1curl(1) Curl Manual curl(1)
2
6 curl - transfer a URL
7
9 curl [options / URLs]
10
12 curl is a tool to transfer data from or to a server, using one of the
13 supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP,
14 IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS,
15 SMTP, SMTPS, TELNET and TFTP). The command is designed to work without
16 user interaction.
17 curl offers a busload of useful tricks like proxy support, user authen‐
19 tication, FTP upload, HTTP post, SSL connections, cookies, file trans‐
20 fer resume, Metalink, and more. As you will see below, the number of
21 features will make your head spin!
22 curl is powered by libcurl for all transfer-related features. See
24 libcurl(3) for details.
25
27 The URL syntax is protocol-dependent. You'll find a detailed descrip‐
28 tion in RFC 3986.
29 You can specify multiple URLs or parts of URLs by writing part sets
31 within braces as in:
32 http://site.{one,two,three}.com
34 or you can get sequences of alphanumeric series by using [] as in:
36 ftp://ftp.example.com/file[1-100].txt
38 ftp://ftp.example.com/file[001-100].txt (with leading zeros)
40 ftp://ftp.example.com/file[a-z].txt
42 Nested sequences are not supported, but you can use several ones next
44 to each other:
45 http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html
47 You can specify any amount of URLs on the command line. They will be
49 fetched in a sequential manner in the specified order. You can specify
50 command line options and URLs mixed and in any order on the command
51 line.
52 You can specify a step counter for the ranges to get every Nth number
54 or letter:
55 http://example.com/file[1-100:10].txt
57 http://example.com/file[a-z:2].txt
59 When using [] or {} sequences when invoked from a command line prompt,
61 you probably have to put the full URL within double quotes to avoid the
62 shell from interfering with it. This also goes for other characters
63 treated special, like for example '&', '?' and '*'.
64 Provide the IPv6 zone index in the URL with an escaped percentage sign
66 and the interface name. Like in
67 http://[fe80::3%25eth0]/
69 If you specify URL without protocol:// prefix, curl will attempt to
71 guess what protocol you might want. It will then default to HTTP but
72 try other protocols based on often-used host name prefixes. For exam‐
73 ple, for host names starting with "ftp." curl will assume you want to
74 speak FTP.
75 curl will do its best to use what you pass to it as a URL. It is not
77 trying to validate it as a syntactically correct URL by any means but
78 is instead very liberal with what it accepts.
79 curl will attempt to re-use connections for multiple file transfers, so
81 that getting many files from the same server will not do multiple con‐
82 nects / handshakes. This improves speed. Of course this is only done on
83 files specified on a single command line and cannot be used between
84 separate curl invokes.
85
87 curl normally displays a progress meter during operations, indicating
88 the amount of transferred data, transfer speeds and estimated time
89 left, etc. The progress meter displays number of bytes and the speeds
90 are in bytes per second. The suffixes (k, M, G, T, P) are 1024 based.
91 For example 1k is 1024 bytes. 1M is 1048576 bytes.
92 curl displays this data to the terminal by default, so if you invoke
94 curl to do an operation and it is about to write data to the terminal,
95 it disables the progress meter as otherwise it would mess up the output
96 mixing progress meter and response data.
97 If you want a progress meter for HTTP POST or PUT requests, you need to
99 redirect the response output to a file, using shell redirect (>), -o,
100 --output or similar.
101 It is not the same case for FTP upload as that operation does not spit
103 out any response data to the terminal.
104 If you prefer a progress "bar" instead of the regular meter, -#,
106 --progress-bar is your friend. You can also disable the progress meter
107 completely with the -s, --silent option.
108
110 Options start with one or two dashes. Many of the options require an
111 additional value next to them.
112 The short "single-dash" form of the options, -d for example, may be
114 used with or without a space between it and its value, although a space
115 is a recommended separator. The long "double-dash" form, -d, --data for
116 example, requires a space between it and its value.
117 Short version options that don't need any additional values can be used
119 immediately next to each other, like for example you can specify all
120 the options -O, -L and -v at once as -OLv.
121 In general, all boolean options are enabled with --option and yet again
123 disabled with --no-option. That is, you use the exact same option name
124 but prefix it with "no-". However, in this list we mostly only list and
125 show the --option version of them. (This concept with --no options was
126 added in 7.19.0. Previously most options were toggled on/off on
127 repeated use of the same command line option.)
128 --abstract-unix-socket <path>
130 (HTTP) Connect through an abstract Unix domain socket, instead
131 of using the network. Note: netstat shows the path of an
132 abstract socket prefixed with '@', however the <path> argument
133 should not have this leading character.
134 Added in 7.53.0.
136 --alt-svc <file name>
138 (HTTPS) WARNING: this option is experimental. Do not use in pro‐
139 duction.
140 This option enables the alt-svc parser in curl. If the file name
142 points to an existing alt-svc cache file, that will be used.
143 After a completed transfer, the cache will be saved to the file
144 name again if it has been modified.
145 Specify a "" file name (zero length) to avoid loading/saving and
147 make curl just handle the cache in memory.
148 If this option is used several times, curl will load contents
150 from all the files but the last one will be used for saving.
151 Added in 7.64.1.
153 --anyauth
155 (HTTP) Tells curl to figure out authentication method by itself,
156 and use the most secure one the remote site claims to support.
157 This is done by first doing a request and checking the response-
158 headers, thus possibly inducing an extra network round-trip.
159 This is used instead of setting a specific authentication
160 method, which you can do with --basic, --digest, --ntlm, and
161 --negotiate.
162 Using --anyauth is not recommended if you do uploads from stdin,
164 since it may require data to be sent twice and then the client
165 must be able to rewind. If the need should arise when uploading
166 from stdin, the upload operation will fail.
167 Used together with -u, --user.
169 See also --proxy-anyauth and --basic and --digest.
171 -a, --append
173 (FTP SFTP) When used in an upload, this makes curl append to the
174 target file instead of overwriting it. If the remote file
175 doesn't exist, it will be created. Note that this flag is
176 ignored by some SFTP servers (including OpenSSH).
177 --basic
179 (HTTP) Tells curl to use HTTP Basic authentication with the
180 remote host. This is the default and this option is usually
181 pointless, unless you use it to override a previously set option
182 that sets a different authentication method (such as --ntlm,
183 --digest, or --negotiate).
184 Used together with -u, --user.
186 See also --proxy-basic.
188 --cacert <file>
190 (TLS) Tells curl to use the specified certificate file to verify
191 the peer. The file may contain multiple CA certificates. The
192 certificate(s) must be in PEM format. Normally curl is built to
193 use a default file for this, so this option is typically used to
194 alter that default file.
195 curl recognizes the environment variable named 'CURL_CA_BUNDLE'
197 if it is set, and uses the given path as a path to a CA cert
198 bundle. This option overrides that variable.
199 The windows version of curl will automatically look for a CA
201 certs file named ´curl-ca-bundle.crt´, either in the same direc‐
202 tory as curl.exe, or in the Current Working Directory, or in any
203 folder along your PATH.
204 If curl is built against the NSS SSL library, the NSS PEM
206 PKCS#11 module (libnsspem.so) needs to be available for this
207 option to work properly.
208 (iOS and macOS only) If curl is built against Secure Transport,
210 then this option is supported for backward compatibility with
211 other SSL engines, but it should not be set. If the option is
212 not set, then curl will use the certificates in the system and
213 user Keychain to verify the peer, which is the preferred method
214 of verifying the peer's certificate chain.
215 (Schannel only) This option is supported for Schannel in Windows
217 7 or later with libcurl 7.60 or later. This option is supported
218 for backward compatibility with other SSL engines; instead it is
219 recommended to use Windows' store of root certificates (the
220 default for Schannel).
221 If this option is used several times, the last one will be used.
223 --capath <dir>
225 (TLS) Tells curl to use the specified certificate directory to
226 verify the peer. Multiple paths can be provided by separating
227 them with ":" (e.g. "path1:path2:path3"). The certificates must
228 be in PEM format, and if curl is built against OpenSSL, the
229 directory must have been processed using the c_rehash utility
230 supplied with OpenSSL. Using --capath can allow OpenSSL-powered
231 curl to make SSL-connections much more efficiently than using
232 --cacert if the --cacert file contains many CA certificates.
233 If this option is set, the default capath value will be ignored,
235 and if it is used several times, the last one will be used.
236 --cert-status
238 (TLS) Tells curl to verify the status of the server certificate
239 by using the Certificate Status Request (aka. OCSP stapling) TLS
240 extension.
241 If this option is enabled and the server sends an invalid (e.g.
243 expired) response, if the response suggests that the server cer‐
244 tificate has been revoked, or no response at all is received,
245 the verification fails.
246 This is currently only implemented in the OpenSSL, GnuTLS and
248 NSS backends.
249 Added in 7.41.0.
251 --cert-type <type>
253 (TLS) Tells curl what type the provided client certificate is
254 using. PEM, DER, ENG and P12 are recognized types. If not spec‐
255 ified, PEM is assumed.
256 If this option is used several times, the last one will be used.
258 See also -E, --cert and --key and --key-type.
260 -E, --cert <certificate[:password]>
262 (TLS) Tells curl to use the specified client certificate file
263 when getting a file with HTTPS, FTPS or another SSL-based proto‐
264 col. The certificate must be in PKCS#12 format if using Secure
265 Transport, or PEM format if using any other engine. If the
266 optional password isn't specified, it will be queried for on the
267 terminal. Note that this option assumes a "certificate" file
268 that is the private key and the client certificate concatenated!
269 See -E, --cert and --key to specify them independently.
270 If curl is built against the NSS SSL library then this option
272 can tell curl the nickname of the certificate to use within the
273 NSS database defined by the environment variable SSL_DIR (or by
274 default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (lib‐
275 nsspem.so) is available then PEM files may be loaded. If you
276 want to use a file from the current directory, please precede it
277 with "./" prefix, in order to avoid confusion with a nickname.
278 If the nickname contains ":", it needs to be preceded by "\" so
279 that it is not recognized as password delimiter. If the nick‐
280 name contains "\", it needs to be escaped as "\\" so that it is
281 not recognized as an escape character.
282 If curl is built against OpenSSL library, and the engine pkcs11
284 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
285 ify a certificate located in a PKCS#11 device. A string begin‐
286 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
287 PKCS#11 URI is provided, then the --engine option will be set as
288 "pkcs11" if none was provided and the --cert-type option will be
289 set as "ENG" if none was provided.
290 (iOS and macOS only) If curl is built against Secure Transport,
292 then the certificate string can either be the name of a certifi‐
293 cate/private key in the system or user keychain, or the path to
294 a PKCS#12-encoded certificate and private key. If you want to
295 use a file from the current directory, please precede it with
296 "./" prefix, in order to avoid confusion with a nickname.
297 (Schannel only) Client certificates must be specified by a path
299 expression to a certificate store. (Loading PFX is not sup‐
300 ported; you can import it to a store first). You can use "<store
301 location>\<store name>\<thumbprint>" to refer to a certificate
302 in the system certificates store, for example, "Curren‐
303 tUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint
304 is usually a SHA-1 hex string which you can see in certificate
305 details. Following store locations are supported: CurrentUser,
306 LocalMachine, CurrentService, Services, CurrentUserGroupPolicy,
307 LocalMachineGroupPolicy, LocalMachineEnterprise.
308 If this option is used several times, the last one will be used.
310 See also --cert-type and --key and --key-type.
312 --ciphers <list of ciphers>
314 (TLS) Specifies which ciphers to use in the connection. The list
315 of ciphers must specify valid ciphers. Read up on SSL cipher
316 list details on this URL:
317 https://curl.haxx.se/docs/ssl-ciphers.html
319 If this option is used several times, the last one will be used.
321 --compressed-ssh
323 (SCP SFTP) Enables built-in SSH compression. This is a request,
324 not an order; the server may or may not do it.
325 Added in 7.56.0.
327 --compressed
329 (HTTP) Request a compressed response using one of the algorithms
330 curl supports, and save the uncompressed document. If this
331 option is used and the server sends an unsupported encoding,
332 curl will report an error.
333 -K, --config <file>
335 Specify a text file to read curl arguments from. The command
337 line arguments found in the text file will be used as if they
338 were provided on the command line.
339 Options and their parameters must be specified on the same line
341 in the file, separated by whitespace, colon, or the equals sign.
342 Long option names can optionally be given in the config file
343 without the initial double dashes and if so, the colon or equals
344 characters can be used as separators. If the option is specified
345 with one or two dashes, there can be no colon or equals charac‐
346 ter between the option and its parameter.
347 If the parameter contains whitespace (or starts with : or =),
349 the parameter must be enclosed within quotes. Within double
350 quotes, the following escape sequences are available: \\, \",
351 \t, \n, \r and \v. A backslash preceding any other letter is
352 ignored. If the first column of a config line is a '#' charac‐
353 ter, the rest of the line will be treated as a comment. Only
354 write one option per physical line in the config file.
355 Specify the filename to -K, --config as '-' to make curl read
357 the file from stdin.
358 Note that to be able to specify a URL in the config file, you
360 need to specify it using the --url option, and not by simply
361 writing the URL on its own line. So, it could look similar to
362 this:
363 url = "https://curl.haxx.se/docs/"
365 When curl is invoked, it (unless -q, --disable is used) checks
367 for a default config file and uses it if found. The default con‐
368 fig file is checked for in the following places in this order:
369 1) curl tries to find the "home dir": It first checks for the
371 CURL_HOME and then the HOME environment variables. Failing that,
372 it uses getpwuid() on Unix-like systems (which returns the home
373 dir given the current user in your system). On Windows, it then
374 checks for the APPDATA variable, or as a last resort the '%USER‐
375 PROFILE%\Application Data'.
376 2) On windows, if there is no .curlrc file in the home dir, it
378 checks for one in the same dir the curl executable is placed. On
379 Unix-like systems, it will simply try to load .curlrc from the
380 determined home dir.
