JWT Decoder / Encoder
Decode payloads, verify signatures, test secrets, and generate JWT tokens.
Encode special characters in URLs or decode encoded URLs instantly.
Encoding Mode
Input
Output
Characters that remain un-encoded per mode
| Mode | Safe characters (not encoded) |
|---|---|
| encodeURIComponent | A-Z a-z 0-9 - _ . ! ~ * ' ( ) |
| encodeURI | A-Z a-z 0-9 ; , / ? : @ & = + $ - _ . ! ~ * ' ( ) # |
| Form encoding | A-Z a-z 0-9 - _ . ! ~ * ' ( ) (spaces become +) |
URL encoding (also called percent-encoding) replaces characters that are not allowed in a URI with a percent sign followed by their hexadecimal byte value. For example, a space becomes %20 and an ampersand becomes %26. This ensures that query parameters, path segments, and fragment identifiers are transmitted without ambiguity across browsers and servers.
encodeURIComponent encodes everything except unreserved characters and is the right choice for individual query-string values or path segments. encodeURI leaves URI-structural characters like /, ?, and # intact, making it suitable for encoding a full URL while preserving its structure. Form encoding follows the application/x-www-form-urlencoded specification used by HTML forms, where spaces are replaced with + instead of %20.
application/x-www-form-urlencoded POST bodiesAll encoding and decoding happens entirely in your browser. No data is sent to any server, so you can safely work with tokens, secrets, and personally identifiable information without risk of interception.
encodeURI encodes a full URL but preserves characters that have meaning in URLs (: / ? # @ etc.). encodeURIComponent encodes everything except letters, digits, and - _ . ~. Use encodeURIComponent for query parameter values.
Characters outside the unreserved set (A-Z, a-z, 0-9, -, _, ., ~) should be percent-encoded. Common examples: space becomes %20, & becomes %26, = becomes %3D, and + becomes %2B.
Form encoding is used in HTML form submissions. It is similar to encodeURIComponent but also replaces spaces with + instead of %20. This format is used for POST request bodies and query strings.
Double encoding occurs when already-encoded text is encoded again (e.g. %20 becomes %2520). Only encode raw values once. If you see %25 in your URL, you likely have double-encoded content.
In form encoding (application/x-www-form-urlencoded), spaces are encoded as +. In general percent-encoding (RFC 3986), spaces are encoded as %20. Both are valid in different contexts.
Free URL Encoder & Decoder Online — encodeURI vs encodeURIComponent is completely free and runs in your browser.
No. Free URL Encoder & Decoder Online — encodeURI vs encodeURIComponent processes input directly in your browser.
No account is required to use Free URL Encoder & Decoder Online — encodeURI vs encodeURIComponent.
Privacy-first by design
Tool inputs are processed in your browser. Review the Privacy Policy and Terms for full details.
Decode payloads, verify signatures, test secrets, and generate JWT tokens.
Encode and decode Base64 strings instantly.
Escape or unescape HTML entities for safe embedding.
Format, validate, and beautify JSON instantly.