Example
Input (URL)
https://user:pass@yutils.dev:8080/tools/base64?q=hello&lang=ko#preview
Output (components)
protocol: https:
user: user
pass: pass
host: yutils.dev:8080
hostname: yutils.dev
port: 8080
path: /tools/base64
query: { q: hello, lang: ko }
hash: #previewNote
Based on WHATWG URL — matches the browser's built-in `URL` object exactly. Query strings are parsed into a key-value object.
Usage / FAQ
When to use
- See every component of a complex URL at a glance
- Debug query parameters — `utm_*`, tracking codes, etc.
- Break down each step of a redirect chain
- Confirm exact positions of subdomain, port, path, hash
- Decode URL-encoded query values
FAQ
- Q.WHATWG vs RFC 3986?
- A.RFC 3986 is the 1990s spec; the WHATWG URL Living Standard matches real browser behavior. Small differences exist (e.g. trailing slash handling). Browsers follow WHATWG — and so does this tool.
- Q.Can I parse a relative URL?
- A.Only with a base URL. `/tools/base64` alone has no host. Use an absolute form like `https://example.com/tools/base64`.
- Q.What if a key appears multiple times?
- A.URLSearchParams returns all values via `getAll('tag')`. This tool shows only the last value — use jq or similar for multi-value analysis.
Fun facts
Modern URLs sit between two standards — IETF's RFC 3986 (2005, static) and WHATWG's URL Living Standard (2012+, continuously updated). The two specs differ in subtle places, and browsers effectively follow WHATWG.
WHATWG URL StandardThe WHATWG URL parser is a 'living standard' that tracks what browsers actually do — interpreting backslashes as forward slashes, ignoring whitespace, accepting things RFC 3986 rejects. 'Real-world compatibility first.'
Wikipedia — URL standardsThe JavaScript `new URL(...)` constructor landed across every modern browser and Node.js around 2017. Before that, regex hacks and `document.createElement('a')` tricks ran wild — each producing subtly different results. Today `URL.canParse(str)` (2023+) gives a clean validation API.
MDN — URL constructor
Related guides
- HTTP Status Codes — When to Use 401, 403, 422, 500 and the Rest
Definitive reference for HTTP status codes — class meanings, the most common codes in REST APIs, frequently confused pairs (401 vs 403, 400 vs 422), and how to pick the right one.
- CORS Explained — What Triggers Preflight, Common Errors, and How to Fix Them
Cross-Origin Resource Sharing in plain language — same-origin policy, simple vs preflight requests, the right Access-Control-* headers, credentials, and the most common debugging traps.
- OAuth 2.0 Explained — Authorization Code, PKCE, Client Credentials, and When to Use Which
OAuth 2.0 in plain language — the four flows, why PKCE replaced implicit, refresh tokens, scopes, and how it relates to OpenID Connect.
- URL Encoding Deep Dive — Why %20 Not + and When encodeURIComponent Beats encodeURI
Percent-encoding character sets, the difference between encodeURI and encodeURIComponent, when + means space, IDN/Punycode, and the right way to build URLs.
- Content Security Policy — Stop XSS with the Right CSP Header
How CSP defends against XSS, the directives you actually need, nonces vs hashes vs strict-dynamic, the report-only rollout pattern, and AdSense/GA compatibility.
- HTTP Caching — Cache-Control, ETag, and the Right Headers for Every Asset
max-age vs s-maxage, immutable, stale-while-revalidate, ETag vs Last-Modified, CDN vs browser cache, and the headers your static assets, HTML, and API responses each need.
- SameSite Cookies and CSRF — What Lax, Strict, and None Actually Mean
How SameSite changed CSRF defense in 2020, the differences between Lax/Strict/None, when you need Secure, third-party cookie deprecation, and what's still required beyond SameSite.
- How DNS Actually Works
Walk through a DNS query — root server, TLD, authoritative resolver, recursive resolver, TTL caching, the A/AAAA/CNAME/MX record zoo, and why DNS-over-HTTPS exists.
Related tools
- Base64 Encode / Decode
Encode text to Base64 or decode Base64 back to text. Runs entirely in your browser, no data sent to any server.
- URL Encode / Decode
Percent-encode text for safe use in URLs, or decode percent-encoded URLs back to text. Runs entirely in your browser.
- UUID / ULID Generator
Generate UUID v4 (random), UUID v7 (time-ordered, RFC 9562), or ULID identifiers — all client-side via crypto.
- JWT Decoder
Decode the header and payload of a JSON Web Token. Signature is not verified (a public key is required). The token is processed entirely in your browser.
- JWT Encoder (HMAC)
Generate a signed JSON Web Token with HS256/HS384/HS512 (HMAC-SHA). Payload and secret stay in your browser — Web Crypto API based.
- SHA Hash
Compute SHA-1, SHA-256, SHA-384, or SHA-512 hash of text. Uses the browser's Web Crypto API; no data is sent to any server.
- Hex Encode / Decode
Encode text to hexadecimal or decode hex back to text. Supports UTF-8 multi-byte characters and tolerates whitespace.
- HTML Entity Encode / Decode
Encode HTML special characters (&, <, >, ", ') to entities, or decode named/numeric entities back to text.
- Password Generator
Generate cryptographically strong passwords, tokens, random strings, and passphrases with entropy display.
- Number Base Converter
Convert numbers between bases (binary/octal/decimal/hex/base36) using BigInt for large integers. Auto-detects 0b/0o/0x prefixes.
- HMAC Generator
Compute HMAC (Hash-based Message Authentication Code) with SHA-1/256/384/512 using the Web Crypto API.
- HMAC Verify
Verify whether a given HMAC signature matches the message + secret. Constant-time comparison via Web Crypto API.
- MD5 Hash
Compute MD5 hash for text. Note: MD5 is broken for security — checksums and legacy compatibility only.
- Punycode (IDN)
Convert international domain names to/from Punycode (xn-- encoded ASCII). Uses native URL parser.
- HTTP Status Codes
Browse and search HTTP status codes (1xx-5xx) with descriptions and common usage.
- User-Agent Parser
Parse User-Agent strings into browser, OS, device, and engine fields.
- Bcrypt Hash
Hash passwords with Bcrypt or verify a plaintext against an existing hash. Configurable salt rounds.
- Cookie Parser
Parse Cookie or Set-Cookie strings into a table. Decode percent-encoded values. Supports Set-Cookie attributes (Path/Domain/Max-Age/SameSite/HttpOnly/Secure).
- IP / CIDR Calculator
Compute network address, broadcast, host range, mask, and host count from an IPv4 + CIDR.
- cURL Builder
Build cURL commands from URL/method/headers/body. Auto-detects JSON content-type.