Regex Patterns — Ready-to-Use Patterns for Email, Phone, URL, and More

Ready-to-use regular expression patterns for validating emails, phone numbers, URLs, dates, credit cards, IP addresses, and more. Copy and adapt these patterns for your...

Mian Ali Khalid · 2026-05-11 · 7 min read

Use the tool

Regex Tester

Test regular expressions with live match highlighting and explanation.

Open Regex Tester →

Ready-to-use regex patterns for common validation tasks. Test these with the Regex Tester before using in production — adjust for your specific requirements.

Email address

Basic (practical):

^[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}$

More permissive (RFC 5321 approximate):

^[a-zA-Z0-9!#$%&'*+/=?^_`{|}~\-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_`{|}~\-]+)*@(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$

Recommendation: Don’t over-validate emails with regex. The only reliable validation is sending a confirmation email. Use a simple pattern to catch obvious typos, then verify via email delivery.

What the basic pattern allows:

user@example.com ✓
user.name+tag@example.co.uk ✓
user@subdomain.example.com ✓

What it doesn’t allow (valid per RFC but edge cases):

IP address domains: user@[192.168.1.1]
Quoted local parts: "user name"@example.com

Phone number

US phone (flexible):

^(\+1[\s\-.]?)?(\(?\d{3}\)?[\s\-.]?)?\d{3}[\s\-.]?\d{4}$

Matches: 555-1234, (555) 123-4567, +1 800 555-1212, 5551234

International (E.164 format):

^\+[1-9]\d{1,14}$

Matches: +12025551234, +447700900123

10 digits only (US):

^\d{10}$

For US phone validation, strip non-digit characters first, then validate the 10-digit sequence.

URL

HTTP/HTTPS URL:

^https?:\/\/[^\s/$.?#].[^\s]*$

More precise:

^https?:\/\/(www\.)?[-a-zA-Z0-9@:%._+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_+.~#?&/=]*)$

Matches: https://example.com, http://sub.example.com/path?q=1#anchor

Note: URL validation with regex is notoriously difficult. For robust validation, use new URL(str) in JavaScript or Python’s urllib.parse.urlparse() instead of regex.

Date formats

YYYY-MM-DD (ISO 8601):

^\d{4}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])$

Matches: 2024-05-11, 2024-12-31 Doesn’t catch: 2024-02-30 (Feb 30 doesn’t exist) — use calendar logic for that

MM/DD/YYYY (US format):

^(0[1-9]|1[0-2])\/(0[1-9]|[12]\d|3[01])\/\d{4}$

DD/MM/YYYY (European format):

^(0[1-9]|[12]\d|3[01])\/(0[1-9]|1[0-2])\/\d{4}$

IP address

IPv4:

^(25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)\.(25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)\.(25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)\.(25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)$

Matches: 192.168.1.1, 10.0.0.0, 255.255.255.255 Doesn’t match: 999.999.999.999, 192.168.1

IPv6 (simplified):

^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$

Full IPv6 validation (with :: abbreviation) is extremely complex. Use a library.

Password strength

At least 8 chars, 1 uppercase, 1 lowercase, 1 digit:

^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).{8,}$

At least 12 chars, 1 uppercase, 1 lowercase, 1 digit, 1 special char:

^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]).{12,}$

Note: Lookaheads (?=...) check conditions without consuming characters. (?=.*[A-Z]) requires at least one uppercase letter anywhere in the string.

Credit card number

Visa:

^4[0-9]{12}(?:[0-9]{3})?$

Mastercard:

^5[1-5][0-9]{14}$

American Express:

^3[47][0-9]{13}$

Any major card (simplified):

^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|6(?:011|5[0-9]{2})[0-9]{12})$

For payment processing, use a library (Stripe’s API, Luhn algorithm) rather than regex — the Luhn checksum validates the card number mathematically.

Hex color code

3 or 6 digit hex:

^#([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})$

With optional # prefix:

^#?([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})$

Matches: #FF6347, #f63, ff6347 (without #)

Postal codes

US ZIP (5 or 9 digit):

^\d{5}(-\d{4})?$

UK postcode:

^[A-Z]{1,2}[0-9][0-9A-Z]? ?[0-9][A-Z]{2}$

Canadian postal code:

^[A-Z]\d[A-Z] ?\d[A-Z]\d$

Slug (URL-friendly string)

^[a-z0-9]+(?:-[a-z0-9]+)*$

Matches: my-blog-post, product-123 Doesn’t match: My-Blog-Post (uppercase), my--post (double dash), -leading-dash

Username

Alphanumeric, underscores, hyphens, 3-20 chars:

^[a-zA-Z0-9_\-]{3,20}$

Must start with letter:

^[a-zA-Z][a-zA-Z0-9_\-]{2,19}$

Testing these patterns

Paste any of these patterns into the Regex Tester with:

Valid examples that should match
Invalid examples that should not match
Edge cases (empty string, maximum length, special characters)

Always verify behavior at boundaries:

Minimum/maximum length strings
Characters at the edges of allowed sets
Unicode characters (if your input allows non-ASCII)

Regex Tester — test regex patterns with live highlighting
Regex Cheatsheet — syntax reference
Regex Tester Guide — how to debug patterns effectively

The 2026 Regex Cheatsheet (PCRE, JS, Python — Side by Side) — A dense reference for modern regex: anchors, character classes, quantifiers, loo…
Catastrophic Backtracking: The Regex That Kills Your Server — One regex with nested quantifiers can reduce your server to 100% CPU in millisec…
JavaScript Regex Flags — g, i, m, s, u, and v Explained — JavaScript regex flags change how patterns match. Learn when to use global /g, c…
Regex Tester Online — Test Regular Expressions with Live Match Highlighting — A regex tester shows which parts of your test string match your pattern in real …

Related tool