381 # --- Example file ---
383 # this is a comment
384 url = "example.com"
385 output = "curlhere.html"
386 user-agent = "superagent/1.0"
387 # and fetch another URL too
389 url = "example.com/docs/manpage.html"
390 -O
391 referer = "http://nowhereatall.example.com/"
392 # --- End of example file ---
393 This option can be used multiple times to load multiple config
395 files.
396 --connect-timeout <seconds>
398 Maximum time in seconds that you allow curl's connection to
399 take. This only limits the connection phase, so if curl con‐
400 nects within the given period it will continue - if not it will
401 exit. Since version 7.32.0, this option accepts decimal values.
402 If this option is used several times, the last one will be used.
404 See also -m, --max-time.
406 --connect-to <HOST1:PORT1:HOST2:PORT2>
408 For a request to the given HOST1:PORT1 pair, connect to
410 HOST2:PORT2 instead. This option is suitable to direct requests
411 at a specific server, e.g. at a specific cluster node in a clus‐
412 ter of servers. This option is only used to establish the net‐
413 work connection. It does NOT affect the hostname/port that is
414 used for TLS/SSL (e.g. SNI, certificate verification) or for the
415 application protocols. "HOST1" and "PORT1" may be the empty
416 string, meaning "any host/port". "HOST2" and "PORT2" may also be
417 the empty string, meaning "use the request's original
418 host/port".
419 A "host" specified to this option is compared as a string, so it
421 needs to match the name used in request URL. It can be either
422 numerical such as "127.0.0.1" or the full host name such as
423 "example.org".
424 This option can be used many times to add many connect rules.
426 See also --resolve and -H, --header. Added in 7.49.0.
428 -C, --continue-at <offset>
430 Continue/Resume a previous file transfer at the given offset.
431 The given offset is the exact number of bytes that will be
432 skipped, counting from the beginning of the source file before
433 it is transferred to the destination. If used with uploads, the
434 FTP server command SIZE will not be used by curl.
435 Use "-C -" to tell curl to automatically find out where/how to
437 resume the transfer. It then uses the given output/input files
438 to figure that out.
439 If this option is used several times, the last one will be used.
441 See also -r, --range.
443 -c, --cookie-jar <filename>
445 (HTTP) Specify to which file you want curl to write all cookies
446 after a completed operation. Curl writes all cookies from its
447 in-memory cookie storage to the given file at the end of opera‐
448 tions. If no cookies are known, no data will be written. The
449 file will be written using the Netscape cookie file format. If
450 you set the file name to a single dash, "-", the cookies will be
451 written to stdout.
452 This command line option will activate the cookie engine that
454 makes curl record and use cookies. Another way to activate it is
455 to use the -b, --cookie option.
456 If the cookie jar can't be created or written to, the whole curl
458 operation won't fail or even report an error clearly. Using -v,
459 --verbose will get a warning displayed, but that is the only
460 visible feedback you get about this possibly lethal situation.
461 If this option is used several times, the last specified file
463 name will be used.
464 -b, --cookie <data|filename>
466 (HTTP) Pass the data to the HTTP server in the Cookie header. It
467 is supposedly the data previously received from the server in a
468 "Set-Cookie:" line. The data should be in the format
469 "NAME1=VALUE1; NAME2=VALUE2".
470 If no '=' symbol is used in the argument, it is instead treated
472 as a filename to read previously stored cookie from. This option
473 also activates the cookie engine which will make curl record
474 incoming cookies, which may be handy if you're using this in
475 combination with the -L, --location option or do multiple URL
476 transfers on the same invoke. If the file name is exactly a
477 minus ("-"), curl will instead the contents from stdin.
478 The file format of the file to read cookies from should be plain
480 HTTP headers (Set-Cookie style) or the Netscape/Mozilla cookie
481 file format.
482 The file specified with -b, --cookie is only used as input. No
484 cookies will be written to the file. To store cookies, use the
485 -c, --cookie-jar option.
486 Exercise caution if you are using this option and multiple
488 transfers may occur. If you use the NAME1=VALUE1; format, or in
489 a file use the Set-Cookie format and don't specify a domain,
490 then the cookie is sent for any domain (even after redirects are
491 followed) and cannot be modified by a server-set cookie. If the
492 cookie engine is enabled and a server sets a cookie of the same
493 name then both will be sent on a future transfer to that server,
494 likely not what you intended. To address these issues set a
495 domain in Set-Cookie (doing that will include sub domains) or
496 use the Netscape format.
497 If this option is used several times, the last one will be used.
499 Users very often want to both read cookies from a file and write
501 updated cookies back to a file, so using both -b, --cookie and
502 -c, --cookie-jar in the same command line is common.
503 --create-dirs
505 When used in conjunction with the -o, --output option, curl will
506 create the necessary local directory hierarchy as needed. This
507 option creates the dirs mentioned with the -o, --output option,
508 nothing else. If the --output file name uses no dir or if the
509 dirs it mentions already exist, no dir will be created.
510 Created dirs are made with mode 0750 on unix style file systems.
512 To create remote directories when using FTP or SFTP, try --ftp-
514 create-dirs.
515 --crlf (FTP SMTP) Convert LF to CRLF in upload. Useful for MVS
517 (OS/390).
518 (SMTP added in 7.40.0)
520 --crlfile <file>
522 (TLS) Provide a file using PEM format with a Certificate Revoca‐
523 tion List that may specify peer certificates that are to be con‐
524 sidered revoked.
525 If this option is used several times, the last one will be used.
527 Added in 7.19.7.
529 --data-ascii <data>
531 (HTTP) This is just an alias for -d, --data.
532 --data-binary <data>
534 (HTTP) This posts data exactly as specified with no extra pro‐
535 cessing whatsoever.
536 If you start the data with the letter @, the rest should be a
538 filename. Data is posted in a similar manner as -d, --data
539 does, except that newlines and carriage returns are preserved
540 and conversions are never done.
541 Like -d, --data the default content-type sent to the server is
543 application/x-www-form-urlencoded. If you want the data to be
544 treated as arbitrary binary data by the server then set the con‐
545 tent-type to octet-stream: -H "Content-Type: application/octet-
546 stream".
547 If this option is used several times, the ones following the
549 first will append data as described in -d, --data.
550 --data-raw <data>
552 (HTTP) This posts data similarly to -d, --data but without the
553 special interpretation of the @ character.
554 See also -d, --data. Added in 7.43.0.
556 --data-urlencode <data>
558 (HTTP) This posts data, similar to the other -d, --data options
559 with the exception that this performs URL-encoding.
560 To be CGI-compliant, the <data> part should begin with a name
562 followed by a separator and a content specification. The <data>
563 part can be passed to curl using one of the following syntaxes:
564 content
566 This will make curl URL-encode the content and pass that
567 on. Just be careful so that the content doesn't contain
568 any = or @ symbols, as that will then make the syntax
569 match one of the other cases below!
570 =content
572 This will make curl URL-encode the content and pass that
573 on. The preceding = symbol is not included in the data.
574 name=content
576 This will make curl URL-encode the content part and pass
577 that on. Note that the name part is expected to be URL-
578 encoded already.
579 @filename
581 This will make curl load data from the given file
582 (including any newlines), URL-encode that data and pass
583 it on in the POST.
584 name@filename
586 This will make curl load data from the given file
587 (including any newlines), URL-encode that data and pass
588 it on in the POST. The name part gets an equal sign
589 appended, resulting in name=urlencoded-file-content. Note
590 that the name is expected to be URL-encoded already.
591 See also -d, --data and --data-raw. Added in 7.18.0.
593 -d, --data <data>
595 (HTTP) Sends the specified data in a POST request to the HTTP
596 server, in the same way that a browser does when a user has
597 filled in an HTML form and presses the submit button. This will
598 cause curl to pass the data to the server using the content-type
599 application/x-www-form-urlencoded. Compare to -F, --form.
600 --data-raw is almost the same but does not have a special inter‐
602 pretation of the @ character. To post data purely binary, you
603 should instead use the --data-binary option. To URL-encode the
604 value of a form field you may use --data-urlencode.
605 If any of these options is used more than once on the same com‐
607 mand line, the data pieces specified will be merged together
608 with a separating &-symbol. Thus, using '-d name=daniel -d
609 skill=lousy' would generate a post chunk that looks like
610 'name=daniel&skill=lousy'.
611 If you start the data with the letter @, the rest should be a
613 file name to read the data from, or - if you want curl to read
614 the data from stdin. Posting data from a file named 'foobar'
615 would thus be done with -d, --data @foobar. When -d, --data is
616 told to read from a file like that, carriage returns and new‐
617 lines will be stripped out. If you don't want the @ character to
618 have a special interpretation use --data-raw instead.
619 See also --data-binary and --data-urlencode and --data-raw. This
621 option overrides -F, --form and -I, --head and -T, --upload-
622 file.
623 --delegation <LEVEL>
625 (GSS/kerberos) Set LEVEL to tell the server what it is allowed
626 to delegate when it comes to user credentials.
627 none Don't allow any delegation.
629 policy Delegates if and only if the OK-AS-DELEGATE flag is set
631 in the Kerberos service ticket, which is a matter of
632 realm policy.
633 always Unconditionally allow the server to delegate.
635 --digest
637 (HTTP) Enables HTTP Digest authentication. This is an authenti‐
638 cation scheme that prevents the password from being sent over
639 the wire in clear text. Use this in combination with the normal
640 -u, --user option to set user name and password.
641 If this option is used several times, only the first one is
643 used.
644 See also -u, --user and --proxy-digest and --anyauth. This
646 option overrides --basic and --ntlm and --negotiate.
647 --disable-eprt
649 (FTP) Tell curl to disable the use of the EPRT and LPRT commands
650 when doing active FTP transfers. Curl will normally always first
651 attempt to use EPRT, then LPRT before using PORT, but with this
652 option, it will use PORT right away. EPRT and LPRT are exten‐
653 sions to the original FTP protocol, and may not work on all
654 servers, but they enable more functionality in a better way than
655 the traditional PORT command.
656 --eprt can be used to explicitly enable EPRT again and --no-eprt
658 is an alias for --disable-eprt.
659 If the server is accessed using IPv6, this option will have no
661 effect as EPRT is necessary then.
662 Disabling EPRT only changes the active behavior. If you want to
664 switch to passive mode you need to not use -P, --ftp-port or
665 force it with --ftp-pasv.
666 --disable-epsv
668 (FTP) (FTP) Tell curl to disable the use of the EPSV command
669 when doing passive FTP transfers. Curl will normally always
670 first attempt to use EPSV before PASV, but with this option, it
671 will not try using EPSV.
672 --epsv can be used to explicitly enable EPSV again and --no-epsv
674 is an alias for --disable-epsv.
675 If the server is an IPv6 host, this option will have no effect
677 as EPSV is necessary then.
678 Disabling EPSV only changes the passive behavior. If you want to
680 switch to active mode you need to use -P, --ftp-port.
681 -q, --disable
683 If used as the first parameter on the command line, the curlrc
684 config file will not be read and used. See the -K, --config for
685 details on the default config file search path.
686 --disallow-username-in-url
688 (HTTP) This tells curl to exit if passed a url containing a
689 username.
690 See also --proto. Added in 7.61.0.
692 --dns-interface <interface>
694 (DNS) Tell curl to send outgoing DNS requests through <inter‐
695 face>. This option is a counterpart to --interface (which does
696 not affect DNS). The supplied string must be an interface name
697 (not an address).
698 See also --dns-ipv4-addr and --dns-ipv6-addr. --dns-interface
700 requires that the underlying libcurl was built to support c-
701 ares. Added in 7.33.0.
702 --dns-ipv4-addr <address>
704 (DNS) Tell curl to bind to <ip-address> when making IPv4 DNS
705 requests, so that the DNS requests originate from this address.
706 The argument should be a single IPv4 address.
707 See also --dns-interface and --dns-ipv6-addr. --dns-ipv4-addr
709 requires that the underlying libcurl was built to support c-
710 ares. Added in 7.33.0.
711 --dns-ipv6-addr <address>
713 (DNS) Tell curl to bind to <ip-address> when making IPv6 DNS
714 requests, so that the DNS requests originate from this address.
715 The argument should be a single IPv6 address.
716 See also --dns-interface and --dns-ipv4-addr. --dns-ipv6-addr
718 requires that the underlying libcurl was built to support c-
719 ares. Added in 7.33.0.
720 --dns-servers <addresses>
722 Set the list of DNS servers to be used instead of the system
723 default. The list of IP addresses should be separated with com‐
724 mas. Port numbers may also optionally be given as :<port-number>
725 after each IP address.
726 --dns-servers requires that the underlying libcurl was built to
728 support c-ares. Added in 7.33.0.
729 --doh-url <URL>
731 (all) Specifies which DNS-over-HTTPS (DOH) server to use to
732 resolve hostnames, instead of using the default name resolver
733 mechanism. The URL must be HTTPS.
734 If this option is used several times, the last one will be used.
736 Added in 7.62.0.
738 -D, --dump-header <filename>
740 (HTTP FTP) Write the received protocol headers to the specified
741 file.
742 This option is handy to use when you want to store the headers
744 that an HTTP site sends to you. Cookies from the headers could
745 then be read in a second curl invocation by using the -b,
746 --cookie option! The -c, --cookie-jar option is a better way to
747 store cookies.
