URL Parser
Decompose any URL into parts with a query-parameter table and encoding diagnostics.
Rebuild — set or add a query param
Type a param name to see the rebuilt URL with correct percent-encoding applied.
HTTPS URL with 3 query parameters. Double-encoding detected — a value contains percent-escapes that decode to more escapes, usually a sign a URL was encoded twice.
Components
| protocol | https: |
| hostname | api.example.com |
| port | 8443 |
| pathname | /v1/search |
| hash | #results |
| origin | https://api.example.com:8443 |
Query parameters
| Key | Decoded value | Copy |
|---|---|---|
| q | hello world | |
| page | 2 | |
| filter | a%2Fb⚠ double-encoded — raw: a%252Fb |
How it works
URLs look simple and are not. A single address packs a scheme, optional credentials, a hostname, an optional port, a path, a query string of key-value pairs and a fragment — each with its own encoding rules and its own set of characters that must be escaped. This parser feeds your input through the browser's native WHATWG URL implementation, the exact parser used for every link you click and every fetch you make, and lays the result out as a table instead of making you eyeball a 300-character string.
The query-parameter table is where debugging time is actually saved. Each parameter is shown with its key and its decoded value — %20 back to a space, %2F back to a slash, + handled as a space per form-encoding convention — with a per-parameter copy button so you can extract a token or an ID without hand-counting ampersands. Values that appear to be encoded twice are flagged with the raw form alongside, because double-encoding is the silent killer of redirect URLs, OAuth callbacks and webhook configurations.
Parsing is strict by design: the tool uses new URL() inside a try/catch and reports failure rather than guessing. A common surprise is that relative URLs are rejected — the WHATWG parser requires an absolute URL with a scheme, which is also why pasting example.com/path fails while https://example.com/path succeeds. Another is normalization: default ports vanish, hostnames are lowercased, and path dot segments like /a/../b collapse, exactly as a browser would treat them.
The rebuild editor closes the loop. Type a parameter name and value and the tool sets it on the parsed URL via URLSearchParams, producing a correctly encoded result you can copy — handy for constructing test URLs with values containing spaces, ampersands or unicode without manually escaping anything. Everything runs in your tab: the URL you paste, which may well contain session tokens or signed parameters, is never logged, stored or transmitted anywhere.
Frequently asked questions
What is double-encoding and why does the tool warn about it?
Double-encoding happens when an already percent-encoded value is encoded again: a space becomes %20 on the first pass and %2520 on the second, because the % itself gets escaped to %25. It is one of the most common URL bugs — usually caused by two layers of code each calling encodeURIComponent — and it silently breaks parameter values. The tool flags any value containing %25 followed by hex digits, or values that still contain valid escapes after one decode pass.
Why does the port show as (default) for most URLs?
The WHATWG URL parser used by browsers normalizes away the default port for a scheme: 443 for https, 80 for http, 21 for ftp. If you type https://example.com:443/, the parsed port property is an empty string because the port is implicit in the scheme. Only non-default ports — like an API server on 8443 or a local dev server on 3000 — survive parsing and appear in the table.
What is the difference between encodeURIComponent and encodeURI?
encodeURIComponent escapes everything that has structural meaning in a URL — slashes, ampersands, equals signs, question marks — making it correct for encoding a single parameter value. encodeURI leaves structural characters intact and is only for encoding a complete URL that is already correctly structured. Using encodeURI on a parameter value containing an ampersand silently splits it into two parameters; this mismatch causes a large share of real-world query-string bugs.
Does the rebuild editor encode values for me?
Yes. The rebuild field uses the browser's native URLSearchParams.set, which applies correct application/x-www-form-urlencoded escaping automatically: spaces, ampersands, unicode characters and percent signs in your value all come out properly encoded exactly once. This is the same machinery your fetch calls and form submissions use, so what you copy from the rebuilt URL is byte-for-byte what a browser would send.
Is the hash fragment sent to the server?
No — the fragment (everything after #) is strictly client-side. Browsers strip it before sending the HTTP request, which is why single-page-app routers historically lived there and why OAuth implicit flow put tokens in the fragment to keep them out of server logs. If you need the server to see a value, it must travel in the path or the query string, never the hash.
Built by FORG — AI cost observability for agentic coding. Free tools, no signup, nothing leaves your browser.
Learn about FORG