Why You Need a URL Encoding Reference
When building web applications, APIs, or simply sharing links, knowing the correct percent-encoded form of special characters saves significant debugging time. The percent-encoding standard (RFC 3986) defines which characters must be encoded in URLs and exactly how to encode them — but the rules aren't always intuitive. Is the plus sign + a valid URL character or does it need encoding? (It depends on context.) Does the question mark inside a path segment need to be encoded? (Yes.) Should I encode the slash in a query parameter value? (Absolutely yes.) This comprehensive reference table covers the most commonly needed encodings, organized by character type, so you can find what you need quickly.
ASCII Printable Characters: Encoding Reference
Here are the standard ASCII printable characters and their percent-encoded forms. Characters marked as "safe" don't need encoding in most URL contexts:
| Character | Name | Percent-Encoded | Notes |
|---|---|---|---|
space |
Space | %20 |
Also encoded as + in form data |
! |
Exclamation mark | %21 |
Reserved; encode in parameter values |
" |
Double quote | %22 |
Always encode |
# |
Hash / Pound | %23 |
Fragment delimiter; encode in values |
$ |
Dollar sign | %24 |
Reserved character |
% |
Percent sign | %25 |
Must encode to avoid ambiguity |
& |
Ampersand | %26 |
Query param separator; always encode in values |
' |
Single quote | %27 |
Encode in values for safety |
+ |
Plus sign | %2B |
Means "space" in form data; encode in values |
, |
Comma | %2C |
Sub-delimiter; often safe in practice |
/ |
Forward slash | %2F |
Path separator; encode when slash is data |
: |
Colon | %3A |
Scheme/port separator; encode in values |
; |
Semicolon | %3B |
Sub-delimiter |
= |
Equals sign | %3D |
Param key=value delimiter; encode in values |
? |
Question mark | %3F |
Query string start; encode in values |
@ |
At sign | %40 |
User info delimiter |
[ |
Left bracket | %5B |
Used in IPv6 host syntax; encode in values |
] |
Right bracket | %5D |
Used in IPv6 host syntax; encode in values |
\ |
Backslash | %5C |
Always encode |
^ |
Caret | %5E |
Always encode |
` | Backtick | %60 |
Always encode | ||
{ |
Left brace | %7B |
Always encode |
\| |
Pipe | %7C |
Always encode |
} |
Right brace | %7D |
Always encode |
Safe (Unreserved) Characters That Never Need Encoding
RFC 3986 defines a set of unreserved characters that can always appear in URLs without encoding. These are completely safe in any URL context: A–Z (uppercase letters), a–z (lowercase letters), 0–9 (digits), and the four special characters hyphen (-), underscore (_), period (.), and tilde (~). If your data consists only of these characters, no encoding is needed. Encoding these characters (which is technically allowed but unnecessary) just adds overhead without adding safety. Note that the tilde (~) was previously considered "unsafe" in an older RFC but is now explicitly unreserved in RFC 3986. This matters because some older systems may still percent-encode the tilde as %7E — this is equivalent but unnecessarily verbose.
Common Extended Latin and European Characters
International characters require multi-byte UTF-8 encoding. Here are frequently encountered characters from European languages:
| Character | Unicode | URL Encoded (UTF-8) | Language |
|---|---|---|---|
| e with acute | U+00E9 | %C3%A9 |
French, Spanish, Portuguese |
| e with grave | U+00E8 | %C3%A8 |
French, Italian |
| n with tilde | U+00F1 | %C3%B1 |
Spanish |
| u with umlaut | U+00FC | %C3%BC |
German |
| o with umlaut | U+00F6 | %C3%B6 |
German, Swedish, Finnish |
| c with cedilla | U+00E7 | %C3%A7 |
French, Portuguese, Turkish |
| sharp s | U+00DF | %C3%9F |
German |
| Euro sign | U+20AC | %E2%82%AC |
Euro sign (3 bytes) |
| British Pound | U+00A3 | %C2%A3 |
British Pound |
| Copyright | U+00A9 | %C2%A9 |
Copyright symbol |
Emoji and 4-Byte Characters
Emoji and characters from supplementary Unicode planes use 4 UTF-8 bytes and produce longer percent-encoded sequences. Here are some common examples:
| Emoji | Name | Unicode | URL Encoded |
|---|---|---|---|
| Grinning face | Grinning face | U+1F600 | %F0%9F%98%80 |
| Red heart | Red heart | U+2764 | %E2%9D%A4%EF%B8%8F |
| Rocket | Rocket | U+1F680 | %F0%9F%9A%80 |
| Check mark | Check mark | U+2705 | %E2%9C%85 |
| Globe | Globe Europe/Africa | U+1F30D | %F0%9F%8C%8D |
The Space Problem: %20 vs. +
The space character has two different encodings depending on the context, and this causes more confusion than almost any other URL encoding topic. In percent-encoding per RFC 3986, a space is encoded as %20. This is the correct encoding for path segments and is also valid in query strings. In application/x-www-form-urlencoded format (HTML form submissions), spaces are encoded as +. This is a legacy convention from before the web standards were formalized. Many URL parsers accept both, but the difference matters in specific scenarios. If you send a URL with a + in the path (not the query string), many servers will treat it as a literal plus sign, not a space. Similarly, a + in a query value that was encoded with encodeURIComponent() represents a literal plus sign, but if the same URL was form-encoded, the + means a space. The safest approach: use %20 for spaces in path segments, and be consistent with + vs. %20 in query strings throughout your application. When in doubt, %20 is unambiguous.
Control Characters and Non-Printable Characters
Control characters (ASCII 0–31 and 127) and non-printable characters must always be percent-encoded in URLs. Here are the most commonly encountered ones: Newline (\n, ASCII 10) encodes as %0A. Carriage return (\r, ASCII 13) encodes as %0D. Tab (\t, ASCII 9) encodes as %09. Null character (\0, ASCII 0) encodes as %00. Delete (ASCII 127) encodes as %7F. These characters should not appear in URLs at all, but if user input or data contains them, they must be encoded. The null byte (%00) is particularly important from a security perspective — some systems use null bytes to terminate strings, and an unencoded null byte in a URL can lead to security vulnerabilities. Always sanitize and encode user-supplied data before including it in URLs.
Quick Reference: Most Common URL Encodings
For quick day-to-day reference, here are the 15 most commonly needed percent-encoded values that developers encounter: %20 = space, %21 = !, %22 = ", %23 = #, %24 = $, %25 = %, %26 = &, %27 = ', %28 = (, %29 = ), %2B = +, %2C = ,, %2F = /, %3A = :, %3D = =, %3F = ?, %40 = @. Save this list or bookmark this page for quick access when debugging URL encoding issues. Our free URL encoder/decoder tool can also instantly encode or decode any character or string — just paste it in and click encode.