QR Code Generator Online

Turn any text or URL into a QR code — free, private, download as PNG or SVG.

Last updated:

320px
2

What a QR code actually encodes

A QR code is just a bitmap. The black-and-white modules aren't a mystery — they're a specific binary encoding defined by ISO/IEC 18004 that any scanner reads back into whatever you put in. There's no server call, no API, no account — a QR code is literally a visual representation of the text it contains.

That means two things worth internalising:

  • The data is in the image. If the image still exists, the data still exists. There's nothing to "go down" like a shortened URL service — as long as the PNG is scannable, it will still decode to the same text.
  • Every QR code is editable by whoever controls the source. If you encode a URL, the page at that URL can change. The QR code is permanent, but what it points to isn't. This is the trap that makes "dynamic QR" services charge monthly fees — they sit a redirect in front of the URL.

What you can encode: plain text, URLs, Wi-Fi credentials (WIFI:T:WPA;S:NetworkName;P:password;;), vCards, email addresses (mailto:), phone numbers (tel:), SMS bodies, and GPS coordinates (geo:). Modern phone cameras recognise all of these and prompt the right action.

Error correction levels, in plain English

QR codes have four error-correction levels, each trading data capacity for damage tolerance. The letter is the level, the percentage is how much of the code can be missing or obscured and still decode correctly:

  • L (Low, ~7%) — maximum data capacity, minimum damage tolerance. Use only for clean, digital display (on-screen, never printed).
  • M (Medium, ~15%) — the sensible default. Good for most printed materials where nothing obstructs the code.
  • Q (Quartile, ~25%) — for codes that will get dirty, scratched, or printed at small sizes. Business cards, sticker labels.
  • H (High, ~30%) — maximum damage tolerance. Required if you're overlaying a logo in the middle of the code (the logo is the damage, and level H has enough redundancy to survive it).

The trade-off: higher correction means fewer usable bits for your payload. A level-H code holds roughly half as much data as a level-L code at the same physical size. For a URL of 30 characters this doesn't matter; for a 500-character vCard it might mean jumping to a larger QR version with more modules.

Print size and scan distance

The most common real-world failure mode isn't a technical one — it's a QR code that's too small to scan from where people actually stand. A rule of thumb that works for almost every use case:

Minimum side length = scan distance ÷ 10.

  • Business card (scanned at ~20 cm) — 2 cm minimum side. 2.5 cm is safer.
  • Restaurant table tent (scanned at ~40 cm) — 4 cm minimum.
  • Retail poster (scanned at 2 m) — 20 cm minimum.
  • Billboard (scanned at 20 m) — 2 m minimum. Yes, really.

Add a quiet zone — the empty margin around the code — of at least four modules (roughly 10% of the total side length). Scanners use the quiet zone to detect the code's edges. If you crop it out, the code becomes unreliable even when the data area is intact.

Colors and contrast

QR codes don't have to be black on white — but contrast matters far more than most people assume. Scanners treat the code as a 1-bit image: each module is either "dark" or "light", and the camera decides which based on local luminance. If the contrast is low, the decision gets noisy and the code fails to decode.

  • The "dark" color must be genuinely dark. Yellow, light blue, and most pastels on white don't have enough luminance contrast to scan reliably. Measure contrast with a WCAG checker if you're unsure — 4.5:1 is the floor, 7:1 is safer.
  • Inverted codes (light modules on a dark background) are risky. The QR spec doesn't require scanners to support them, and many older scanners refuse. If your brand is dark-on-dark, print the code in a light-colored box.
  • Gradients break things. A dark-to-light gradient across the code means some modules cross the threshold at different points in the camera's view. Use solid colors.
  • Transparent backgrounds are a trap. If you export a PNG with transparency and paste it over a photo, whatever shows through the "empty" modules becomes part of the code. Export with a solid background.

What not to encode

Because a QR code is public by definition, a short list of things never to put in one:

  • Passwords or API keys. Anyone with a phone camera gets them.
  • Personal information for someone who hasn't consented. Full names, phone numbers, addresses — fine for your own business card, not for third parties.
  • Internal-only URLs. If a URL is on a poster, assume it's public. Intranet links and staging environments don't belong in a QR code.
  • Trackable URLs without disclosure. You can redirect a QR code through an analytics service, but users have no way to inspect the URL before scanning it. Don't use that to surveil them without their knowledge.

One more: if the QR code is printed somewhere public and points to a URL you control, keep that page accessible. A dead link on a billboard lives forever.

Related tools on CodeBoxTools

  • URL Parser — verify a URL before encoding it, especially one with long query strings.
  • URL Encode / Decode — for percent-encoding special characters before they go into a URL QR.
  • Slug Generator — turn a title into a clean URL slug to keep QR payloads short.
  • Base64 — for encoded data URIs or basic-auth tokens.
  • Color Converter — check your QR foreground/background contrast across HEX, RGB, and HSL.

Frequently Asked Questions

What can I encode in a QR code?
Any text up to ~2,900 characters at low error correction, or ~1,200 with high correction. Common uses: URLs, plain text, Wi-Fi credentials (WIFI:T:WPA;S:Name;P:password;;), vCards, email addresses (mailto:), phone numbers (tel:), SMS bodies, and GPS coordinates (geo:).
Which error correction level should I pick?
M (medium, 15%) is the sensible default. Use H (30%) if your code will be printed small, on curved surfaces, or overlaid with a logo — higher correction means the code still scans even when damaged. Use L (7%) only when you need maximum data density on a clean digital display. Q (25%) sits between M and H for codes that will get dirty or scratched.
Are generated QR codes free to use commercially?
Yes. QR Code is an open standard (ISO/IEC 18004), originally developed by Denso Wave in 1994, and is free to use for any purpose including commercial use. You own the codes you generate here and owe no licensing fees.
Why is my QR code not scanning?
Most common causes: (1) code too small for the scan distance — the rule of thumb is side length ≥ distance ÷ 10; (2) quiet zone (empty margin) cropped off; (3) low contrast between dark and light modules — 4.5:1 is the floor; (4) inverted colors (light on dark) that older scanners refuse; (5) gradients or transparency over a busy background. Print on a solid light background with genuinely dark modules.
Does QR code size affect how far away it can be scanned?
Yes. Use the 1:10 rule: the minimum printed side length is the scan distance divided by 10. A 2 cm code works from 20 cm away; a 4 cm code from 40 cm; a 20 cm code from 2 m; a 2 m code from a billboard at 20 m. Always add a quiet zone of at least four modules around the edge or scanners will struggle to detect the code's border.
Can I put a logo in the middle of a QR code?
Yes, if you use error correction level H (30%). The logo covers part of the code, which counts as damage — level H has enough redundancy to recover from it. Keep the logo under ~25% of the total area and centred; don't overlap the three large position markers in the corners.
Can I generate a QR code for WiFi credentials or a phone number?
Yes. For WiFi, encode: WIFI:T:WPA;S:NetworkName;P:password;; — most modern phone cameras prompt to join the network on scan. For phone numbers, encode: tel:+14155551234 — scanning opens the dialer. For SMS with a pre-filled body: sms:+14155551234?body=Hello. For email: mailto:hello@example.com.

Related Tools

UUID Generator
Generate UUID v4 (random) or v7 (time-based) identifiers — also works as a GUID generator. Free and browser-based.
Hash Generator
Generate cryptographic hashes from any text — SHA-256, SHA-1, SHA-384, SHA-512. Free, private, and browser-based.
Password Generator
Generate strong random passwords with customizable length and characters — cryptographically secure and browser-based.