Treating a relative reference as an absolute URL
Absolute mode requires a scheme. Use Reference + base for /docs, ../api, ?page=2, or #section so resolution happens against a base you can see and verify.
Parse one absolute URL or resolve a URL reference against an explicit base. Inspect the browser-normalized URL, origin, credentials, host, effective port, path segments, ordered query entries, duplicate keys, plus-sign behavior, and fragment.
Continue with a related workflow or open the next tool that usually follows this task.
Use this workflow when a CSP blocks an expected resource, a candidate policy produces noisy reports, or a proxy changes the header you intended to ship. It combines local policy parsing with browser violation evidence and a final deployed-edge check, without treating static findings as a security certificate.
OpenRelated toolConvert bases, inspect queries, calculate px/rem, transform escapes, and build commit messages in one local workbench.
OpenRelated toolParse bounded HTTP header blocks locally with default secret masking and protocol diagnostics.
OpenRelated toolConvert one IDN between Unicode and Punycode with strict validation and label review.
OpenChoose Absolute URL when the input includes a scheme, or Reference + base for a relative path, query, or fragment.
In reference mode, enter the exact HTTP or HTTPS base that the application uses before pasting the reference.
Leave credential masking enabled unless you deliberately need credentials in copied or downloaded output.
Run the parser and compare the original input with the normalized URL before using it for signatures, redirects, or cache keys.
Review raw and decoded path, query, and fragment values; inspect repeated keys, empty entries, plus signs, and malformed percent escapes.
Copy the component you need or download the complete text report, then verify reachability, ownership, server behavior, and safety separately.
Separate callback origin, path, ordered state values, nested return targets, and fragment data before changing an OAuth or SSO redirect configuration.
Compare raw UTM, affiliate, search, and filter entries with decoded values while retaining repeated keys and their original order.
Resolve ../api, /assets, ?page=2, or #section against the exact deployment base to reproduce browser routing behavior.
See host type, normalized IDN hostname, explicit and effective port, user information, origin, and non-HTTP scheme differences in logs or configuration.
Identify empty separators, malformed escapes, invalid UTF-8, form-plus conversion, duplicate keys, and fragments before handing one component to an encoder or query editor.
Absolute mode requires a scheme. Use Reference + base for /docs, ../api, ?page=2, or #section so resolution happens against a base you can see and verify.
The browser can lowercase a hostname, add a root slash, serialize Unicode as percent escapes or Punycode, and remove an explicit default port. Keep the original when signatures, cache keys, or exact log comparison matter.
Query parsing follows form rules, so raw + becomes a decoded space while %2B becomes a literal plus. Compare the raw entry and decoded value before editing search terms or signatures.
Duplicate keys can be ordered lists, overrides, or mistakes depending on the receiving framework. The parser preserves their order but cannot decide which value the server will use.
Masking user information protects cards, copy, and download output, but the original input remains visible in the input field. Remove passwords, tokens, and personal data before sharing screenshots or reports.
The browser serialization lowercases the scheme and hostname and removes the explicit HTTPS default port while preserving path, query order, and fragment.
HTTPS://EXAMPLE.COM:443/a%20b?tag=one&tag=two#reviewhttps://example.com/a%20b?tag=one&tag=two#reviewThe result masks serialized credentials and converts the internationalized hostname to its ASCII form without opening or checking the destination.
https://user:secret@例え.テスト:8443/docs?q=C%2B%2B+URLhttps://[REDACTED]@xn--r8jz45g.xn--zckzah:8443/docs?q=C%2B%2B+URLThe parser uses the platform URL implementation. That parser serializes a normalized href: schemes and hostnames may be lowercased, Unicode hostnames become ASCII Punycode, some characters become percent escapes, a missing root path may become /, and explicit default ports can disappear.
Absolute mode requires a scheme. Reference mode calls the same URL algorithm with one explicit HTTP or HTTPS base, so /path replaces the base path, ../ moves one level, ?query keeps the base path, and an already absolute input ignores the base.
Path segments, query entries, and the fragment retain a raw serialized form. Separate decoded views never replace the normalized URL. Query values use application/x-www-form-urlencoded behavior through URLSearchParams, including raw + to space and %2B to plus.
Malformed percent syntax and percent bytes that are not valid UTF-8 are reported instead of being presented as clean decoding. Empty ampersand segments, empty keys, empty values, missing equals signs, repeated decoded keys, and empty path segments remain observable.
The parser does not make a network request. Credential masking affects result serialization only, operational analytics contain aggregate counts rather than URL text, and successful syntax parsing is not a security, reputation, DNS, TLS, redirect, or availability check.
Absolute mode requires a scheme such as https:. Reference + base accepts references such as /path, ../path, ?query, or #fragment and resolves them against one explicit HTTP or HTTPS base URL.
The normalized URL and raw path, query, and fragment remain visible. Path segments and fragments are decoded separately. Query entries show both raw text and URLSearchParams-style decoded keys and values, where + means space.
No. Repeated decoded keys remain separate and in source order. The report lists every entry number and summarizes duplicate keys because server frameworks can apply different first, last, or list behavior.
Masking is on by default for serialized usernames and passwords in result cards, copy, and download text. It does not hide the original input field or automatically identify tokens inside query values.
No. The tool uses the browser URL parser locally and never navigates to the destination. A syntactically parsed URL can still be unreachable, deceptive, malicious, expired, or unsafe to visit.
Input is limited to 262,144 Unicode characters and 524,288 UTF-8 bytes. A result can contain at most 1,000 path segments and 1,000 non-empty query entries so a pasted URL cannot create unbounded output.
Maintained and tested by SimpleWebUtilsReviewed
Method: To check “Normalize a callback while preserving a nested target and repeated state”, we used URL Parser and Analyzer with the guide's exact source data and applied “Compare input with browser normalization”. The output had to match the documented result; evidence for “Editing before capturing the original” and “Using normalized text as signature evidence” was reviewed before recording the check.
Expected result: The normalized callback lowercased the host, removed default HTTPS port 443, and retained the encoded nested target, both state values, and #complete fragment.
Sources and standards
Use these focused guides when you need a practical workflow before opening the tool.
Use this workflow when a CSP blocks an expected resource, a candidate policy produces noisy reports, or a proxy changes the header you intended to ship. It combines local policy parsing with browser violation evidence and a final deployed-edge check, without treating static findings as a security certificate.
Workflow guideUse this workflow when a callback, search link, webhook, or API request changes plus signs, repeated keys, JSON string escapes, or a nested return URL after more than one parser touches it.
Workflow guideUse this workflow when a query string is present but the receiving app reads the wrong value, loses a parameter, or treats encoded text as literal data. The goal is to identify the broken layer before rebuilding the link, not to repeatedly encode the entire URL until it appears to work.
Workflow guideUse this workflow when a browser request, API response, redirect, or CDN cache behaves differently than expected and you need a bounded, redacted header-level record before editing configuration.
Workflow guideUse this workflow when an internationalized hostname appears as readable Unicode in one place and xn-- ASCII labels in another, and you need a precise comparison without confusing conversion with registration or security approval.
Workflow guideHTML-to-Markdown conversion can remove repetitive rewriting, but a publishable migration also needs content isolation, trust-boundary review, asset relocation, and a real destination preview. This workflow converts one article or documentation section, checks every removed or preserved structure, replaces unsafe links and interactive controls, moves images, and verifies the finished file with the renderer that will actually publish it.
Workflow guideUse this workflow when a website, form, menu, event page, or support link must move from paper, packaging, a PDF, or a presentation into a phone without relying on a tracking or redirect service.
Workflow guideUse this workflow to turn a curl -I or DevTools capture into repeatable release evidence. It checks the final response locally, separates enforced CSP from Report-Only monitoring, preserves deployment context, and ends with live verification plus the application checks that response headers cannot cover.
Workflow guideA slug generator can produce a consistent path-segment candidate, but it cannot own the route or protect a published address. This workflow records the target platform and current URLs, chooses an explicit Unicode or ASCII convention, reviews transliteration and encoded length, checks duplicates and reserved names in the real namespace, and treats redirects, canonical metadata, internal references, sitemap updates, monitoring, and rollback as required parts of any live URL change.
Workflow guideUse this workflow to turn a small, redacted log or payload sample into reviewable timestamp rows while preserving field names, source lines, exact epoch precision, and explicit unit decisions.
Workflow guideUse this workflow when data inside one query parameter contains spaces, ampersands, equals signs, Unicode, a plus sign, or another complete URL.
Workflow guideUse this workflow when a callback, webhook, proxy, SDK, or copied link contains `%252F`, `%2520`, `%253A`, or another sign that a percent sign was encoded again.
Workflow guideUse this workflow when an OAuth, SSO, webhook, campaign, or application callback looks correct in a browser but the receiving system reads another path or parameter value.
Continue with another maintained workflow
Convert bases, inspect queries, calculate px/rem, transform escapes, and build commit messages in one local workbench.
Parse bounded HTTP header blocks locally with default secret masking and protocol diagnostics.
Convert one IDN between Unicode and Punycode with strict validation and label review.
Encode exact text or a prepared URL, Wi-Fi, email, phone, SMS, or vCard payload as PNG or SVG.
Encode or decode exact URL components, full URLs, and form values locally.