Double URL encoding happens when text that is already percent-encoded gets encoded again. The giveaway is %25, because %25 is the encoded form of the percent sign itself.
If you see values such as %2520 or %252F, decode them once with the URL Decode tool and inspect whether a second encoded layer remains.
What is double URL encoding?
Double URL encoding is encoding an already encoded value a second time. A space encoded once is %20; encoded again, the percent sign becomes %25, producing %2520. The receiver often decodes once and is left with the still-encoded %20 text.
How do I recognize double encoding?
Look for %25 followed by two hexadecimal digits, especially patterns such as %2520, %252F, %253A, %253F, %2526, and %253D. Those often represent encoded versions of %20, %2F, %3A, %3F, %26, and %3D.
Why does double encoding break links?
Double encoding breaks links because most systems decode a URL component only once. If a value needs to become /checkout, but arrives as %252Fcheckout, one decode leaves %2Fcheckout instead of the intended slash or path value.
Is double encoding ever intentional?
Double encoding can be intentional when a URL is nested inside another encoded value and must survive multiple parsing layers. OAuth, redirects, and callback URLs can look double-encoded, but each layer should still be encoded and decoded deliberately, not accidentally.
How do I fix double encoding?
Fix double encoding by finding where the second encode happens and removing it. In code, keep values as raw text until the final URL-building step, or keep them parsed as URL objects so each component is encoded exactly once.
Should I decode twice to repair it?
Decode twice only as a debugging step, not as a default production fix. Repeated decoding can turn safe data into active delimiters, especially if user input contains percent sequences that were meant to remain literal.
Which tool helps diagnose it fastest?
The URL Decode tool helps diagnose double encoding by showing what one decoding pass reveals. If the result still contains percent codes, you can decide whether that second layer is intentional or a bug.