748 If no headers are received, the use of this option will create
750 an empty file.
751 When used in FTP, the FTP server response lines are considered
753 being "headers" and thus are saved there.
754 If this option is used several times, the last one will be used.
756 See also -o, --output.
758 --egd-file <file>
760 (TLS) Specify the path name to the Entropy Gathering Daemon
761 socket. The socket is used to seed the random engine for SSL
762 connections.
763 See also --random-file.
765 --engine <name>
767 (TLS) Select the OpenSSL crypto engine to use for cipher opera‐
768 tions. Use --engine list to print a list of build-time supported
769 engines. Note that not all (or none) of the engines may be
770 available at run-time.
771 --etag-compare <file>
773 (HTTP) This option makes a conditional HTTP request for the spe‐
774 cific ETag read from the given file by sending a custom If-None-
775 Match header using the extracted ETag.
776 For correct results, make sure that specified file contains only
778 a single line with a desired ETag. An empty file is parsed as an
779 empty ETag.
780 Use the option --etag-save to first save the ETag from a
782 response, and then use this option to compare using the saved
783 ETag in a subsequent request.
784 OMPARISON: There are 2 types of comparison or ETags, Weak and
786 Strong. This option expects, and uses a strong comparison.
787 Added in 7.68.0.
789 --etag-save <file>
791 (HTTP) This option saves an HTTP ETag to the specified file.
792 Etag is usually part of headers returned by a request. When
793 server sends an ETag, it must be enveloped by a double quote.
794 This option extracts the ETag without the double quotes and
795 saves it into the <file>.
796 A server can send a week ETag which is prefixed by "W/". This
798 identifier is not considered, and only relevant ETag between
799 quotation marks is parsed.
800 It an ETag wasn't send by the server or it cannot be parsed, and
802 empty file is created.
803 Added in 7.68.0.
805 --expect100-timeout <seconds>
807 (HTTP) Maximum time in seconds that you allow curl to wait for a
808 100-continue response when curl emits an Expects: 100-continue
809 header in its request. By default curl will wait one second.
810 This option accepts decimal values! When curl stops waiting, it
811 will continue as if the response has been received.
812 See also --connect-timeout. Added in 7.47.0.
814 --fail-early
816 Fail and exit on the first detected transfer error.
817 When curl is used to do multiple transfers on the command line,
819 it will attempt to operate on each given URL, one by one. By
820 default, it will ignore errors if there are more URLs given and
821 the last URL's success will determine the error code curl
822 returns. So early failures will be "hidden" by subsequent suc‐
823 cessful transfers.
824 Using this option, curl will instead return an error on the
826 first transfer that fails, independent of the amount of URLs
827 that are given on the command line. This way, no transfer fail‐
828 ures go undetected by scripts and similar.
829 This option is global and does not need to be specified for each
831 use of -:, --next.
832 This option does not imply -f, --fail, which causes transfers to
834 fail due to the server's HTTP status code. You can combine the
835 two options, however note -f, --fail is not global and is there‐
836 fore contained by -:, --next.
837 Added in 7.52.0.
839 -f, --fail
841 (HTTP) Fail silently (no output at all) on server errors. This
842 is mostly done to better enable scripts etc to better deal with
843 failed attempts. In normal cases when an HTTP server fails to
844 deliver a document, it returns an HTML document stating so
845 (which often also describes why and more). This flag will pre‐
846 vent curl from outputting that and return error 22.
847 This method is not fail-safe and there are occasions where non-
849 successful response codes will slip through, especially when
850 authentication is involved (response codes 401 and 407).
851 --false-start
853 (TLS) Tells curl to use false start during the TLS handshake.
854 False start is a mode where a TLS client will start sending
855 application data before verifying the server's Finished message,
856 thus saving a round trip when performing a full handshake.
857 This is currently only implemented in the NSS and Secure Trans‐
859 port (on iOS 7.0 or later, or OS X 10.9 or later) backends.
860 Added in 7.42.0.
862 --form-string <name=string>
864 (HTTP SMTP IMAP) Similar to -F, --form except that the value
865 string for the named parameter is used literally. Leading '@'
866 and '<' characters, and the ';type=' string in the value have no
867 special meaning. Use this in preference to -F, --form if there's
868 any possibility that the string value may accidentally trigger
869 the '@' or '<' features of -F, --form.
870 See also -F, --form.
872 -F, --form <name=content>
874 (HTTP SMTP IMAP) For HTTP protocol family, this lets curl emu‐
875 late a filled-in form in which a user has pressed the submit
876 button. This causes curl to POST data using the Content-Type
877 multipart/form-data according to RFC 2388.
878 For SMTP and IMAP protocols, this is the mean to compose a mul‐
880 tipart mail message to transmit.
881 This enables uploading of binary files etc. To force the 'con‐
883 tent' part to be a file, prefix the file name with an @ sign. To
884 just get the content part from a file, prefix the file name with
885 the symbol <. The difference between @ and < is then that @
886 makes a file get attached in the post as a file upload, while
887 the < makes a text field and just get the contents for that text
888 field from a file.
889 Tell curl to read content from stdin instead of a file by using
891 - as filename. This goes for both @ and < constructs. When stdin
892 is used, the contents is buffered in memory first by curl to
893 determine its size and allow a possible resend. Defining a
894 part's data from a named non-regular file (such as a named pipe
895 or similar) is unfortunately not subject to buffering and will
896 be effectively read at transmission time; since the full size is
897 unknown before the transfer starts, such data is sent as chunks
898 by HTTP and rejected by IMAP.
899 Example: send an image to an HTTP server, where 'profile' is the
901 name of the form-field to which the file portrait.jpg will be
902 the input:
903 curl -F profile=@portrait.jpg https://example.com/upload.cgi
905 Example: send your name and shoe size in two text fields to the
907 server:
908 curl -F name=John -F shoesize=11 https://example.com/
910 Example: send your essay in a text field to the server. Send it
912 as a plain text field, but get the contents for it from a local
913 file:
914 curl -F "story=<hugefile.txt" https://example.com/
916 You can also tell curl what Content-Type to use by using
918 'type=', in a manner similar to:
919 curl -F "web=@index.html;type=text/html" example.com
921 or
923 curl -F "name=daniel;type=text/foo" example.com
925 You can also explicitly change the name field of a file upload
927 part by setting filename=, like this:
928 curl -F "file=@localfile;filename=nameinpost" example.com
930 If filename/path contains ',' or ';', it must be quoted by dou‐
932 ble-quotes like:
933 curl -F "file=@\"localfile\";filename=\"nameinpost\"" exam‐
935 ple.com
936 or
938 curl -F 'file=@"localfile";filename="nameinpost"' example.com
940 Note that if a filename/path is quoted by double-quotes, any
942 double-quote or backslash within the filename must be escaped by
943 backslash.
944 Quoting must also be applied to non-file data if it contains
946 semicolons, leading/trailing spaces or leading double quotes:
947 curl -F 'colors="red; green; blue";type=text/x-myapp' exam‐
949 ple.com
950 You can add custom headers to the field by setting headers=,
952 like
953 curl -F "submit=OK;headers=\"X-submit-type: OK\"" example.com
955 or
957 curl -F "submit=OK;headers=@headerfile" example.com
959 The headers= keyword may appear more that once and above notes
961 about quoting apply. When headers are read from a file, Empty
962 lines and lines starting with '#' are comments and ignored; each
963 header can be folded by splitting between two words and starting
964 the continuation line with a space; embedded carriage-returns
965 and trailing spaces are stripped. Here is an example of a
966 header file contents:
967 # This file contain two headers.
969 X-header-1: this is a header
970 # The following header is folded.
972 X-header-2: this is
973 another header
974 To support sending multipart mail messages, the syntax is
977 extended as follows:
978 - name can be omitted: the equal sign is the first character of
979 the argument,
980 - if data starts with '(', this signals to start a new multi‐
981 part: it can be followed by a content type specification.
982 - a multipart can be terminated with a '=)' argument.
983 Example: the following command sends an SMTP mime e-mail con‐
985 sisting in an inline part in two alternative formats: plain text
986 and HTML. It attaches a text file:
987 curl -F '=(;type=multipart/alternative' \
989 -F '=plain text message' \
990 -F '= <body>HTML message</body>;type=text/html' \
991 -F '=)' -F '=@textfile.txt' ... smtp://example.com
992 Data can be encoded for transfer using encoder=. Available
994 encodings are binary and 8bit that do nothing else than adding
995 the corresponding Content-Transfer-Encoding header, 7bit that
996 only rejects 8-bit characters with a transfer error, quoted-
997 printable and base64 that encodes data according to the corre‐
998 sponding schemes, limiting lines length to 76 characters.
999 Example: send multipart mail with a quoted-printable text mes‐
1001 sage and a base64 attached file:
1002 curl -F '=text message;encoder=quoted-printable' \
1004 -F '=@localfile;encoder=base64' ... smtp://example.com
1005 See further examples and details in the MANUAL.
1007 This option can be used multiple times.
1009 This option overrides -d, --data and -I, --head and -T,
1011 --upload-file.
1012 --ftp-account <data>
1014 (FTP) When an FTP server asks for "account data" after user name
1015 and password has been provided, this data is sent off using the
1016 ACCT command.
1017 If this option is used several times, the last one will be used.
1019 Added in 7.13.0.
1021 --ftp-alternative-to-user <command>
1023 (FTP) If authenticating with the USER and PASS commands fails,
1024 send this command. When connecting to Tumbleweed's Secure
1025 Transport server over FTPS using a client certificate, using
1026 "SITE AUTH" will tell the server to retrieve the username from
1027 the certificate.
1028 Added in 7.15.5.
1030 --ftp-create-dirs
1032 (FTP SFTP) When an FTP or SFTP URL/operation uses a path that
1033 doesn't currently exist on the server, the standard behavior of
1034 curl is to fail. Using this option, curl will instead attempt to
1035 create missing directories.
1036 See also --create-dirs.
1038 --ftp-method <method>
1040 (FTP) Control what method curl should use to reach a file on an
1041 FTP(S) server. The method argument should be one of the follow‐
1042 ing alternatives:
1043 multicwd
1045 curl does a single CWD operation for each path part in
1046 the given URL. For deep hierarchies this means very many
1047 commands. This is how RFC 1738 says it should be done.
1048 This is the default but the slowest behavior.
1049 nocwd curl does no CWD at all. curl will do SIZE, RETR, STOR
1051 etc and give a full path to the server for all these com‐
1052 mands. This is the fastest behavior.
1053 singlecwd
1055 curl does one CWD with the full target directory and then
1056 operates on the file "normally" (like in the multicwd
1057 case). This is somewhat more standards compliant than
1058 'nocwd' but without the full penalty of 'multicwd'.
1059 Added in 7.15.1.
1061 --ftp-pasv
1063 (FTP) Use passive mode for the data connection. Passive is the
1064 internal default behavior, but using this option can be used to
1065 override a previous -P, --ftp-port option.
1066 If this option is used several times, only the first one is
1068 used. Undoing an enforced passive really isn't doable but you
1069 must then instead enforce the correct -P, --ftp-port again.
1070 Passive mode means that curl will try the EPSV command first and
1072 then PASV, unless --disable-epsv is used.
1073 See also --disable-epsv. Added in 7.11.0.
1075 -P, --ftp-port <address>
1077 (FTP) Reverses the default initiator/listener roles when con‐
1078 necting with FTP. This option makes curl use active mode. curl
1079 then tells the server to connect back to the client's specified
1080 address and port, while passive mode asks the server to setup an
1081 IP address and port for it to connect to. <address> should be
1082 one of:
1083 interface
1085 e.g. "eth0" to specify which interface's IP address you
1086 want to use (Unix only)
1087 IP address
1089 e.g. "192.168.10.1" to specify the exact IP address
1090 host name
1092 e.g. "my.host.domain" to specify the machine
1093 - make curl pick the same IP address that is already used
1095 for the control connection
1096 If this option is used several times, the last one will be used. Dis‐
1098 able the use of PORT with --ftp-pasv. Disable the attempt to use the
1099 EPRT command instead of PORT by using --disable-eprt. EPRT is really
1100 PORT++.
1101 Since 7.19.5, you can append ":[start]-[end]" to the right of the
1103 address, to tell curl what TCP port range to use. That means you spec‐
1104 ify a port range, from a lower to a higher number. A single number
1105 works as well, but do note that it increases the risk of failure since
1106 the port may not be available.
1107 See also --ftp-pasv and --disable-eprt.
1109 --ftp-pret
1111 (FTP) Tell curl to send a PRET command before PASV (and EPSV).
1112 Certain FTP servers, mainly drftpd, require this non-standard
1113 command for directory listings as well as up and downloads in
1114 PASV mode.
1115 Added in 7.20.0.
1117 --ftp-skip-pasv-ip
1119 (FTP) Tell curl to not use the IP address the server suggests in
1120 its response to curl's PASV command when curl connects the data
1121 connection. Instead curl will re-use the same IP address it
1122 already uses for the control connection.
1123 This option has no effect if PORT, EPRT or EPSV is used instead
1125 of PASV.
1126 See also --ftp-pasv. Added in 7.14.2.
1128 --ftp-ssl-ccc-mode <active/passive>
1130 (FTP) Sets the CCC mode. The passive mode will not initiate the
1131 shutdown, but instead wait for the server to do it, and will not
1132 reply to the shutdown from the server. The active mode initiates
1133 the shutdown and waits for a reply from the server.
