A URL cannot contain every character as plain text. Learn what percent-encoding is, why a space becomes %20, and when to use a URL encoder.
If you have ever copied a link and noticed characters such as %20, %C4%8D or %3F, you have seen URL encoding. It looks strange, but it is not an error. It is a way to write special characters safely inside URLs.
The best-known example is a space. In normal text, you simply type it. In a URL, however, a space should not be written as a plain space, so it often becomes:
%20
Quick link check
Encode or decode a URL in seconds
Paste text, a parameter value, or part of a link and instantly see the safe URL form and the readable version.
Why a URL cannot contain everything
A URL has its own structure. For example:
https://example.com/search?q=lorem+ipsum&page=2
Some characters have a special meaning in a URL:
?separates the page address from query parameters,&separates individual parameters,=separates a parameter name from its value,#marks a page fragment,/separates path segments,%starts an encoded character.
If you want to use one of these characters as ordinary text inside a parameter value, you need to encode it. Otherwise, the browser or server may understand the URL differently than you intended.
Example:
/search?q=coffee & tea
This is a problem because & can be treated as the separator for another parameter. The correctly encoded value looks like this:
/search?q=coffee%20%26%20tea
Here %20 means a space and %26 means the & character.
What %20 actually means
URL encoding is also called percent-encoding. It works by replacing a character with a percent sign and a hexadecimal code.
A space has the ASCII value 32. In hexadecimal, that is 20, so a space in a URL is written as:
%20
It is not a random shortcut. It is a technical representation of a character that browsers, servers and programming languages understand.
Why you sometimes see a plus sign instead of %20
You may have noticed that some URLs use + instead of %20 for a space:
q=lorem+ipsum
This is common in query strings with form encoding (application/x-www-form-urlencoded). You will often see it in search URLs or submitted forms.
The difference matters:
- in a URL path, a space is usually encoded as
%20, - in query parameters using form encoding,
+may be used for a space, - if you want to write an actual plus sign as a value, it should be encoded as
%2B.
Example:
text=C%2B%2B
This means C++. If you write only C++ without proper encoding, some systems may understand the plus signs as spaces.
Accented and non-ASCII characters in URLs
URL encoding is not only about spaces. It also handles accented characters and characters outside the basic English alphabet.
For example, the Slovak letter č is stored as two bytes in UTF-8 and may look like this in a URL:
%C4%8D
The full text:
káva s mliekom
can be encoded in a URL as:
k%C3%A1va%20s%20mliekom
Modern browsers often display URLs in a more readable form, but under the surface they still send a safe encoded version with the request.
When you need URL encoding
In query parameters
The most common place is a URL parameter:
/search?q=slovak text
A safer version:
/search?q=slovak%20text
If you build a parameter in JavaScript, the parameter value should usually be encoded with encodeURIComponent.
In API requests
API endpoints often accept values in the URL. If you send text with spaces, accented characters or characters such as &, = or ?, the result may be invalid or processed incorrectly.
Typical example:
/api/search?query=name=John & status=new
The parameter value should be encoded:
/api/search?query=name%3DJohn%20%26%20status%3Dnew
In UTM parameters
UTM parameters are often copied into campaigns, emails and ad systems. If the campaign name contains a space or accented character, it is better to encode it.
Instead of:
utm_campaign=Spring campaign 2026
use:
utm_campaign=Spring%20campaign%202026
When debugging broken links
If a link stops working after you add text, a parameter or a file name, the problem is often an unencoded character.
The usual suspects are:
- spaces,
- accented or non-ASCII characters,
&,=,?,#,%,- plus sign
+.
In that situation, use the URL encoder and decoder. Paste the text, encode it, and you immediately see the safe form.
Do not always encode the whole URL
This is a common mistake. If you have the full address:
https://example.com/search?q=coffee
and encode the whole thing, you get:
https%3A%2F%2Fexample.com%2Fsearch%3Fq%3Dcoffee
That is no longer a normal clickable URL. It is the encoded text of the entire URL.
In practice, you usually do not encode the whole address. You encode only the parameter value.
Example:
const query = encodeURIComponent('coffee & tea');
const url = `/search?q=${query}`;
Result:
/search?q=coffee%20%26%20tea
Quick link check
Encode or decode a URL in seconds
Paste text, a parameter value, or part of a link and instantly see the safe URL form and the readable version.
URL encoding and security
URL encoding is not encryption. Encoded text is not secret.
For example:
password%3Dtest123
can easily be decoded back to:
password=test123
URL encoding only makes sure that characters are transferred and interpreted correctly in an address. It is not meant to hide sensitive data. Passwords, tokens and personal data should not be sent in URLs unless it is truly necessary.
How to encode or decode a URL
The simplest option is to use the URL encoder and decoder:
- Paste text or part of a URL.
- Click Encode if you want a safe URL form.
- Click Decode if you want to see what encoded text means.
- Copy the result.
It is useful for APIs, campaigns, forms, webhooks and ordinary link debugging.
FAQ
Is %20 the same as a space?
Yes. In URL notation, %20 represents a space. A browser or server can translate it back to a normal space while processing the URL.
Is a plus sign the same as a space?
Not always. In a query string using form encoding, + is often used as a space. But if you want to write an actual plus sign, it is safer to use %2B.
Why do accented characters become several characters?
Because characters such as á, č or ň are stored using multiple bytes in UTF-8. Each byte is then written in the URL as its own percent code.
Is URL encoding encryption?
No. It is only technical character encoding. Anyone can decode it back, so do not use it to hide sensitive information.
