URL Parser
Decode, normalize, build, compare, and lint URLs — supports HTTP/HTTPS/FTP/file/mailto/tel/ws/wss/data/blob. Phishing detection, redirect hints, Punycode IDN, encoded-char highlight, and URL diff. 100% client-side.
About URL Parser
Decode, normalize, build, compare, and lint URLs — supports HTTP/HTTPS/FTP/file/mailto/tel/ws/wss/data/blob. Phishing detection, redirect hints, Punycode IDN, encoded-char highlight, and URL diff. 100% client-side. Everything runs locally in your browser — your data never leaves your device.
How to use
- Enter your input in the tool above.
- Adjust any options to your preference.
- Use the Copy or Download buttons to save the result.
- Everything happens locally — your data never leaves your browser.
FAQ
What URL components does this tool show?
Protocol (scheme), username, password, host, port, pathname, search (query string), and hash (fragment). Query parameters are parsed into a key-value table. Supports all WHATWG URL schemes: http, https, ftp, file, mailto, tel, ws, wss, data, blob.
What is URL normalization and why does it matter?
Normalization produces a canonical form of a URL by lowercasing the host, stripping default ports (:80 for HTTP, :443 for HTTPS), removing duplicate slashes, sorting query parameters, and optionally removing fragments/trailing slashes. Normalized URLs are useful for deduplication, caching, and comparing two URLs for equality.
How does the phishing/safety check work?
We check for common phishing red flags: IP-address hostnames (rarely used by legit sites), excessive subdomains (login.account.com.evil.com), hyphen-heavy domains, non-ASCII characters in hostname (homograph attacks like Cyrillic 'а' in apple.com), Punycode (xn--) which could be legit IDN or homograph, HTTP instead of HTTPS, URL shorteners (bit.ly etc.), '@' signs that obscure hostnames, and excessive URL length. Each finding has a severity (high/medium/low/info).
What extra features does this tool have compared to others?
Beyond standard parse/normalize, we ship: (1) URL history (localStorage, last 20, with clear button). (2) Phishing/safety check with 9 red-flag patterns. (3) Redirect chain detection (shorteners, redirect params like ?url=, ?next=). (4) Encoded characters highlight — find all %XX sequences and decode them. (5) URL scheme reference — info on http/https/ftp/file/mailto/tel/ws/wss/data/blob. (6) mailto: parser — extract To/Cc/Bcc/Subject/Body. (7) tel: parser — extract phone number and comment. (8) URL builder/editor — construct a URL from parts. (9) Shareable URL — encode input in fragment (never sent to server). (10) URL diff — compare two URLs field-by-field.
Does this tool follow RFC 3986 or the WHATWG URL standard?
We use the browser's native URL() constructor, which follows the WHATWG URL Living Standard — the same spec browsers use to parse URLs. This is more permissive than strict RFC 3918 and matches real-world browser behavior. For normalization, we follow RFC 3986 §6 (Syntax-Based Normalization) where applicable.
Is the URL I paste sent anywhere?
No. URL parsing is done entirely in your browser using the native URL API. Nothing is logged, transmitted, or stored server-side. History is stored in localStorage on your device only. Shareable URLs encode the input in the URL fragment (#) which browsers do NOT send to servers in HTTP requests.
Related tools
Bcrypt & PBKDF2 Hash Generator
Generate and verify bcrypt + PBKDF2-SHA256 password hashes. Adjustable cost factor, batch verify, hash format detection, crack-time estimate, password strength check, hash comparison, and CSV export. 100% private.
CSP Evaluator & Builder
Evaluate Content Security Policy headers for security weaknesses, detect bypass gadgets, suggest strict CSP, generate nonces, compare two CSPs, and export to Nginx/Apache/meta-tag. 100% client-side.
Data URL Converter
Convert files to data: URLs and back. SVG optimization, batch encoding, embed templates (HTML/CSS/JS/JSON), size validation, magic bytes detection, and drag-drop. 100% private, offline.