1134 See also --ftp-ssl-ccc. Added in 7.16.2.
1136 --ftp-ssl-ccc
1138 (FTP) Use CCC (Clear Command Channel) Shuts down the SSL/TLS
1139 layer after authenticating. The rest of the control channel com‐
1140 munication will be unencrypted. This allows NAT routers to fol‐
1141 low the FTP transaction. The default mode is passive.
1142 See also --ssl and --ftp-ssl-ccc-mode. Added in 7.16.1.
1144 --ftp-ssl-control
1146 (FTP) Require SSL/TLS for the FTP login, clear for transfer.
1147 Allows secure authentication, but non-encrypted data transfers
1148 for efficiency. Fails the transfer if the server doesn't sup‐
1149 port SSL/TLS.
1150 Added in 7.16.0.
1152 -G, --get
1154 When used, this option will make all data specified with -d,
1155 --data, --data-binary or --data-urlencode to be used in an HTTP
1156 GET request instead of the POST request that otherwise would be
1157 used. The data will be appended to the URL with a '?' separator.
1158 If used in combination with -I, --head, the POST data will
1160 instead be appended to the URL with a HEAD request.
1161 If this option is used several times, only the first one is
1163 used. This is because undoing a GET doesn't make sense, but you
1164 should then instead enforce the alternative method you prefer.
1165 -g, --globoff
1167 This option switches off the "URL globbing parser". When you set
1168 this option, you can specify URLs that contain the letters {}[]
1169 without having them being interpreted by curl itself. Note that
1170 these letters are not normal legal URL contents but they should
1171 be encoded according to the URI standard.
1172 --happy-eyeballs-timeout-ms <milliseconds>
1174 Happy eyeballs is an algorithm that attempts to connect to both
1175 IPv4 and IPv6 addresses for dual-stack hosts, preferring IPv6
1176 first for the number of milliseconds. If the IPv6 address cannot
1177 be connected to within that time then a connection attempt is
1178 made to the IPv4 address in parallel. The first connection to be
1179 established is the one that is used.
1180 The range of suggested useful values is limited. Happy Eyeballs
1182 RFC 6555 says "It is RECOMMENDED that connection attempts be
1183 paced 150-250 ms apart to balance human factors against network
1184 load." libcurl currently defaults to 200 ms. Firefox and Chrome
1185 currently default to 300 ms.
1186 If this option is used several times, the last one will be used.
1188 Added in 7.59.0.
1190 --haproxy-protocol
1192 (HTTP) Send a HAProxy PROXY protocol v1 header at the beginning
1193 of the connection. This is used by some load balancers and
1194 reverse proxies to indicate the client's true IP address and
1195 port.
1196 This option is primarily useful when sending test requests to a
1198 service that expects this header.
1199 Added in 7.60.0.
1201 -I, --head
1203 (HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the
1204 command HEAD which this uses to get nothing but the header of a
1205 document. When used on an FTP or FILE file, curl displays the
1206 file size and last modification time only.
1207 -H, --header <header/@file>
1209 (HTTP) Extra header to include in the request when sending HTTP
1210 to a server. You may specify any number of extra headers. Note
1211 that if you should add a custom header that has the same name as
1212 one of the internal ones curl would use, your externally set
1213 header will be used instead of the internal one. This allows you
1214 to make even trickier stuff than curl would normally do. You
1215 should not replace internally set headers without knowing per‐
1216 fectly well what you're doing. Remove an internal header by giv‐
1217 ing a replacement without content on the right side of the
1218 colon, as in: -H "Host:". If you send the custom header with no-
1219 value then its header must be terminated with a semicolon, such
1220 as -H "X-Custom-Header;" to send "X-Custom-Header:".
1221 curl will make sure that each header you add/replace is sent
1223 with the proper end-of-line marker, you should thus not add that
1224 as a part of the header content: do not add newlines or carriage
1225 returns, they will only mess things up for you.
1226 Starting in 7.55.0, this option can take an argument in @file‐
1228 name style, which then adds a header for each line in the input
1229 file. Using @- will make curl read the header file from stdin.
1230 See also the -A, --user-agent and -e, --referer options.
1232 Starting in 7.37.0, you need --proxy-header to send custom head‐
1234 ers intended for a proxy.
1235 Example:
1237 curl -H "X-First-Name: Joe" http://example.com/
1239 WARNING: headers set with this option will be set in all
1241 requests - even after redirects are followed, like when told
1242 with -L, --location. This can lead to the header being sent to
1243 other hosts than the original host, so sensitive headers should
1244 be used with caution combined with following redirects.
1245 This option can be used multiple times to add/replace/remove
1247 multiple headers.
1248 -h, --help
1250 Usage help. This lists all current command line options with a
1251 short description.
1252 --hostpubmd5 <md5>
1254 (SFTP SCP) Pass a string containing 32 hexadecimal digits. The
1255 string should be the 128 bit MD5 checksum of the remote host's
1256 public key, curl will refuse the connection with the host unless
1257 the md5sums match.
1258 Added in 7.17.1.
1260 --http0.9
1262 (HTTP) Tells curl to be fine with HTTP version 0.9 response.
1263 HTTP/0.9 is a completely headerless response and therefore you
1265 can also connect with this to non-HTTP servers and still get a
1266 response since curl will simply transparently downgrade - if
1267 allowed.
1268 Since curl 7.66.0, HTTP/0.9 is disabled by default.
1270 -0, --http1.0
1272 (HTTP) Tells curl to use HTTP version 1.0 instead of using its
1273 internally preferred HTTP version.
1274 This option overrides --http1.1 and --http2.
1276 --http1.1
1278 (HTTP) Tells curl to use HTTP version 1.1.
1279 This option overrides -0, --http1.0 and --http2. Added in
1281 7.33.0.
1282 --http2-prior-knowledge
1284 (HTTP) Tells curl to issue its non-TLS HTTP requests using
1285 HTTP/2 without HTTP/1.1 Upgrade. It requires prior knowledge
1286 that the server supports HTTP/2 straight away. HTTPS requests
1287 will still do HTTP/2 the standard way with negotiated protocol
1288 version in the TLS handshake.
1289 --http2-prior-knowledge requires that the underlying libcurl was
1291 built to support HTTP/2. This option overrides --http1.1 and -0,
1292 --http1.0 and --http2. Added in 7.49.0.
1293 --http2
1295 (HTTP) Tells curl to use HTTP version 2.
1296 See also --http1.1 and --http3. --http2 requires that the under‐
1298 lying libcurl was built to support HTTP/2. This option overrides
1299 --http1.1 and -0, --http1.0 and --http2-prior-knowledge. Added
1300 in 7.33.0.
1301 --http3
1303 (HTTP) WARNING: this option is experimental. Do not use in pro‐
1304 duction.
1305 Tells curl to use HTTP version 3 directly to the host and port
1307 number used in the URL. A normal HTTP/3 transaction will be done
1308 to a host and then get redirected via Alt-SVc, but this option
1309 allows a user to circumvent that when you know that the target
1310 speaks HTTP/3 on the given host and port.
1311 This option will make curl fail if a QUIC connection cannot be
1313 established, it cannot fall back to a lower HTTP version on its
1314 own.
1315 See also --http1.1 and --http2. --http3 requires that the under‐
1317 lying libcurl was built to support HTTP/3. This option overrides
1318 --http1.1 and -0, --http1.0 and --http2 and --http2-prior-knowl‐
1319 edge. Added in 7.66.0.
1320 --ignore-content-length
1322 (FTP HTTP) For HTTP, Ignore the Content-Length header. This is
1323 particularly useful for servers running Apache 1.x, which will
1324 report incorrect Content-Length for files larger than 2 giga‐
1325 bytes.
1326 For FTP (since 7.46.0), skip the RETR command to figure out the
1328 size before downloading a file.
1329 -i, --include
1331 Include the HTTP response headers in the output. The HTTP
1332 response headers can include things like server name, cookies,
1333 date of the document, HTTP version and more...
1334 To view the request headers, consider the -v, --verbose option.
1336 See also -v, --verbose.
1338 -k, --insecure
1340 (TLS) By default, every SSL connection curl makes is verified to
1341 be secure. This option allows curl to proceed and operate even
1342 for server connections otherwise considered insecure.
1343 The server connection is verified by making sure the server's
1345 certificate contains the right name and verifies successfully
1346 using the cert store.
1347 See this online resource for further details:
1349 https://curl.haxx.se/docs/sslcerts.html
1350 See also --proxy-insecure and --cacert.
1352 --interface <name>
1354 Perform an operation using a specified interface. You can enter
1356 interface name, IP address or host name. An example could look
1357 like:
1358 curl --interface eth0:1 https://www.example.com/
1360 If this option is used several times, the last one will be used.
1362 On Linux it can be used to specify a VRF, but the binary needs
1364 to either have CAP_NET_RAW or to be run as root. More informa‐
1365 tion about Linux VRF: https://www.kernel.org/doc/Documenta‐
1366 tion/networking/vrf.txt
1367 See also --dns-interface.
1369 -4, --ipv4
1371 This option tells curl to resolve names to IPv4 addresses only,
1372 and not for example try IPv6.
1373 See also --http1.1 and --http2. This option overrides -6,
1375 --ipv6.
1376 -6, --ipv6
1378 This option tells curl to resolve names to IPv6 addresses only,
1379 and not for example try IPv4.
1380 See also --http1.1 and --http2. This option overrides -4,
1382 --ipv4.
1383 -j, --junk-session-cookies
1385 (HTTP) When curl is told to read cookies from a given file, this
1386 option will make it discard all "session cookies". This will
1387 basically have the same effect as if a new session is started.
1388 Typical browsers always discard session cookies when they're
1389 closed down.
1390 See also -b, --cookie and -c, --cookie-jar.
1392 --keepalive-time <seconds>
1394 This option sets the time a connection needs to remain idle
1395 before sending keepalive probes and the time between individual
1396 keepalive probes. It is currently effective on operating systems
1397 offering the TCP_KEEPIDLE and TCP_KEEPINTVL socket options
1398 (meaning Linux, recent AIX, HP-UX and more). This option has no
1399 effect if --no-keepalive is used.
1400 If this option is used several times, the last one will be used.
1402 If unspecified, the option defaults to 60 seconds.
1403 Added in 7.18.0.
1405 --key-type <type>
1407 (TLS) Private key file type. Specify which type your --key pro‐
1408 vided private key is. DER, PEM, and ENG are supported. If not
1409 specified, PEM is assumed.
1410 If this option is used several times, the last one will be used.
1412 --key <key>
1414 (TLS SSH) Private key file name. Allows you to provide your pri‐
1415 vate key in this separate file. For SSH, if not specified, curl
1416 tries the following candidates in order: '~/.ssh/id_rsa',
1417 '~/.ssh/id_dsa', './id_rsa', './id_dsa'.
1418 If curl is built against OpenSSL library, and the engine pkcs11
1420 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
1421 ify a private key located in a PKCS#11 device. A string begin‐
1422 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
1423 PKCS#11 URI is provided, then the --engine option will be set as
1424 "pkcs11" if none was provided and the --key-type option will be
1425 set as "ENG" if none was provided.
1426 If this option is used several times, the last one will be used.
1428 --krb <level>
1430 (FTP) Enable Kerberos authentication and use. The level must be
1431 entered and should be one of 'clear', 'safe', 'confidential', or
1432 'private'. Should you use a level that is not one of these,
1433 'private' will instead be used.
1434 If this option is used several times, the last one will be used.
1436 --krb requires that the underlying libcurl was built to support
1438 Kerberos.
1439 --libcurl <file>
1441 Append this option to any ordinary curl command line, and you
1442 will get a libcurl-using C source code written to the file that
1443 does the equivalent of what your command-line operation does!
1444 If this option is used several times, the last given file name
1446 will be used.
1447 Added in 7.16.1.
1449 --limit-rate <speed>
1451 Specify the maximum transfer rate you want curl to use - for
1452 both downloads and uploads. This feature is useful if you have a
1453 limited pipe and you'd like your transfer not to use your entire
1454 bandwidth. To make it slower than it otherwise would be.
1455 The given speed is measured in bytes/second, unless a suffix is
1457 appended. Appending 'k' or 'K' will count the number as kilo‐
1458 bytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it
1459 gigabytes. Examples: 200K, 3m and 1G.
1460 If you also use the -Y, --speed-limit option, that option will
1462 take precedence and might cripple the rate-limiting slightly, to
1463 help keeping the speed-limit logic working.
1464 If this option is used several times, the last one will be used.
1466 -l, --list-only
1468 (FTP POP3) (FTP) When listing an FTP directory, this switch
1469 forces a name-only view. This is especially useful if the user
1470 wants to machine-parse the contents of an FTP directory since
1471 the normal directory view doesn't use a standard look or format.
1472 When used like this, the option causes a NLST command to be sent
1473 to the server instead of LIST.
1474 Note: Some FTP servers list only files in their response to
1476 NLST; they do not include sub-directories and symbolic links.
1477 (POP3) When retrieving a specific email from POP3, this switch
1479 forces a LIST command to be performed instead of RETR. This is
1480 particularly useful if the user wants to see if a specific mes‐
1481 sage id exists on the server and what size it is.
1482 Note: When combined with -X, --request, this option can be used
1484 to send an UIDL command instead, so the user may use the email's
1485 unique identifier rather than it's message id to make the
1486 request.
1487 Added in 7.21.5.
1489 --local-port <num/range>
1491 Set a preferred single number or range (FROM-TO) of local port
1492 numbers to use for the connection(s). Note that port numbers by
1493 nature are a scarce resource that will be busy at times so set‐
1494 ting this range to something too narrow might cause unnecessary
1495 connection setup failures.
