Home/Glossary/URL Encoding (Percent Encoding)

URL Encoding (Percent Encoding)

A mechanism for encoding special characters in URLs using percent signs followed by hexadecimal values.

EncodingAlso called: "percent encoding", "url escape"

URLs can only contain certain characters, so special characters must be encoded.

Why encoding is needed

  • Spaces, slashes, and symbols have special meanings in URLs.
  • Non-ASCII characters (é, ñ, 中) need encoding for compatibility.
  • Prevents security issues from malformed URLs.

Common encodings

  • Space: %20 or +
  • Forward slash: %2F
  • Question mark: %3F
  • Ampersand: %26
  • Hash: %23

Security implications

  • Double encoding can bypass filters: %252F becomes %2F becomes /.
  • URL encoding used in XSS, SQL injection, and path traversal attacks.

Related Tools

Explore More Encoding

View all terms

Base64 Encoding

A binary-to-text encoding scheme that converts binary data into ASCII characters for safe transmission over text-based protocols.

Read more →
Back to glossary