---|---|---|
| JavaScript | encodeURIComponent(str) |
Encodes everything except unreserved chars. Use for query string values. |
| JavaScript | encodeURI(str) |
Encodes only unsafe chars, preserves URL structure. Use for full URLs. |
| Python | urllib.parse.quote(str) |
Standard encoding. Use quote_plus() for form encoding. |
| PHP | urlencode($str) |
Form encoding (space → +). Use rawurlencode() for RFC 3986. |
| Go | url.QueryEscape(str) |
Form encoding. Use url.PathEscape() for path segments. |
Real-World Examples
Search Query
Original: how does 2FA work?
Encoded: how%20does%202FA%20work%3F
URL: https://example.com/search?q=how%20does%202FA%20work%3FEmail in a URL Parameter
Original: alice@example.com
Encoded: alice%40example.com
URL: https://example.com/users?email=alice%40example.com2FA otpauth URI
Original: otpauth://totp/My Service:alice@example.com?...
The account name "alice@example.com" must be encoded:
Encoded: otpauth://totp/My%20Service%3Aalice%40example.com?...Encode and Decode URLs Instantly
Use our free URL Encoder/Decoder to percent-encode or decode any string instantly in your browser — no data is sent to any server.
Frequently Asked Questions
What's the difference between encodeURI and encodeURIComponent in JavaScript?
encodeURI() is for encoding a complete URL it leaves characters like /, ?, &, # alone because they're structural. encodeURIComponent() encodes everything that isn't an unreserved character, making it suitable for encoding individual query string values.
Should I encode the entire URL or just the parameters?
Only encode parameter values (query string values and path segments that contain special characters). Encoding the entire URL would break its structure. When building URLs programmatically, encode each parameter value and encodeURIComponent() then assemble them with & separators.
What is double-encoding?
Double-encoding happens when a URL is encoded twice: %20 becomes %2520 (the % itself gets encoded to %25). This usually causes bugs, URLs don't decode properly. Check your code for places where encoding is applied more than once.