1496 Added in 7.15.2.
1498 --location-trusted
1500 (HTTP) Like -L, --location, but will allow sending the name +
1501 password to all hosts that the site may redirect to. This may or
1502 may not introduce a security breach if the site redirects you to
1503 a site to which you'll send your authentication info (which is
1504 plaintext in the case of HTTP Basic authentication).
1505 See also -u, --user.
1507 -L, --location
1509 (HTTP) If the server reports that the requested page has moved
1510 to a different location (indicated with a Location: header and a
1511 3XX response code), this option will make curl redo the request
1512 on the new place. If used together with -i, --include or -I,
1513 --head, headers from all requested pages will be shown. When
1514 authentication is used, curl only sends its credentials to the
1515 initial host. If a redirect takes curl to a different host, it
1516 won't be able to intercept the user+password. See also --loca‐
1517 tion-trusted on how to change this. You can limit the amount of
1518 redirects to follow by using the --max-redirs option.
1519 When curl follows a redirect and if the request is a POST, it
1521 will do the following request with a GET if the HTTP response
1522 was 301, 302, or 303. If the response code was any other 3xx
1523 code, curl will re-send the following request using the same
1524 unmodified method.
1525 You can tell curl to not change POST requests to GET after a 30x
1527 response by using the dedicated options for that: --post301,
1528 --post302 and --post303.
1529 The method set with -X, --request overrides the method curl
1531 would otherwise select to use.
1532 --login-options <options>
1534 (IMAP POP3 SMTP) Specify the login options to use during server
1535 authentication.
1536 You can use the login options to specify protocol specific
1538 options that may be used during authentication. At present only
1539 IMAP, POP3 and SMTP support login options. For more information
1540 about the login options please see RFC 2384, RFC 5092 and IETF
1541 draft draft-earhart-url-smtp-00.txt
1542 If this option is used several times, the last one will be used.
1544 Added in 7.34.0.
1546 --mail-auth <address>
1548 (SMTP) Specify a single address. This will be used to specify
1549 the authentication address (identity) of a submitted message
1550 that is being relayed to another server.
1551 See also --mail-rcpt and --mail-from. Added in 7.25.0.
1553 --mail-from <address>
1555 (SMTP) Specify a single address that the given mail should get
1556 sent from.
1557 See also --mail-rcpt and --mail-auth. Added in 7.20.0.
1559 --mail-rcpt-allowfails
1561 (SMTP) When sending data to multiple recipients, by default curl
1562 will abort SMTP conversation if at least one of the recipients
1563 causes RCPT TO command to return an error.
1564 The default behavior can be changed by passing --mail-rcpt-
1566 allowfails command-line option which will make curl ignore
1567 errors and proceed with the remaining valid recipients.
1568 In case when all recipients cause RCPT TO command to fail, curl
1570 will abort SMTP conversation and return the error received from
1571 to the last RCPT TO command. Added in 7.69.0.
1572 --mail-rcpt <address>
1574 (SMTP) Specify a single address, user name or mailing list name.
1575 Repeat this option several times to send to multiple recipients.
1576 When performing a mail transfer, the recipient should specify a
1578 valid email address to send the mail to.
1579 When performing an address verification (VRFY command), the
1581 recipient should be specified as the user name or user name and
1582 domain (as per Section 3.5 of RFC5321). (Added in 7.34.0)
1583 When performing a mailing list expand (EXPN command), the recip‐
1585 ient should be specified using the mailing list name, such as
1586 "Friends" or "London-Office". (Added in 7.34.0)
1587 Added in 7.20.0.
1589 -M, --manual
1591 Manual. Display the huge help text.
1592 --max-filesize <bytes>
1594 Specify the maximum size (in bytes) of a file to download. If
1595 the file requested is larger than this value, the transfer will
1596 not start and curl will return with exit code 63.
1597 A size modifier may be used. For example, Appending 'k' or 'K'
1599 will count the number as kilobytes, 'm' or 'M' makes it
1600 megabytes, while 'g' or 'G' makes it gigabytes. Examples: 200K,
1601 3m and 1G. (Added in 7.58.0)
1602 NOTE: The file size is not always known prior to download, and
1604 for such files this option has no effect even if the file trans‐
1605 fer ends up being larger than this given limit. This concerns
1606 both FTP and HTTP transfers.
1607 See also --limit-rate.
1609 --max-redirs <num>
1611 (HTTP) Set maximum number of redirection-followings allowed.
1612 When -L, --location is used, is used to prevent curl from fol‐
1613 lowing redirections too much. By default, the limit is set to 50
1614 redirections. Set this option to -1 to make it unlimited.
1615 If this option is used several times, the last one will be used.
1617 -m, --max-time <seconds>
1619 Maximum time in seconds that you allow the whole operation to
1620 take. This is useful for preventing your batch jobs from hang‐
1621 ing for hours due to slow networks or links going down. Since
1622 7.32.0, this option accepts decimal values, but the actual time‐
1623 out will decrease in accuracy as the specified timeout increases
1624 in decimal precision.
1625 If this option is used several times, the last one will be used.
1627 See also --connect-timeout.
1629 --metalink
1631 This option can tell curl to parse and process a given URI as
1632 Metalink file (both version 3 and 4 (RFC 5854) are supported)
1633 and make use of the mirrors listed within for failover if there
1634 are errors (such as the file or server not being available). It
1635 will also verify the hash of the file after the download com‐
1636 pletes. The Metalink file itself is downloaded and processed in
1637 memory and not stored in the local file system.
1638 Example to use a remote Metalink file:
1640 curl --metalink http://www.example.com/example.metalink
1642 To use a Metalink file in the local file system, use FILE proto‐
1644 col (file://):
1645 curl --metalink file://example.metalink
1647 Please note that if FILE protocol is disabled, there is no way
1649 to use a local Metalink file at the time of this writing. Also
1650 note that if --metalink and -i, --include are used together,
1651 --include will be ignored. This is because including headers in
1652 the response will break Metalink parser and if the headers are
1653 included in the file described in Metalink file, hash check will
1654 fail.
1655 --metalink requires that the underlying libcurl was built to
1657 support metalink. Added in 7.27.0.
1658 --negotiate
1660 (HTTP) Enables Negotiate (SPNEGO) authentication.
1661 This option requires a library built with GSS-API or SSPI sup‐
1663 port. Use -V, --version to see if your curl supports GSS-
1664 API/SSPI or SPNEGO.
1665 When using this option, you must also provide a fake -u, --user
1667 option to activate the authentication code properly. Sending a
1668 '-u :' is enough as the user name and password from the -u,
1669 --user option aren't actually used.
1670 If this option is used several times, only the first one is
1672 used.
1673 See also --basic and --ntlm and --anyauth and --proxy-negotiate.
1675 --netrc-file <filename>
1677 This option is similar to -n, --netrc, except that you provide
1678 the path (absolute or relative) to the netrc file that curl
1679 should use. You can only specify one netrc file per invocation.
1680 If several --netrc-file options are provided, the last one will
1681 be used.
1682 It will abide by --netrc-optional if specified.
1684 This option overrides -n, --netrc. Added in 7.21.5.
1686 --netrc-optional
1688 Very similar to -n, --netrc, but this option makes the .netrc
1689 usage optional and not mandatory as the -n, --netrc option does.
1690 See also --netrc-file. This option overrides -n, --netrc.
1692 -n, --netrc
1694 Makes curl scan the .netrc (_netrc on Windows) file in the
1695 user's home directory for login name and password. This is typi‐
1696 cally used for FTP on Unix. If used with HTTP, curl will enable
1697 user authentication. See netrc(5) ftp(1) for details on the file
1698 format. Curl will not complain if that file doesn't have the
1699 right permissions (it should not be either world- or group-read‐
1700 able). The environment variable "HOME" is used to find the home
1701 directory.
1702 A quick and very simple example of how to setup a .netrc to
1704 allow curl to FTP to the machine host.domain.com with user name
1705 'myself' and password 'secret' should look similar to:
1706 machine host.domain.com login myself password secret
1708 -:, --next
1710 Tells curl to use a separate operation for the following URL and
1711 associated options. This allows you to send several URL
1712 requests, each with their own specific options, for example,
1713 such as different user names or custom requests for each.
1714 -:, --next will reset all local options and only global ones
1716 will have their values survive over to the operation following
1717 the -:, --next instruction. Global options include -v, --ver‐
1718 bose, --trace, --trace-ascii and --fail-early.
1719 For example, you can do both a GET and a POST in a single com‐
1721 mand line:
1722 curl www1.example.com --next -d postthis www2.example.com
1724 Added in 7.36.0.
1726 --no-alpn
1728 (HTTPS) Disable the ALPN TLS extension. ALPN is enabled by
1729 default if libcurl was built with an SSL library that supports
1730 ALPN. ALPN is used by a libcurl that supports HTTP/2 to negoti‐
1731 ate HTTP/2 support with the server during https sessions.
1732 See also --no-npn and --http2. --no-alpn requires that the
1734 underlying libcurl was built to support TLS. Added in 7.36.0.
1735 -N, --no-buffer
1737 Disables the buffering of the output stream. In normal work sit‐
1738 uations, curl will use a standard buffered output stream that
1739 will have the effect that it will output the data in chunks, not
1740 necessarily exactly when the data arrives. Using this option
1741 will disable that buffering.
1742 Note that this is the negated option name documented. You can
1744 thus use --buffer to enforce the buffering.
1745 --no-keepalive
1747 Disables the use of keepalive messages on the TCP connection.
1748 curl otherwise enables them by default.
1749 Note that this is the negated option name documented. You can
1751 thus use --keepalive to enforce keepalive.
1752 --no-npn
1754 (HTTPS) Disable the NPN TLS extension. NPN is enabled by default
1755 if libcurl was built with an SSL library that supports NPN. NPN
1756 is used by a libcurl that supports HTTP/2 to negotiate HTTP/2
1757 support with the server during https sessions.
1758 See also --no-alpn and --http2. --no-npn requires that the
1760 underlying libcurl was built to support TLS. Added in 7.36.0.
1761 --no-progress-meter
1763 Option to switch off the progress meter output without muting or
1764 otherwise affecting warning and informational messages like -s,
1765 --silent does.
1766 Note that this is the negated option name documented. You can
1768 thus use --progress-meter to enable the progress meter again.
1769 See also -v, --verbose and -s, --silent. Added in 7.67.0.
1771 --no-sessionid
1773 (TLS) Disable curl's use of SSL session-ID caching. By default
1774 all transfers are done using the cache. Note that while nothing
1775 should ever get hurt by attempting to reuse SSL session-IDs,
1776 there seem to be broken SSL implementations in the wild that may
1777 require you to disable this in order for you to succeed.
1778 Note that this is the negated option name documented. You can
1780 thus use --sessionid to enforce session-ID caching.
1781 Added in 7.16.0.
1783 --noproxy <no-proxy-list>
1785 Comma-separated list of hosts which do not use a proxy, if one
1786 is specified. The only wildcard is a single * character, which
1787 matches all hosts, and effectively disables the proxy. Each name
1788 in this list is matched as either a domain which contains the
1789 hostname, or the hostname itself. For example, local.com would
1790 match local.com, local.com:80, and www.local.com, but not
1791 www.notlocal.com.
1792 Since 7.53.0, This option overrides the environment variables
1794 that disable the proxy. If there's an environment variable dis‐
1795 abling a proxy, you can set noproxy list to "" to override it.
1796 Added in 7.19.4.
1798 --ntlm-wb
1800 (HTTP) Enables NTLM much in the style --ntlm does, but hand over
1801 the authentication to the separate binary ntlmauth application
1802 that is executed when needed.
1803 See also --ntlm and --proxy-ntlm.
1805 --ntlm (HTTP) Enables NTLM authentication. The NTLM authentication
1807 method was designed by Microsoft and is used by IIS web servers.
1808 It is a proprietary protocol, reverse-engineered by clever peo‐
1809 ple and implemented in curl based on their efforts. This kind of
1810 behavior should not be endorsed, you should encourage everyone
1811 who uses NTLM to switch to a public and documented authentica‐
1812 tion method instead, such as Digest.
1813 If you want to enable NTLM for your proxy authentication, then
1815 use --proxy-ntlm.
1816 If this option is used several times, only the first one is
1818 used.
1819 See also --proxy-ntlm. --ntlm requires that the underlying
1821 libcurl was built to support TLS. This option overrides --basic
1822 and --negotiate and --digest and --anyauth.
1823 --oauth2-bearer <token>
1825 (IMAP POP3 SMTP HTTP) Specify the Bearer Token for OAUTH 2.0
1826 server authentication. The Bearer Token is used in conjunction
1827 with the user name which can be specified as part of the --url
1828 or -u, --user options.
1829 The Bearer Token and user name are formatted according to RFC
1831 6750.
1832 If this option is used several times, the last one will be used.
1834 -o, --output <file>
1836 Write output to <file> instead of stdout. If you are using {} or
1837 [] to fetch multiple documents, you can use '#' followed by a
1838 number in the <file> specifier. That variable will be replaced
1839 with the current string for the URL being fetched. Like in:
1840 curl http://{one,two}.example.com -o "file_#1.txt"
1842 or use several variables like:
1844 curl http://{site,host}.host[1-5].com -o "#1_#2"
1846 You may use this option as many times as the number of URLs you
1848 have. For example, if you specify two URLs on the same command
1849 line, you can use it like this:
1850 curl -o aa example.com -o bb example.net
1852 and the order of the -o options and the URLs doesn't matter,
1854 just that the first -o is for the first URL and so on, so the
1855 above command line can also be written as
1856 curl example.com example.net -o aa -o bb
1858 See also the --create-dirs option to create the local directo‐
1860 ries dynamically. Specifying the output as '-' (a single dash)
1861 will force the output to be done to stdout.
