URL percent-decoding (also called URI decoding) converts the %XX escape sequences found in web addresses back into the characters they represent. This tool decodes any percent-encoded string, handles multi-byte UTF-8 correctly, and can also encode plain text in reverse — all in your browser.
How it works
Percent-encoding replaces a byte with a percent sign followed by that byte’s value in two hexadecimal digits. For example a space (ASCII 32, hex 20) becomes %20, and an ampersand (ASCII 38, hex 26) becomes %26. Characters outside the ASCII range are first turned into their UTF-8 byte sequence and then each byte is encoded — so é, whose UTF-8 bytes are 0xC3 0xA9, is written as %C3%A9.
Decoding reverses this: every %XX group is read as one byte, the resulting byte stream is interpreted as UTF-8, and the original text is reconstructed. The tool uses the browser’s native decodeURIComponent, which throws a clear error if a percent sign is not followed by two valid hex digits or if the bytes are not legal UTF-8.
Plus signs and spaces
In application/x-www-form-urlencoded data — the format used by HTML form submissions and many query strings — spaces are written as a plus sign rather than %20. Strict URI decoding leaves + untouched, so enable the plus-as-space option when working with form or query-string values to get the expected result.
Example
The encoded query value caf%C3%A9%20%26%20tea decodes to café & tea. Here %C3%A9 is the UTF-8 for é, each %20 is a space, and %26 is the ampersand. Everything is computed locally and nothing is transmitted to any server.
Common situations where you need this tool
Reading a server log. Access logs store request paths in their encoded form. A path like /search?q=new%20york%20caf%C3%A9s is hard to read at a glance; paste it here to see new york cafés immediately.
Debugging a redirect loop. URLs that get re-encoded at every redirect can become deeply nested: %2520 is a double-encoded space (%25 decodes to %, then 20 decodes to a space). Decoding reveals whether your redirect chain is escaping twice.
Inspecting OAuth or SSO tokens. Authorization callbacks carry encoded state parameters and redirect URIs. Decoding lets you verify the return URL or state token before handing it to your auth library.
Understanding a scraped URL. When you copy a URL from a browser address bar, the browser may display a human-readable version while the underlying href is still percent-encoded. This tool shows both sides.
Common encoding values to recognise
| Encoded | Decoded | Why it appears |
|---|---|---|
%20 | space | most common; also + in form data |
%2F | / | slash — separates path segments |
%3A | : | colon — separates scheme from host |
%3F | ? | question mark — starts query string |
%26 | & | ampersand — separates query parameters |
%3D | = | equals — separates key from value |
%40 | @ | at sign — appears in email addresses in URIs |
%23 | # | hash — starts a fragment |
%25 | % | literal percent — must be escaped or it breaks parsing |