%20 is the most recognized fragment of machine text in the world, and most people who see it daily could not say why it exists. The answer explains broken links, mangled search queries, the mysterious plus-signs-as-spaces, and the double-encoding bug that turns one space into %2520. URLs have an alphabet, everything else gets escaped, and our free URL encoder and decoder handle the escaping in your browser.
In this guide
Why URLs cannot just contain anything
A URL is a sentence with grammar: / separates paths, ? starts the query, & separates parameters, = binds names to values, # marks the fragment. Those characters are reserved, they mean something, so when your actual data contains one, it must be disguised or it will be read as grammar. The disguise is percent-encoding: the character’s bytes written as % plus two hex digits. A space becomes %20, a slash inside data becomes %2F, an ampersand %26. Non-ASCII text encodes through UTF-8 first, which is why one Greek α becomes %CE%B1, two bytes, two escapes, and café becomes caf%C3%A9. The unreserved survivors, letters, digits, and - _ . ~, travel as themselves, which is why clean URLs are built from exactly that alphabet.
The escapes you will actually meet
| Escape | Character | Where it bites |
|---|---|---|
| %20 | space | everywhere humans name things |
| %2F | / | data containing paths or fractions |
| %3F | ? | titles with questions in them |
| %26 | & | “Tom & Jerry” breaking query strings |
| %3D | = | encoded values inside parameters |
| %25 | % | percent itself, and the key to double encoding |
| %C3%A9 and friends | accented letters | any non-English text |
The worked example that ties it together: a search for red shoes&size=42 must travel as red%20shoes%26size%3D42, because the raw ampersand and equals would otherwise be parsed as a second parameter named size, and the search would quietly become “red shoes”. Not an error anyone sees, just wrong results, which is the signature of encoding bugs generally.
The plus sign: the special case with a history
In query strings, and only in query strings, a space may also appear as +, a convention inherited from ancient HTML form submission. The asymmetry is the trap: + means space in ?q=red+shoes but means a literal plus in a path, so decoding “C++” naively as a query yields “C “. The practical rules: when encoding, prefer %20, which is correct in every position; when decoding something with plus signs, know which part of the URL it came from. Our decoder handles both conventions, and the “why does my plus disappear” bug report is this paragraph wearing a ticket number.
Double encoding: %2520 and how it happens
Encode a space and you get %20. Encode that, because two systems each helpfully encoded once, and the % becomes %25, producing %2520. Decoded once, it renders as the literal text “%20”; the visible symptom is URLs or page titles displaying %20 where a space should be. The bug is always architectural: encoding belongs at the final assembly of the URL, exactly once, and every “let me encode this to be safe” along the way is a future %2520. Diagnosis is mechanical: run the string through the decoder; if one pass produces %-sequences and a second pass produces clean text, it was double-encoded, and the fix is removing one encoding step at the source, not decoding twice at the destination.
Fixing a broken link, step by step
- Decode it fully in the decoder to see what the URL actually says; mangled links usually read obviously wrong once human-readable.
- Look for the three signatures: %2520 (double encoding), a raw & or ? inside a value (under-encoding), or + in a path (convention confusion).
- Rebuild from parts: encode each parameter value with the encoder, then assemble with the literal ? and & grammar around them. Encoding values and assembling grammar are separate steps, which is the entire secret.
- Test the result, and if the link goes into HTML or JSON, mind the second escaping layer those formats add, a different layer than URL encoding and a frequent source of confusion between the two; the toolbox for that side lives in the developer tools pillar.
Frequently asked questions
Why do some URLs show Greek or emoji directly in the browser bar?
Browsers decode for display while sending the encoded form underneath. Copy such a URL and paste it elsewhere and you may get either version, which is why pasted links sometimes work in one app and break in another.
Should file names avoid spaces to dodge all this?
For anything that becomes a URL, yes: hyphens instead of spaces produce links that need no encoding, survive copy-paste, and read fine. The kebab-case convention exists precisely for this.
Is %20 different from ?
Entirely: %20 is URL encoding for a space character; is HTML’s non-breaking space entity. They belong to different layers, and substituting one for the other produces the special kind of bug where both layers blame each other.
Can I decode a URL to see if it is safe?
Decoding reveals the true destination and parameters, which is genuinely useful before clicking something suspicious; encoded look-alike domains and hidden redirect parameters become visible. It is a reading aid, not a security scanner, but an informative one.