1862 See also -O, --remote-name and --remote-name-all and -J,
1864 --remote-header-name.
1865 --parallel-immediate
1867 When doing parallel transfers, this option will instruct curl
1868 that it should rather prefer opening up more connections in par‐
1869 allel at once rather than waiting to see if new transfers can be
1870 added as multiplexed streams on another connection.
1871 See also -Z, --parallel and --parallel-max. Added in 7.68.0.
1873 --parallel-max
1875 When asked to do parallel transfers, using -Z, --parallel, this
1876 option controls the maximum amount of transfers to do simultane‐
1877 ously.
1878 The default is 50.
1880 See also -Z, --parallel. Added in 7.66.0.
1882 -Z, --parallel
1884 Makes curl perform its transfers in parallel as compared to the
1885 regular serial manner.
1886 Added in 7.66.0.
1888 --pass <phrase>
1890 (SSH TLS) Passphrase for the private key
1891 If this option is used several times, the last one will be used.
1893 --path-as-is
1895 Tell curl to not handle sequences of /../ or /./ in the given
1896 URL path. Normally curl will squash or merge them according to
1897 standards but with this option set you tell it not to do that.
1898 Added in 7.42.0.
1900 --pinnedpubkey <hashes>
1902 (TLS) Tells curl to use the specified public key file (or
1903 hashes) to verify the peer. This can be a path to a file which
1904 contains a single public key in PEM or DER format, or any number
1905 of base64 encoded sha256 hashes preceded by ´sha256//´ and sepa‐
1906 rated by ´;´
1907 When negotiating a TLS or SSL connection, the server sends a
1909 certificate indicating its identity. A public key is extracted
1910 from this certificate and if it does not exactly match the pub‐
1911 lic key provided to this option, curl will abort the connection
1912 before sending or receiving any data.
1913 PEM/DER support:
1915 7.39.0: OpenSSL, GnuTLS and GSKit
1916 7.43.0: NSS and wolfSSL
1917 7.47.0: mbedtls sha256 support:
1918 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL
1919 7.47.0: mbedtls Other SSL backends not supported.
1920 If this option is used several times, the last one will be used.
1922 --post301
1924 (HTTP) Tells curl to respect RFC 7231/6.4.2 and not convert POST
1925 requests into GET requests when following a 301 redirection. The
1926 non-RFC behaviour is ubiquitous in web browsers, so curl does
1927 the conversion by default to maintain consistency. However, a
1928 server may require a POST to remain a POST after such a redi‐
1929 rection. This option is meaningful only when using -L, --loca‐
1930 tion.
1931 See also --post302 and --post303 and -L, --location. Added in
1933 7.17.1.
1934 --post302
1936 (HTTP) Tells curl to respect RFC 7231/6.4.3 and not convert POST
1937 requests into GET requests when following a 302 redirection. The
1938 non-RFC behaviour is ubiquitous in web browsers, so curl does
1939 the conversion by default to maintain consistency. However, a
1940 server may require a POST to remain a POST after such a redi‐
1941 rection. This option is meaningful only when using -L, --loca‐
1942 tion.
1943 See also --post301 and --post303 and -L, --location. Added in
1945 7.19.1.
1946 --post303
1948 (HTTP) Tells curl to violate RFC 7231/6.4.4 and not convert POST
1949 requests into GET requests when following 303 redirections. A
1950 server may require a POST to remain a POST after a 303 redirect‐
1951 ion. This option is meaningful only when using -L, --location.
1952 See also --post302 and --post301 and -L, --location. Added in
1954 7.26.0.
1955 --preproxy [protocol://]host[:port]
1957 Use the specified SOCKS proxy before connecting to an HTTP or
1958 HTTPS -x, --proxy. In such a case curl first connects to the
1959 SOCKS proxy and then connects (through SOCKS) to the HTTP or
1960 HTTPS proxy. Hence pre proxy.
1961 The pre proxy string should be specified with a protocol:// pre‐
1963 fix to specify alternative proxy protocols. Use socks4://,
1964 socks4a://, socks5:// or socks5h:// to request the specific
1965 SOCKS version to be used. No protocol specified will make curl
1966 default to SOCKS4.
1967 If the port number is not specified in the proxy string, it is
1969 assumed to be 1080.
1970 User and password that might be provided in the proxy string are
1972 URL decoded by curl. This allows you to pass in special charac‐
1973 ters such as @ by using %40 or pass in a colon with %3a.
1974 If this option is used several times, the last one will be used.
1976 Added in 7.52.0.
1978 -#, --progress-bar
1980 Make curl display transfer progress as a simple progress bar
1981 instead of the standard, more informational, meter.
1982 This progress bar draws a single line of '#' characters across
1984 the screen and shows a percentage if the transfer size is known.
1985 For transfers without a known size, there will be space ship
1986 (-=o=-) that moves back and forth but only while data is being
1987 transferred, with a set of flying hash sign symbols on top.
1988 --proto-default <protocol>
1990 Tells curl to use protocol for any URL missing a scheme name.
1991 Example:
1993 curl --proto-default https ftp.mozilla.org
1995 An unknown or unsupported protocol causes error CURLE_UNSUP‐
1997 PORTED_PROTOCOL (1).
1998 This option does not change the default proxy protocol (http).
2000 Without this option curl would make a guess based on the host,
2002 see --url for details.
2003 Added in 7.45.0.
2005 --proto-redir <protocols>
2007 Tells curl to limit what protocols it may use on redirect. Pro‐
2008 tocols denied by --proto are not overridden by this option. See
2009 --proto for how protocols are represented.
2010 Example, allow only HTTP and HTTPS on redirect:
2012 curl --proto-redir -all,http,https http://example.com
2014 By default curl will allow HTTP, HTTPS, FTP and FTPS on redirect
2016 (7.65.2). Older versions of curl allowed all protocols on redi‐
2017 rect except several disabled for security reasons: Since 7.19.4
2018 FILE and SCP are disabled, and since 7.40.0 SMB and SMBS are
2019 also disabled. Specifying all or +all enables all protocols on
2020 redirect, including those disabled for security.
2021 Added in 7.20.2.
2023 --proto <protocols>
2025 Tells curl to limit what protocols it may use in the transfer.
2026 Protocols are evaluated left to right, are comma separated, and
2027 are each a protocol name or 'all', optionally prefixed by zero
2028 or more modifiers. Available modifiers are:
2029 + Permit this protocol in addition to protocols already permit‐
2031 ted (this is the default if no modifier is used).
2032 - Deny this protocol, removing it from the list of protocols
2034 already permitted.
2035 = Permit only this protocol (ignoring the list already permit‐
2037 ted), though subject to later modification by subsequent
2038 entries in the comma separated list.
2039 For example:
2041 --proto -ftps uses the default protocols, but disables ftps
2043 --proto -all,https,+http
2045 only enables http and https
2046 --proto =http,https
2048 also only enables http and https
2049 Unknown protocols produce a warning. This allows scripts to safely rely
2051 on being able to disable potentially dangerous protocols, without rely‐
2052 ing upon support for that protocol being built into curl to avoid an
2053 error.
2054 This option can be used multiple times, in which case the effect is the
2056 same as concatenating the protocols into one instance of the option.
2057 See also --proto-redir and --proto-default. Added in 7.20.2.
2059 --proxy-anyauth
2061 Tells curl to pick a suitable authentication method when commu‐
2062 nicating with the given HTTP proxy. This might cause an extra
2063 request/response round-trip.
2064 See also -x, --proxy and --proxy-basic and --proxy-digest. Added
2066 in 7.13.2.
2067 --proxy-basic
2069 Tells curl to use HTTP Basic authentication when communicating
2070 with the given proxy. Use --basic for enabling HTTP Basic with a
2071 remote host. Basic is the default authentication method curl
2072 uses with proxies.
2073 See also -x, --proxy and --proxy-anyauth and --proxy-digest.
2075 --proxy-cacert <file>
2077 Same as --cacert but used in HTTPS proxy context.
2078 See also --proxy-capath and --cacert and --capath and -x,
2080 --proxy. Added in 7.52.0.
2081 --proxy-capath <dir>
2083 Same as --capath but used in HTTPS proxy context.
2084 See also --proxy-cacert and -x, --proxy and --capath. Added in
2086 7.52.0.
2087 --proxy-cert-type <type>
2089 Same as --cert-type but used in HTTPS proxy context.
2090 Added in 7.52.0.
2092 --proxy-cert <cert[:passwd]>
2094 Same as -E, --cert but used in HTTPS proxy context.
2095 Added in 7.52.0.
2097 --proxy-ciphers <list>
2099 Same as --ciphers but used in HTTPS proxy context.
2100 Added in 7.52.0.
2102 --proxy-crlfile <file>
2104 Same as --crlfile but used in HTTPS proxy context.
2105 Added in 7.52.0.
2107 --proxy-digest
2109 Tells curl to use HTTP Digest authentication when communicating
2110 with the given proxy. Use --digest for enabling HTTP Digest with
2111 a remote host.
2112 See also -x, --proxy and --proxy-anyauth and --proxy-basic.
2114 --proxy-header <header/@file>
2116 (HTTP) Extra header to include in the request when sending HTTP
2117 to a proxy. You may specify any number of extra headers. This is
2118 the equivalent option to -H, --header but is for proxy communi‐
2119 cation only like in CONNECT requests when you want a separate
2120 header sent to the proxy to what is sent to the actual remote
2121 host.
2122 curl will make sure that each header you add/replace is sent
2124 with the proper end-of-line marker, you should thus not add that
2125 as a part of the header content: do not add newlines or carriage
2126 returns, they will only mess things up for you.
2127 Headers specified with this option will not be included in
2129 requests that curl knows will not be sent to a proxy.
2130 Starting in 7.55.0, this option can take an argument in @file‐
2132 name style, which then adds a header for each line in the input
2133 file. Using @- will make curl read the header file from stdin.
2134 This option can be used multiple times to add/replace/remove
2136 multiple headers.
2137 Added in 7.37.0.
2139 --proxy-insecure
2141 Same as -k, --insecure but used in HTTPS proxy context.
2142 Added in 7.52.0.
2144 --proxy-key-type <type>
2146 Same as --key-type but used in HTTPS proxy context.
2147 Added in 7.52.0.
2149 --proxy-key <key>
2151 Same as --key but used in HTTPS proxy context.
2152 --proxy-negotiate
2154 Tells curl to use HTTP Negotiate (SPNEGO) authentication when
2155 communicating with the given proxy. Use --negotiate for enabling
2156 HTTP Negotiate (SPNEGO) with a remote host.
2157 See also --proxy-anyauth and --proxy-basic. Added in 7.17.1.
2159 --proxy-ntlm
2161 Tells curl to use HTTP NTLM authentication when communicating
2162 with the given proxy. Use --ntlm for enabling NTLM with a remote
2163 host.
2164 See also --proxy-negotiate and --proxy-anyauth.
2166 --proxy-pass <phrase>
2168 Same as --pass but used in HTTPS proxy context.
2169 Added in 7.52.0.
2171 --proxy-pinnedpubkey <hashes>
2173 (TLS) Tells curl to use the specified public key file (or
2174 hashes) to verify the proxy. This can be a path to a file which
2175 contains a single public key in PEM or DER format, or any number
2176 of base64 encoded sha256 hashes preceded by ´sha256//´ and sepa‐
2177 rated by ´;´
2178 When negotiating a TLS or SSL connection, the server sends a
2180 certificate indicating its identity. A public key is extracted
2181 from this certificate and if it does not exactly match the pub‐
2182 lic key provided to this option, curl will abort the connection
2183 before sending or receiving any data.
2184 If this option is used several times, the last one will be used.
2186 --proxy-service-name <name>
2188 This option allows you to change the service name for proxy
2189 negotiation.
2190 Added in 7.43.0.
2192 --proxy-ssl-allow-beast
2194 Same as --ssl-allow-beast but used in HTTPS proxy context.
2195 Added in 7.52.0.
2197 --proxy-tls13-ciphers <ciphersuite list>
2199 (TLS) Specifies which cipher suites to use in the connection to
2200 your HTTPS proxy when it negotiates TLS 1.3. The list of ciphers
2201 suites must specify valid ciphers. Read up on TLS 1.3 cipher
2202 suite details on this URL:
2203 https://curl.haxx.se/docs/ssl-ciphers.html
2205 This option is currently used only when curl is built to use
2207 OpenSSL 1.1.1 or later. If you are using a different SSL backend
2208 you can try setting TLS 1.3 cipher suites by using the --proxy-
2209 ciphers option.
2210 If this option is used several times, the last one will be used.
2212 --proxy-tlsauthtype <type>
2214 Same as --tlsauthtype but used in HTTPS proxy context.
2215 Added in 7.52.0.
2217 --proxy-tlspassword <string>
2219 Same as --tlspassword but used in HTTPS proxy context.
2220 Added in 7.52.0.
2222 --proxy-tlsuser <name>
2224 Same as --tlsuser but used in HTTPS proxy context.
2225 Added in 7.52.0.
2227 --proxy-tlsv1
2229 Same as -1, --tlsv1 but used in HTTPS proxy context.
2230 Added in 7.52.0.
2232 -U, --proxy-user <user:password>
2234 Specify the user name and password to use for proxy authentica‐
2235 tion.
