100% browser-based · RFC 3986 · UTF-8 safe

URL Decoder

URL decoder for the browser. Decode percent-encoded text back to characters. UTF-8 safe; tolerates form-style + for spaces and multi-pass double-encoded input.

URL-encoded

Plain text

Decode options

Decode + as spaceForm-style decoding (application/x-www-form-urlencoded) Multi-pass decodeRe-decode until no more percent-encoded characters remain Auto-decodeRe-run on every input change

Reverse (Text → URL)

Input size

0 B

Output size

0 B

Ratio

—

Status

Ready

Example

Percent-encoded in, plain text out

Percent encoding replaces unsafe characters with %XX hex escapes. Decoding reverses that, restoring the original characters byte-for-byte (UTF-8 aware).

URL-encoded

Hello%2C%20world%21

Plain text

Hello, world!

Use cases

What you'll use this for

URL decoding turns wire-format percent escapes back into human-readable text — essential for debugging requests, reading logs, and inspecting form payloads.

Reading query strings

Decode the value side of a query string.

Server-side debug

See what the client actually sent.

Log parsing

Decode percent-encoded URLs in logs.

Form data inspection

Decode application/x-www-form-urlencoded payloads.

Step by step

How to URL-decode text

Paste your URL-encoded text

Drop the percent-encoded string into the left editor. Whole URLs, query strings, or just a single value all work.

Enable multi-pass (optional)

If the input looks doubly encoded (e.g. %2520 instead of %20), enable multi-pass to re-decode until it stabilises.

Click Decode

Or leave auto-decode on for live updates. Runs entirely in your browser — no upload.

Copy or download

Copy to clipboard or save as .txt. Round-trip through URL Encode to verify.

FAQ

Frequently asked questions

What is percent encoding?

Each special byte is encoded as %XX, where XX is its hex value. UTF-8 multi-byte characters become multiple %XX groups.

Does + decode to space?

Toggleable. Form data uses +; URL paths use %20.

Is it free?

Yes.

What's multi-pass?

Some inputs are doubly or triply encoded (e.g. %2520 = encoded %20). Multi-pass re-decodes until stable.

Reverse?

URL Encode.

About

About URL decoding

Percent encoding (RFC 3986) is the URL-safe transport format for characters that can't appear literally in a URI — spaces, ?, &, /, non-ASCII bytes, and so on. Each forbidden byte is replaced with %XX where XX is its two-digit hex value. Decoding reverses that: this tool calls native decodeURIComponent on your input, optionally first converting + back to a literal space (the form-encoding convention).

How decoding works

Scan the input for %XX triplets and replace each with the byte it represents.
Consecutive triplets that form a UTF-8 multi-byte sequence become a single Unicode character.
With Decode + as space enabled, every literal + is first replaced with a space, matching application/x-www-form-urlencoded.

Double-encoding and why multi-pass helps

Single-encoded — %20 decodes to a space. One pass is enough.
Double-encoded — %2520 first decodes to %20, then to a space. This happens when an already-encoded URL is fed through an encoder again (e.g. forwarded across proxies, embedded in another query string).
Multi-pass repeats decoding until the output stops changing or no %XX sequences remain — useful for triple-encoded log data or chained redirects.

When to use which mode

URL paths and components — leave + as space off; + is a literal plus there.
Form bodies / query strings — turn + as space on; that's how browsers submit forms.
Suspicious or layered input — turn on multi-pass to peel back nested encodings.