If you encounter a form on a website, such as a login form, that form likely uses a POST request to transmit its data to the web server. A standard HTML form encodes the data it sends in a format called URL encoding, also called percent encoding. When URL encoded form data is submitted in an HTTP POST request, it uses the Content-Type: application/x-www-form-urlencoded header.

Consider the following HTML for a submittable form:

<form method="post" action="/submission.php">

  <label for="name">Name:</label>
  <input name="name" type="text"><br>

  <label for="comment">Comment:</label>
  <input name="comment" type="text"><br>

  <input type="submit" value="submit">

</form>

In your web browser, the preceding HTML may render as shown in the following screenshot:

When this form is submitted, its data is encoded in an HTTP request such as the following:

POST /submission.php HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7)
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Connection: keep-alive

name=Alice&comment=Well+Done%21

In the preceding HTTP request, you can see that Content-Type: application/x-www-form-urlencoded is used. In this format, each form field and value is paired by an equal sign, and multiple form fields are chained together by ampersands.

Special characters in form field names or values must be encoded. Notice that Well Done! was encoded as Well+Done%21. Spaces are encoded with plus symbols, and special characters are encoded by a percent sign followed by their two-digit hexadecimal value (thus, the exclamation point was encoded as %21). A percent sign itself would be encoded as %25.