2236 If you use a Windows SSPI-enabled curl binary and do either
2238 Negotiate or NTLM authentication then you can tell curl to
2239 select the user name and password from your environment by spec‐
2240 ifying a single colon with this option: "-U :".
2241 On systems where it works, curl will hide the given option argu‐
2243 ment from process listings. This is not enough to protect cre‐
2244 dentials from possibly getting seen by other users on the same
2245 system as they will still be visible for a brief moment before
2246 cleared. Such sensitive data should be retrieved from a file
2247 instead or similar and never used in clear text in a command
2248 line.
2249 If this option is used several times, the last one will be used.
2251 -x, --proxy [protocol://]host[:port]
2253 Use the specified proxy.
2254 The proxy string can be specified with a protocol:// prefix. No
2256 protocol specified or http:// will be treated as HTTP proxy. Use
2257 socks4://, socks4a://, socks5:// or socks5h:// to request a spe‐
2258 cific SOCKS version to be used. (The protocol support was added
2259 in curl 7.21.7)
2260 HTTPS proxy support via https:// protocol prefix was added in
2262 7.52.0 for OpenSSL, GnuTLS and NSS.
2263 Unrecognized and unsupported proxy protocols cause an error
2265 since 7.52.0. Prior versions may ignore the protocol and use
2266 http:// instead.
2267 If the port number is not specified in the proxy string, it is
2269 assumed to be 1080.
2270 This option overrides existing environment variables that set
2272 the proxy to use. If there's an environment variable setting a
2273 proxy, you can set proxy to "" to override it.
2274 All operations that are performed over an HTTP proxy will trans‐
2276 parently be converted to HTTP. It means that certain protocol
2277 specific operations might not be available. This is not the case
2278 if you can tunnel through the proxy, as one with the -p, --prox‐
2279 ytunnel option.
2280 User and password that might be provided in the proxy string are
2282 URL decoded by curl. This allows you to pass in special charac‐
2283 ters such as @ by using %40 or pass in a colon with %3a.
2284 The proxy host can be specified the exact same way as the proxy
2286 environment variables, including the protocol prefix (http://)
2287 and the embedded user + password.
2288 If this option is used several times, the last one will be used.
2290 --proxy1.0 <host[:port]>
2292 Use the specified HTTP 1.0 proxy. If the port number is not
2293 specified, it is assumed at port 1080.
2294 The only difference between this and the HTTP proxy option -x,
2296 --proxy, is that attempts to use CONNECT through the proxy will
2297 specify an HTTP 1.0 protocol instead of the default HTTP 1.1.
2298 -p, --proxytunnel
2300 When an HTTP proxy is used -x, --proxy, this option will make
2301 curl tunnel through the proxy. The tunnel approach is made with
2302 the HTTP proxy CONNECT request and requires that the proxy
2303 allows direct connect to the remote port number curl wants to
2304 tunnel through to.
2305 To suppress proxy CONNECT response headers when curl is set to
2307 output headers use --suppress-connect-headers.
2308 See also -x, --proxy.
2310 --pubkey <key>
2312 (SFTP SCP) Public key file name. Allows you to provide your pub‐
2313 lic key in this separate file.
2314 If this option is used several times, the last one will be used.
2316 (As of 7.39.0, curl attempts to automatically extract the public
2318 key from the private key file, so passing this option is gener‐
2319 ally not required. Note that this public key extraction requires
2320 libcurl to be linked against a copy of libssh2 1.2.8 or higher
2321 that is itself linked against OpenSSL.)
2322 -Q, --quote
2324 (FTP SFTP) Send an arbitrary command to the remote FTP or SFTP
2325 server. Quote commands are sent BEFORE the transfer takes place
2326 (just after the initial PWD command in an FTP transfer, to be
2327 exact). To make commands take place after a successful transfer,
2328 prefix them with a dash '-'. To make commands be sent after
2329 curl has changed the working directory, just before the transfer
2330 command(s), prefix the command with a '+' (this is only sup‐
2331 ported for FTP). You may specify any number of commands.
2332 If the server returns failure for one of the commands, the
2334 entire operation will be aborted. You must send syntactically
2335 correct FTP commands as RFC 959 defines to FTP servers, or one
2336 of the commands listed below to SFTP servers.
2337 Prefix the command with an asterisk (*) to make curl continue
2339 even if the command fails as by default curl will stop at first
2340 failure.
2341 This option can be used multiple times.
2343 SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP
2345 quote commands itself before sending them to the server. File
2346 names may be quoted shell-style to embed spaces or special char‐
2347 acters. Following is the list of all supported SFTP quote com‐
2348 mands:
2349 chgrp group file
2351 The chgrp command sets the group ID of the file named by
2352 the file operand to the group ID specified by the group
2353 operand. The group operand is a decimal integer group ID.
2354 chmod mode file
2356 The chmod command modifies the file mode bits of the
2357 specified file. The mode operand is an octal integer mode
2358 number.
2359 chown user file
2361 The chown command sets the owner of the file named by the
2362 file operand to the user ID specified by the user oper‐
2363 and. The user operand is a decimal integer user ID.
2364 ln source_file target_file
2366 The ln and symlink commands create a symbolic link at the
2367 target_file location pointing to the source_file loca‐
2368 tion.
2369 mkdir directory_name
2371 The mkdir command creates the directory named by the
2372 directory_name operand.
2373 pwd The pwd command returns the absolute pathname of the cur‐
2375 rent working directory.
2376 rename source target
2378 The rename command renames the file or directory named by
2379 the source operand to the destination path named by the
2380 target operand.
2381 rm file
2383 The rm command removes the file specified by the file op‐
2384 erand.
2385 rmdir directory
2387 The rmdir command removes the directory entry specified
2388 by the directory operand, provided it is empty.
2389 symlink source_file target_file
2391 See ln.
2392 --random-file <file>
2394 Specify the path name to file containing what will be considered
2395 as random data. The data may be used to seed the random engine
2396 for SSL connections. See also the --egd-file option.
2397 -r, --range <range>
2399 (HTTP FTP SFTP FILE) Retrieve a byte range (i.e. a partial docu‐
2400 ment) from an HTTP/1.1, FTP or SFTP server or a local FILE.
2401 Ranges can be specified in a number of ways.
2402 0-499 specifies the first 500 bytes
2404 500-999 specifies the second 500 bytes
2406 -500 specifies the last 500 bytes
2408 9500- specifies the bytes from offset 9500 and forward
2410 0-0,-1 specifies the first and last byte only(*)(HTTP)
2412 100-199,500-599
2414 specifies two separate 100-byte ranges(*) (HTTP)
2415 (*) = NOTE that this will cause the server to reply with a mul‐
2417 tipart response!
2418 Only digit characters (0-9) are valid in the 'start' and 'stop'
2420 fields of the 'start-stop' range syntax. If a non-digit charac‐
2421 ter is given in the range, the server's response will be unspec‐
2422 ified, depending on the server's configuration.
2423 You should also be aware that many HTTP/1.1 servers do not have
2425 this feature enabled, so that when you attempt to get a range,
2426 you'll instead get the whole document.
2427 FTP and SFTP range downloads only support the simple 'start-
2429 stop' syntax (optionally with one of the numbers omitted). FTP
2430 use depends on the extended FTP command SIZE.
2431 If this option is used several times, the last one will be used.
2433 --raw (HTTP) When used, it disables all internal HTTP decoding of con‐
2435 tent or transfer encodings and instead makes them passed on
2436 unaltered, raw.
2437 Added in 7.16.2.
2439 -e, --referer <URL>
2441 (HTTP) Sends the "Referrer Page" information to the HTTP server.
2442 This can also be set with the -H, --header flag of course. When
2443 used with -L, --location you can append ";auto" to the -e,
2444 --referer URL to make curl automatically set the previous URL
2445 when it follows a Location: header. The ";auto" string can be
2446 used alone, even if you don't set an initial -e, --referer.
2447 If this option is used several times, the last one will be used.
2449 See also -A, --user-agent and -H, --header.
2451 -J, --remote-header-name
2453 (HTTP) This option tells the -O, --remote-name option to use the
2454 server-specified Content-Disposition filename instead of
2455 extracting a filename from the URL.
2456 If the server specifies a file name and a file with that name
2458 already exists in the current working directory it will not be
2459 overwritten and an error will occur. If the server doesn't spec‐
2460 ify a file name then this option has no effect.
2461 There's no attempt to decode %-sequences (yet) in the provided
2463 file name, so this option may provide you with rather unexpected
2464 file names.
2465 WARNING: Exercise judicious use of this option, especially on
2467 Windows. A rogue server could send you the name of a DLL or
2468 other file that could possibly be loaded automatically by Win‐
2469 dows or some third party software.
2470 --remote-name-all
2472 This option changes the default action for all given URLs to be
2473 dealt with as if -O, --remote-name were used for each one. So if
2474 you want to disable that for a specific URL after --remote-name-
2475 all has been used, you must use "-o -" or --no-remote-name.
2476 Added in 7.19.0.
2478 -O, --remote-name
2480 Write output to a local file named like the remote file we get.
2481 (Only the file part of the remote file is used, the path is cut
2482 off.)
2483 The file will be saved in the current working directory. If you
2485 want the file saved in a different directory, make sure you
2486 change the current working directory before invoking curl with
2487 this option.
2488 The remote file name to use for saving is extracted from the
2490 given URL, nothing else, and if it already exists it will be
2491 overwritten. If you want the server to be able to choose the
2492 file name refer to -J, --remote-header-name which can be used in
2493 addition to this option. If the server chooses a file name and
2494 that name already exists it will not be overwritten.
2495 There is no URL decoding done on the file name. If it has %20 or
2497 other URL encoded parts of the name, they will end up as-is as
2498 file name.
2499 You may use this option as many times as the number of URLs you
2501 have.
2502 -R, --remote-time
2504 When used, this will make curl attempt to figure out the time‐
2505 stamp of the remote file, and if that is available make the
2506 local file get that same timestamp.
2507 --request-target
2509 (HTTP) Tells curl to use an alternative "target" (path) instead
2510 of using the path as provided in the URL. Particularly useful
2511 when wanting to issue HTTP requests without leading slash or
2512 other data that doesn't follow the regular URL pattern, like
2513 "OPTIONS *".
2514 Added in 7.55.0.
2516 -X, --request <command>
2518 (HTTP) Specifies a custom request method to use when communicat‐
2519 ing with the HTTP server. The specified request method will be
2520 used instead of the method otherwise used (which defaults to
2521 GET). Read the HTTP 1.1 specification for details and explana‐
2522 tions. Common additional HTTP requests include PUT and DELETE,
2523 but related technologies like WebDAV offers PROPFIND, COPY, MOVE
2524 and more.
2525 Normally you don't need this option. All sorts of GET, HEAD,
2527 POST and PUT requests are rather invoked by using dedicated com‐
2528 mand line options.
2529 This option only changes the actual word used in the HTTP
2531 request, it does not alter the way curl behaves. So for example
2532 if you want to make a proper HEAD request, using -X HEAD will
2533 not suffice. You need to use the -I, --head option.
2534 The method string you set with -X, --request will be used for
2536 all requests, which if you for example use -L, --location may
2537 cause unintended side-effects when curl doesn't change request
2538 method according to the HTTP 30x response codes - and similar.
2539 (FTP) Specifies a custom FTP command to use instead of LIST when
2541 doing file lists with FTP.
2542 (POP3) Specifies a custom POP3 command to use instead of LIST or
2544 RETR. (Added in 7.26.0)
2545 (IMAP) Specifies a custom IMAP command to use instead of LIST.
2547 (Added in 7.30.0)
2548 (SMTP) Specifies a custom SMTP command to use instead of HELP or
2550 VRFY. (Added in 7.34.0)
2551 If this option is used several times, the last one will be used.
2553 --resolve <host:port:address[,address]...>
2555 Provide a custom address for a specific host and port pair.
2556 Using this, you can make the curl requests(s) use a specified
2557 address and prevent the otherwise normally resolved address to
2558 be used. Consider it a sort of /etc/hosts alternative provided
2559 on the command line. The port number should be the number used
2560 for the specific protocol the host will be used for. It means
2561 you need several entries if you want to provide address for the
2562 same host but different ports.
2563 By specifying '*' as host you can tell curl to resolve any host
2565 and specific port pair to the specified address. Wildcard is
2566 resolved last so any --resolve with a specific host and port
2567 will be used first.
2568 The provided address set by this option will be used even if -4,
2570 --ipv4 or -6, --ipv6 is set to make curl use another IP version.
2571 Support for providing the IP address within [brackets] was added
2573 in 7.57.0.
2574 Support for providing multiple IP addresses per entry was added
2576 in 7.59.0.
2577 Support for resolving with wildcard was added in 7.64.0.
2579 This option can be used many times to add many host names to
2581 resolve.
2582 Added in 7.21.3.
2584 --retry-connrefused
2586 In addition to the other conditions, consider ECONNREFUSED as a
2587 transient error too for --retry. This option is used together
2588 with --retry.
2589 Added in 7.52.0.
2591 --retry-delay <seconds>
2593 Make curl sleep this amount of time before each retry when a
2594 transfer has failed with a transient error (it changes the
2595 default backoff time algorithm between retries). This option is
2596 only interesting if --retry is also used. Setting this delay to
2597 zero will make curl use the default backoff time.
2598 If this option is used several times, the last one will be used.
2600 Added in 7.12.3.
2602 --retry-max-time <seconds>
2604 The retry timer is reset before the first transfer attempt.
2605 Retries will be done as usual (see --retry) as long as the timer
2606 hasn't reached this given limit. Notice that if the timer hasn't
2607 reached the limit, the request will be made and while perform‐
2608 ing, it may take longer than this given time period. To limit a
2609 single request´s maximum time, use -m, --max-time. Set this
2610 option to zero to not timeout retries.
