How to Decode Base64 Data in URLs

Many URLs have Base64 data. Ever wonder what they contain?

Base64 is a common format used to transmit data across the Internet. Many websites use Base64 to ensure data makes it intact across several layers of software, such as your email, web browser, and all the servers in between. Without Base64, that data may be accidentally modified and cause errors or a negative user experience.

What is a query string?

To transmit Base64 data, most websites pass the data in URLs within what's known as query strings. Query strings are the text which appears after the question mark in the URL. For example, in the URL, the query string is firstname=hello&lastname=world.

When is Base64 used in query strings?

When it's simple data like in the prior example, encoding with Base64 is usually not necessary. However, when encoding data such as {"userid":1234,"email":"","token":"ab1!B9$BBIJZ84"}, it's possible some software would mangle the data. To help ensure its not accidentally modified during transmission, the data would be encoded as eyJ1c2VyaWQiOjEyMzQsImVtYWlsIjoiaGVsbG8ud29ybGRAZXhhbXBsZS5jb20iLCJ0b2tlbiI6ImFiMSFCOSRCQklKWjg0In0=. Now, that seems unreadable, but when decoded using tools such as, it makes sense to humans instead of just computers.

Find out what's in a URL with Base64 data

When clicking on a link from an email, or certain websites, a string like the one above may have piqued your curiosity. What is in the URL? Does it contain sensitive data? Does it contain my email address? What else does it have?

To find out, you can copy the part of the URL which looks like a Base64 string. Don't know how to identify a Base64 string? We recommend reading How to Predict an Encoded Base64 Value. That article contains a section on how to identify Base64 strings.

After copying the string, paste it into a tool such as Sometimes, the output will be seemingly random, which means it's probably internal data or encrypted data. In both of those cases, it's a good thing since the data is not easily readable if it contains sensitive data.

Data frequently encoded in Base64 strings

In most cases, though, you will be able to find something human-readable, such as a user id, email address, or other text describing the contents. It's common to find user ids and email addresses passed on in this manner. However, it can be a problem if more sensitive information such as passwords are shared this way, since it is not encrypted and anyone with the Base64 string can decode the string and obtain the password.

More blog posts: