Base64 / URL
Encode or decode Base64 (standard or URL-safe) and percent-encoded URLs.
Modes
- Base64 — standard RFC 4648 with
+//and=padding. - Base64 URL — URL-safe variant:
-/_, no padding. - URL percent —
encodeURIComponent/decodeURIComponent.
Base64, briefly
Base64 is an encoding that turns arbitrary bytes into a string of 64 printable ASCII characters (A-Z, a-z, 0-9, +, /). It is the standard way to embed binary data — small images, certificates, cryptographic material — inside text-only formats like JSON, XML, or HTTP headers. The encoded form is about 33% larger than the raw bytes, which is the price you pay for ASCII safety.
Standard vs URL-safe
Plain Base64 uses + and /, both of which have special meaning in URLs. The URL-safe variant swaps them for - and _ and usually drops the trailing = padding. Tokens you find in OAuth flows, JWTs, and password-reset links are almost always URL-safe Base64. This tool handles both directions, so you can paste either form.
Common uses
- Inspecting the payload of a JWT or session cookie. (For JWTs specifically, the dedicated JWT tool is faster — it splits and decodes all three parts in one step.)
- Embedding a small image as a
data:URI inside HTML or CSS. - Round-tripping a binary file through a system that only allows text — chat clients, log collectors, plain-text email.
- Decoding configuration values from environment variables or Kubernetes Secrets, where binary content is conventionally Base64-encoded.
About URL encoding
URL encoding (percent encoding) is a different transformation, used to escape reserved characters inside URLs and form data. The same panel decodes and re-encodes both, so you can chain them when needed — for example, when a query string contains a Base64-encoded token that has been further percent-encoded.