ToolJutsu
All tools
Developer Tools

URL Decoder

Decode percent-encoded URLs and query strings.

Paste a percent-encoded URL or query string below to decode it. For the encode direction or to do both in one place, use the full URL Encoder & Decoder.

Scope

Component decodes every percent-escape, including reserved URL structural characters — use it for a single query value or path segment.
Processed on your device. We never see your files.

How to use URL Decoder

What is URL encoding?

URL encoding (also called percent-encoding) is the mechanism that lets URLs carry characters that would otherwise have a special meaning or be illegal in a URL. Every “unsafe” character is replaced with a percent sign followed by two hex digits representing the character’s byte value — so a space becomes %20, a / becomes %2F, a ? becomes %3F, and an emoji or non-Latin letter becomes a sequence of two or three percent-escaped bytes (the UTF-8 encoding of the character). The system is defined in RFC 3986 and every web browser, server and HTTP client implements it the same way.

Why decode URL-encoded strings?

You see percent-encoding in three places more than anywhere else:

  • Server logs and analytics dumps. Web server access logs record the URL as the client sent it, which means every query parameter, every search term, every path segment with a space or non-ASCII character shows up percent-encoded. Decoding turns /search?q=hello%20world%20%E2%98%95 into the readable /search?q=hello world ☕.
  • API debugging. When you copy a request URL out of a browser’s network panel or a tool like Postman, query parameters and path segments are typically encoded. Decoding lets you confirm the client is sending exactly the value you expect — especially important when the value contains spaces, JSON, or international characters.
  • Email-tracking and redirect URLs. Marketing emails wrap destination URLs in tracker links where the original URL is percent-encoded as a query parameter. Decoding shows you where the link actually goes — useful for sanity-checking links you’re about to share, or for understanding a phishing email’s structure.

In every case the workflow is the same: paste, pick the right mode, read.

How to decode URLs on ToolJutsu

  1. Paste your encoded URL or query string into the input box.
  2. Pick a mode. Component (the default) decodes every percent escape — use it for query-string values, form fields, or any single component you’ve pulled out of a larger URL. Full URL preserves the URL’s structural characters — use it when you’ve pasted a whole URL and want it to stay valid.
  3. Read the result in the Decoded box. The output updates live as you type or paste; there’s no Convert button.
  4. Click the Copy button to put the decoded text on your clipboard.
  5. If the input has a malformed percent escape (a % not followed by two hex digits, for example), you’ll see an error that points at the offending sequence.

Common scenarios

When you’re debugging an API call and want to see what value a client actually sent, paste the encoded value into Component mode. That’s the right mode for any single query-string value — even one that itself looks like a URL.

When you’ve copied a full URL out of a chat message or a redirect-tracker link and want to read it without breaking it, use Full URL mode. Structural characters stay encoded so the URL remains syntactically valid; everything else (including spaces inside path segments and query values) becomes human-readable.

When the URL contains non-ASCII characters (emoji, Cyrillic, Chinese, Arabic), the decoder handles them correctly — multi-byte UTF-8 sequences are reassembled into the original character. Most modern URLs use this encoding (the %E2%98%95 you saw above is ).

When you need to encode rather than decode — say you’re constructing a URL and need a value escaped — use the sibling URL Encoder. The two together let you round-trip exactly.

Privacy

The decoder reads your input from the textarea and hands it to the browser’s built-in decodeURIComponent or decodeURI function, depending on the mode. Both run synchronously in JavaScript on your device. The page makes no network requests after the initial JavaScript loads, so neither ToolJutsu nor anyone else sees the URLs or query strings you paste — including any tokens, session IDs or sensitive parameters they might contain.

Compatibility notes

decodeURIComponent and decodeURI are part of the ECMAScript standard and have shipped in every browser since the early 2000s, so the decoder works in every modern desktop and mobile browser without polyfills. The same two functions are available in every JavaScript runtime (Node.js, Deno, Bun, browser workers) if you’d rather decode programmatically; the behaviour is identical to what you see here.

Frequently asked questions

What's the difference between Component mode and Full URL mode?
Component mode uses decodeURIComponent and decodes every %XX sequence it finds — including ones that represent structural characters like :, /, ?, & and #. Use it when you're decoding a query-string value, a form field, or a path segment that you've copied out of a larger URL. Full URL mode uses decodeURI and decodes only the characters that aren't reserved for URL structure — so %3A (a colon) stays as %3A if it appears where a colon would change the URL's meaning. Use it when you've got a whole URL and want to make it human-readable without breaking it.
What happens if the input has malformed percent-escapes?
The decoder shows a friendly error pointing at the bad sequence. The most common cause is a stray % that isn't followed by two hex digits — for example %2 or 100% complete pasted in by accident. Fix the percent sign (escape it as %25 if it's a literal percent character in the original data) and the decode runs cleanly. The decoder never silently swallows malformed input; it tells you exactly what's wrong.
Which characters actually get decoded?
In Component mode, every percent-encoded byte becomes its corresponding character — so %20 becomes a space, %2F becomes /, %3F becomes ?, %E2%9C%93 becomes a check mark, and so on. Multi-byte UTF-8 characters (emoji, non-Latin scripts) are reassembled correctly. In Full URL mode, the reserved structural characters — ;, /, ?, :, @, &, =, +, $, ,, # — are left percent-encoded so the URL's structure stays intact; everything else is decoded.
What if I want to decode and then re-encode?
Use the sibling URL Encoder. The pair lets you round-trip — decode a URL to see what's inside, modify a value, then re-encode it to a safe URL. Both tools use the same browser-native APIs so the round trip is exact; encoding the decoded output gives you back the original input byte for byte (assuming the original was well-formed in the first place).
Is my input sent anywhere?
No. The decode runs entirely in JavaScript on your device using the browser's built-in decodeURIComponent and decodeURI functions. The page loads its small JavaScript bundle once and caches it; after that there are no network requests, including no analytics on the URLs you paste in. Verify in your browser's Network tab, or simply switch off Wi-Fi after the page loads — the decoder still works.

Related tools

URL Encoder & Decoder

Encode and decode URL-safe text.

Base64 Decoder

Decode Base64 strings back to UTF-8 text in your browser.

HTML Decoder

Decode HTML entities back to plain text.

URL Parser

Break a URL into its component parts.

UTM Link Builder

Build campaign-tracking UTM links.

Slug Generator

Generate clean, SEO-friendly URL slugs.