API & Web Processed locally

URL Parser

Paste a URL (a bare host/path is upgraded to https://) and break it into protocol, host, port, path, query, and fragment — with every query parameter decoded. The Query params and Analysis tabs show the decoded pairs, length advice, signed-URL detection, and tracking / credential-looking parameters. Runs in your browser; nothing is uploaded.

Auto-parses as you type. Edit the URL to rebuild it. Ctrl+Enter to re-run.

Guide & FAQ

Break any URL into its parts — scheme, host, port, path, query, fragment, plus userinfo — and see every query parameter decoded. Use it for debugging redirects, OAuth callbacks, signed URLs, UTM links, tracking parameters, and double-encoded redirects. Runs locally; URLs are never uploaded.

What it does
  • Parses any URL into scheme, userinfo, host, port, path, query, fragment.
  • Decodes every query parameter — name and value — in the Query params tab.
  • Flags tracking parameters: utm_*, gclid, fbclid, msclkid, and more.
  • Detects signed URLs (AWS SigV4, Google Cloud, Azure SAS) and warns that they carry time-limited credentials.
  • Flags OAuth / token and other credential-looking parameters (access_token, code, api_key, …).
  • Reports the URL length against common server/proxy limits.
  • Mask secret-shaped values before copying or sharing the parsed output.
When to use it
  • Inspect tracking parameters (utm_source, gclid, fbclid) in a referral link.
  • Debug an OAuth callback URL that's failing — read code, state, and token params.
  • Decode a redirect URL that has another URL embedded in a parameter.
  • Audit a signed URL or pre-signed S3 link before sharing.
  • Confirm a URL is within length limits before putting it in a request line.
  • Split a URL into components to reuse in an integration test.
How to use it
  1. Paste the full URL — scheme-less URLs assume https://.
  2. Review the parsed breakdown (protocol, host, path, params, fragment) in the output.
  3. Open the Query params tab for decoded name/value pairs, and Analysis for length, tracking, and credential findings.
  4. Edit the URL text to rebuild it — the breakdown re-parses instantly.
  5. Use Mask secrets to redact token-shaped values before copying or sharing.
  6. For encoding only (no parsing), use the URL Encoder / Decoder.
Tips & pitfalls
  • Fragments (after #) are not sent to the server — useful (and often misused) in OAuth implicit flows.
  • Modifying a signed URL invalidates the signature — never edit pre-signed S3 / SAS links.
  • + is decoded as a space in application/x-www-form-urlencoded but as literal + in URL paths — semantics differ.
  • Double-encoded values (%2520) usually mean encoding was applied twice — decode twice to recover.
  • Tokens in query strings can leak via referrer headers, server logs, and browser history — prefer headers or POST bodies for sensitive values.
  • IDN hostnames may be displayed as Unicode but transmitted as Punycode (xn--...).
FAQ

FAQ

  • How do I parse a URL online? Paste the URL — the tool breaks out every component and decodes each query parameter.
  • How do I read OAuth callback parameters? Paste the callback URL; the parser decodes code, state, and token parameters and flags credential-looking ones in the Analysis tab.
  • What is a double-encoded URL? A URL whose components were encoded twice — %20 became %2520. Decode twice to recover.
  • How does it handle tracking parameters? It flags UTM parameters and click ids (gclid, fbclid, msclkid, and more) in the Analysis tab so you can spot and strip them.
  • Is my URL uploaded? No. Parsing runs in your browser.
  • For encoding only, which tool should I use? The URL Encoder / Decoder handles percent-encoding without parsing the URL structure.
  • How do I parse URL query parameters? Paste the URL and the parser breaks the query string into decoded name/value pairs in the Query params tab, all locally.
Use-case guides

Runs locally in your browser. No uploads. Use Mask secrets to redact tokens before pasting URLs into tickets or chat.

Common tasks solved by this tool

Continue in an API request workflow

Chain this into related tools, or build it as a saved workflow in Workflows.

  1. Parse the request URL — this tool
  2. Convert a cURL command to code
  3. Format the JSON payload
  4. Decode JWT headers
  5. Verify webhook signatures