sanitize_url() │ WP 2.3.1

var_dump( sanitize_url('https://example.com/foo') );       // https://example.com/foo
var_dump( sanitize_url('https://example.com/foo-%2F-M') ); // https://example.com/foo-%2F-M
var_dump( sanitize_url('/foo') );                          // /foo

var_dump( sanitize_url('') ); // string(0) ""
var_dump( sanitize_url(false) ); // string(0) ""
var_dump( sanitize_url(null) ); // string(0) ""
var_dump( sanitize_url(true) ); // string(8) "http://1"

A simplified code snippet of the rest_output_link_header() function:

$url = get_rest_url();

header( sprintf( 'Link: <%s>; rel="https://api.w.org/"', sanitize_url( $url ) ), false );

/////////////////////

$url= rest_url( rest_get_queried_resource_route() );

header( sprintf( 'Link: <%s>; rel="alternate"; type="application/json"', sanitize_url( $url ) ), false );

With sanitize_url() you can not only clean the url, but also filter by protocol:

// Link to ftp resource
$url     = 'ftp://ftp.cdrom.com/pub/music/songs/1996';
$new_url = sanitize_url( $url, [ 'http', 'https' ] ); //> empty (string)

// The usual link to the https site
$url     = 'https://site.example/projects/';
$new_url = sanitize_url( $url, [ 'http', 'https' ] ); //> https://site.example/projects/

Snippet from the code of the edit_user() function:

$user = new stdClass();

if ( isset( $_POST['url'] ) ) {
	$user->user_url = sanitize_url( $_POST['url'] );
}

$user_id = wp_insert_user( $user );