Decode percent-encoded URLs back to readable text. Converts %20 to spaces, %3A to colons, and more. Essential for debugging URLs, APIs, and query parameters.
%20, %3D, %26 sequences, or just a single encoded value.:, /, ?, and # so the link structure stays intact. Switch to URL Query Decode for single parameter values where every %XX (and + for space) should be converted.%2520 instead of %20) become visible — paste the result back into Input and decode again to fully resolve them.URL encoding — formally called percent-encoding in RFC 3986 — represents characters outside the URI "unreserved" set as a % followed by two hexadecimal digits. Space becomes %20, the at-sign becomes %40, and a non-ASCII character is first encoded to UTF-8 bytes and then each byte is percent-encoded (so € becomes %E2%82%AC).
Decoding is the reverse: scan the string, replace every %XX triplet with the byte it represents, then interpret the result as UTF-8 text. You decode URLs when you need to read what a tracking link actually points to, debug an API response, recover a filename from a Content-Disposition header, or pull a redirect destination out of a query parameter.
utm_source%3Dnewsletter%26utm_medium%3Demail; decoding turns that into utm_source=newsletter&utm_medium=email so you can audit the tracking.redirect_uri, next, or url parameter. Decoding shows where the link actually goes.Content-Disposition headers use percent-encoded UTF-8 filenames; decoding restores accented characters and spaces.mailto: and OAuth links — mailto: URLs encode the subject and body as ?subject=Hello%20World&body=Line%201%0ALine%202. OAuth consent URLs encode scopes and callback URIs the same way.| Category | Characters | Encoding behavior |
|---|---|---|
| Unreserved | A-Z a-z 0-9 - . _ ~ |
Never percent-encoded |
| Reserved — gen-delims | : / ? # [ ] @ |
Encoded inside components, kept literal as structural delimiters |
| Reserved — sub-delims | ! $ & ' ( ) * + , ; = |
Encoded inside parameter values that would otherwise collide with the syntax |
| "Unsafe" outside the spec | space, ", <, >, {, }, |, \, ^, backtick |
Always percent-encoded; never legal in a raw URI |
| Non-ASCII | €, £, ü, emoji, CJK, etc. |
Encoded as UTF-8 byte sequence, each byte as %XX |
| Character | Encoded | Where you see it |
|---|---|---|
| (space) | %20 |
Filenames, query strings, mailto bodies |
" |
%22 |
JSON values stuffed into URLs |
# |
%23 |
Color codes (%23ff0000), hashtags |
% |
%25 |
The encoding of the percent sign itself (double-encoding clue) |
& |
%26 |
Inside a single parameter value |
+ |
%2B |
Literal plus in an email (alice%[email protected]) |
/ |
%2F |
Path segments stuffed into one parameter |
: |
%3A |
URLs nested inside parameters (https%3A//...) |
= |
%3D |
UTM and tracking values |
? |
%3F |
Encoded query strings nested in redirects |
@ |
%40 |
Email addresses in mailto: and SSO callbacks |
€ |
%E2%82%AC |
UTF-8 three-byte sequence |
| Mode | What it does | Use it when… |
|---|---|---|
| URL Decode (Default) | Mirrors JavaScript's decodeURI() — decodes most %XX sequences but leaves URI structural delimiters (:, /, ?, #, @, &, =, +) intact |
You pasted a whole URL and want it readable without breaking its structure |
| URL Query Decode | Mirrors decodeURIComponent() plus the +-as-space convention from application/x-www-form-urlencoded |
You pasted a single parameter value, a form field, or anything where + means space |
Need to go the other way or work with adjacent formats? Try URL Encoder for the reverse operation, HTML Entity Decoder for & and ' style escapes, Base64 Decoder for tokens and data URIs, or JWT Decoder to inspect signed JSON Web Tokens.
%2520 give me %20 instead of a space?Because the URL was double-encoded. The original space ( ) was encoded once to %20, then the % in %20 was encoded again to %25, producing %2520. Decode the output a second time to recover the literal space. Double-encoding usually happens when a system blindly re-encodes a URL that was already encoded — common in redirect chains.
decodeURI and decodeURIComponent?decodeURI() is designed for full URLs and intentionally leaves URI delimiters (:, /, ?, #, @, &, =, +, $, ,) percent-encoded so the link structure isn't destroyed. decodeURIComponent() decodes every %XX sequence, including those delimiters — use it for individual parameter values. XConvert's URL Decode (Default) matches decodeURI behavior; URL Query Decode matches decodeURIComponent.
+ in a query string become a space when I decode?Only inside application/x-www-form-urlencoded payloads — i.e., HTML form submissions and most query strings. RFC 3986 itself treats + as a literal reserved character; the +-as-space convention comes from the older HTML spec. Browsers' decodeURIComponent() does not convert + to space automatically, which is why XConvert's URL Query Decode mode does it for you.
€, ü, or emoji?RFC 3986 specifies UTF-8 as the encoding for non-ASCII characters in modern URIs. The character is first encoded to its UTF-8 byte sequence, then each byte is percent-encoded. € is three UTF-8 bytes (0xE2 0x82 0xAC), so it appears in URLs as %E2%82%AC. The decoder reassembles those bytes back into the original character.
mailto: link?Yes. A link like mailto:[email protected]?subject=Q4%20review&body=Hi%20Alice%2C%0ASee%20attached decodes to a readable subject (Q4 review) and body (Hi Alice,\nSee attached). %0A is the line feed character that creates a new line inside the email body.
For ASCII text, yes — encode-then-decode is a round trip. For binary data or invalid UTF-8 byte sequences, the result depends on the decoder. XConvert decodes as UTF-8 and replaces invalid byte sequences with the Unicode replacement character (�), so you'll see something visibly broken rather than silent corruption.
Some encoders are over-aggressive and percent-encode unreserved characters like -, ., _, and ~. RFC 3986 says these should never be encoded, but the result is still a valid URL because percent-encoded unreserved characters decode back to themselves. Run them through the decoder and they normalize.
No. The decoder runs entirely in your browser using client-side JavaScript — the percent-encoded string never leaves your device. That matters when you're decoding URLs from production logs that might contain session tokens, OAuth codes, or other sensitive parameters.
Yes. Paste a list of encoded URLs (one per line or pasted as a block) and the entire input is decoded in one pass. For batch processing of structured data, decode each value individually with URL Query Decode so you don't accidentally collapse delimiters.