2611 If this option is used several times, the last one will be used.
2613 Added in 7.12.3.
2615 --retry <num>
2617 If a transient error is returned when curl tries to perform a
2618 transfer, it will retry this number of times before giving up.
2619 Setting the number to 0 makes curl do no retries (which is the
2620 default). Transient error means either: a timeout, an FTP 4xx
2621 response code or an HTTP 408 or 5xx response code.
2622 When curl is about to retry a transfer, it will first wait one
2624 second and then for all forthcoming retries it will double the
2625 waiting time until it reaches 10 minutes which then will be the
2626 delay between the rest of the retries. By using --retry-delay
2627 you disable this exponential backoff algorithm. See also
2628 --retry-max-time to limit the total time allowed for retries.
2629 Since curl 7.66.0, curl will comply with the Retry-After:
2631 response header if one was present to know when to issue the
2632 next retry.
2633 If this option is used several times, the last one will be used.
2635 Added in 7.12.3.
2637 --sasl-authzid
2639 Use this authorisation identity (authzid), during SASL PLAIN
2640 authentication, in addition to the authentication identity
2641 (authcid) as specified by -u, --user.
2642 If the option isn't specified, the server will derive the
2644 authzid from the authcid, but if specified, and depending on the
2645 server implementation, it may be used to access another user's
2646 inbox, that the user has been granted access to, or a shared
2647 mailbox for example.
2648 Added in 7.66.0.
2650 --sasl-ir
2652 Enable initial response in SASL authentication.
2653 Added in 7.31.0.
2655 --service-name <name>
2657 This option allows you to change the service name for SPNEGO.
2658 Examples: --negotiate --service-name sockd would use
2660 sockd/server-name.
2661 Added in 7.43.0.
2663 -S, --show-error
2665 When used with -s, --silent, it makes curl show an error message
2666 if it fails.
2667 -s, --silent
2669 Silent or quiet mode. Don't show progress meter or error mes‐
2670 sages. Makes Curl mute. It will still output the data you ask
2671 for, potentially even to the terminal/stdout unless you redirect
2672 it.
2673 Use -S, --show-error in addition to this option to disable
2675 progress meter but still show error messages.
2676 See also -v, --verbose and --stderr.
2678 --socks4 <host[:port]>
2680 Use the specified SOCKS4 proxy. If the port number is not speci‐
2681 fied, it is assumed at port 1080.
2682 This option overrides any previous use of -x, --proxy, as they
2684 are mutually exclusive.
2685 Since 7.21.7, this option is superfluous since you can specify a
2687 socks4 proxy with -x, --proxy using a socks4:// protocol prefix.
2688 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2690 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2691 such a case curl first connects to the SOCKS proxy and then con‐
2692 nects (through SOCKS) to the HTTP or HTTPS proxy.
2693 If this option is used several times, the last one will be used.
2695 Added in 7.15.2.
2697 --socks4a <host[:port]>
2699 Use the specified SOCKS4a proxy. If the port number is not spec‐
2700 ified, it is assumed at port 1080.
2701 This option overrides any previous use of -x, --proxy, as they
2703 are mutually exclusive.
2704 Since 7.21.7, this option is superfluous since you can specify a
2706 socks4a proxy with -x, --proxy using a socks4a:// protocol pre‐
2707 fix.
2708 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2710 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2711 such a case curl first connects to the SOCKS proxy and then con‐
2712 nects (through SOCKS) to the HTTP or HTTPS proxy.
2713 If this option is used several times, the last one will be used.
2715 Added in 7.18.0.
2717 --socks5-basic
2719 Tells curl to use username/password authentication when connect‐
2720 ing to a SOCKS5 proxy. The username/password authentication is
2721 enabled by default. Use --socks5-gssapi to force GSS-API
2722 authentication to SOCKS5 proxies.
2723 Added in 7.55.0.
2725 --socks5-gssapi-nec
2727 As part of the GSS-API negotiation a protection mode is negoti‐
2728 ated. RFC 1961 says in section 4.3/4.4 it should be protected,
2729 but the NEC reference implementation does not. The option
2730 --socks5-gssapi-nec allows the unprotected exchange of the pro‐
2731 tection mode negotiation.
2732 Added in 7.19.4.
2734 --socks5-gssapi-service <name>
2736 The default service name for a socks server is rcmd/server-fqdn.
2737 This option allows you to change it.
2738 Examples: --socks5 proxy-name --socks5-gssapi-service sockd
2740 would use sockd/proxy-name --socks5 proxy-name --socks5-gssapi-
2741 service sockd/real-name would use sockd/real-name for cases
2742 where the proxy-name does not match the principal name.
2743 Added in 7.19.4.
2745 --socks5-gssapi
2747 Tells curl to use GSS-API authentication when connecting to a
2748 SOCKS5 proxy. The GSS-API authentication is enabled by default
2749 (if curl is compiled with GSS-API support). Use --socks5-basic
2750 to force username/password authentication to SOCKS5 proxies.
2751 Added in 7.55.0.
2753 --socks5-hostname <host[:port]>
2755 Use the specified SOCKS5 proxy (and let the proxy resolve the
2756 host name). If the port number is not specified, it is assumed
2757 at port 1080.
2758 This option overrides any previous use of -x, --proxy, as they
2760 are mutually exclusive.
2761 Since 7.21.7, this option is superfluous since you can specify a
2763 socks5 hostname proxy with -x, --proxy using a socks5h:// proto‐
2764 col prefix.
2765 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2767 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2768 such a case curl first connects to the SOCKS proxy and then con‐
2769 nects (through SOCKS) to the HTTP or HTTPS proxy.
2770 If this option is used several times, the last one will be used.
2772 Added in 7.18.0.
2774 --socks5 <host[:port]>
2776 Use the specified SOCKS5 proxy - but resolve the host name
2777 locally. If the port number is not specified, it is assumed at
2778 port 1080.
2779 This option overrides any previous use of -x, --proxy, as they
2781 are mutually exclusive.
2782 Since 7.21.7, this option is superfluous since you can specify a
2784 socks5 proxy with -x, --proxy using a socks5:// protocol prefix.
2785 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2787 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2788 such a case curl first connects to the SOCKS proxy and then con‐
2789 nects (through SOCKS) to the HTTP or HTTPS proxy.
2790 If this option is used several times, the last one will be used.
2792 This option (as well as --socks4) does not work with IPV6, FTPS
2794 or LDAP.
2795 Added in 7.18.0.
2797 -Y, --speed-limit <speed>
2799 If a download is slower than this given speed (in bytes per sec‐
2800 ond) for speed-time seconds it gets aborted. speed-time is set
2801 with -y, --speed-time and is 30 if not set.
2802 If this option is used several times, the last one will be used.
2804 -y, --speed-time <seconds>
2806 If a download is slower than speed-limit bytes per second during
2807 a speed-time period, the download gets aborted. If speed-time is
2808 used, the default speed-limit will be 1 unless set with -Y,
2809 --speed-limit.
2810 This option controls transfers and thus will not affect slow
2812 connects etc. If this is a concern for you, try the --connect-
2813 timeout option.
2814 If this option is used several times, the last one will be used.
2816 --ssl-allow-beast
2818 This option tells curl to not work around a security flaw in the
2819 SSL3 and TLS1.0 protocols known as BEAST. If this option isn't
2820 used, the SSL layer may use workarounds known to cause interop‐
2821 erability problems with some older SSL implementations. WARNING:
2822 this option loosens the SSL security, and by using this flag you
2823 ask for exactly that.
2824 Added in 7.25.0.
2826 --ssl-no-revoke
2828 (Schannel) This option tells curl to disable certificate revoca‐
2829 tion checks. WARNING: this option loosens the SSL security, and
2830 by using this flag you ask for exactly that.
2831 Added in 7.44.0.
2833 --ssl-reqd
2835 (FTP IMAP POP3 SMTP) Require SSL/TLS for the connection. Termi‐
2836 nates the connection if the server doesn't support SSL/TLS.
2837 This option was formerly known as --ftp-ssl-reqd.
2839 Added in 7.20.0.
2841 --ssl (FTP IMAP POP3 SMTP) Try to use SSL/TLS for the connection.
2843 Reverts to a non-secure connection if the server doesn't support
2844 SSL/TLS. See also --ftp-ssl-control and --ssl-reqd for differ‐
2845 ent levels of encryption required.
2846 This option was formerly known as --ftp-ssl (Added in 7.11.0).
2848 That option name can still be used but will be removed in a
2849 future version.
2850 Added in 7.20.0.
2852 -2, --sslv2
2854 (SSL) Forces curl to use SSL version 2 when negotiating with a
2855 remote SSL server. Sometimes curl is built without SSLv2 sup‐
2856 port. SSLv2 is widely considered insecure (see RFC 6176).
2857 See also --http1.1 and --http2. -2, --sslv2 requires that the
2859 underlying libcurl was built to support TLS. This option over‐
2860 rides -3, --sslv3 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
2861 -3, --sslv3
2863 (SSL) Forces curl to use SSL version 3 when negotiating with a
2864 remote SSL server. Sometimes curl is built without SSLv3 sup‐
2865 port. SSLv3 is widely considered insecure (see RFC 7568).
2866 See also --http1.1 and --http2. -3, --sslv3 requires that the
2868 underlying libcurl was built to support TLS. This option over‐
2869 rides -2, --sslv2 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
2870 --stderr
2872 Redirect all writes to stderr to the specified file instead. If
2873 the file name is a plain '-', it is instead written to stdout.
2874 If this option is used several times, the last one will be used.
2876 See also -v, --verbose and -s, --silent.
2878 --styled-output
2880 Enables the automatic use of bold font styles when writing HTTP
2881 headers to the terminal. Use --no-styled-output to switch them
2882 off.
2883 Added in 7.61.0.
2885 --suppress-connect-headers
2887 When -p, --proxytunnel is used and a CONNECT request is made
2888 don't output proxy CONNECT response headers. This option is
2889 meant to be used with -D, --dump-header or -i, --include which
2890 are used to show protocol headers in the output. It has no
2891 effect on debug options such as -v, --verbose or --trace, or any
2892 statistics.
2893 See also -D, --dump-header and -i, --include and -p, --proxytun‐
2895 nel.
2896 --tcp-fastopen
2898 Enable use of TCP Fast Open (RFC7413).
2899 Added in 7.49.0.
2901 --tcp-nodelay
2903 Turn on the TCP_NODELAY option. See the curl_easy_setopt(3) man
2904 page for details about this option.
2905 Since 7.50.2, curl sets this option by default and you need to
2907 explicitly switch it off if you don't want it on.
2908 Added in 7.11.2.
2910 -t, --telnet-option <opt=val>
2912 Pass options to the telnet protocol. Supported options are:
2913 TTYPE=<term> Sets the terminal type.
2915 XDISPLOC=<X display> Sets the X display location.
2917 NEW_ENV=<var,val> Sets an environment variable.
2919 --tftp-blksize <value>
2921 (TFTP) Set TFTP BLKSIZE option (must be >512). This is the block
2922 size that curl will try to use when transferring data to or from
2923 a TFTP server. By default 512 bytes will be used.
2924 If this option is used several times, the last one will be used.
2926 Added in 7.20.0.
2928 --tftp-no-options
2930 (TFTP) Tells curl not to send TFTP options requests.
2931 This option improves interop with some legacy servers that do
2933 not acknowledge or properly implement TFTP options. When this
2934 option is used --tftp-blksize is ignored.
2935 Added in 7.48.0.
2937 -z, --time-cond <time>
2939 (HTTP FTP) Request a file that has been modified later than the
2940 given time and date, or one that has been modified before that
2941 time. The <date expression> can be all sorts of date strings or
2942 if it doesn't match any internal ones, it is taken as a filename
2943 and tries to get the modification date (mtime) from <file>
2944 instead. See the curl_getdate(3) man pages for date expression
2945 details.
2946 Start the date expression with a dash (-) to make it request for
2948 a document that is older than the given date/time, default is a
2949 document that is newer than the specified date/time.
2950 If this option is used several times, the last one will be used.
2952 --tls-max <VERSION>
2954 (SSL) VERSION defines maximum supported TLS version. The minimum
2955 acceptable version is set by tlsv1.0, tlsv1.1, tlsv1.2 or
2956 tlsv1.3.
2957 default
2960 Use up to recommended TLS version.
2961 1.0 Use up to TLSv1.0.
2963 1.1 Use up to TLSv1.1.
2965 1.2 Use up to TLSv1.2.
2967 1.3 Use up to TLSv1.3.
2969 See also --tlsv1.0 and --tlsv1.1 and --tlsv1.2 and --tlsv1.3. --tls-max
2971 requires that the underlying libcurl was built to support TLS. Added in
2972 7.54.0.
2973 --tls13-ciphers <list of TLS 1.3 ciphersuites>
2975 (TLS) Specifies which cipher suites to use in the connection if
2976 it negotiates TLS 1.3. The list of ciphers suites must specify
2977 valid ciphers. Read up on TLS 1.3 cipher suite details on this
2978 URL:
2979 https://curl.haxx.se/docs/ssl-ciphers.html
2981 This option is currently used only when curl is built to use
2983 OpenSSL 1.1.1 or later. If you are using a different SSL backend
2984 you can try setting TLS 1.3 cipher suites by using the --ciphers
2985 option.
2986 If this option is used several times, the last one will be used.
2988 --tlsauthtype <type>
2990 Set TLS authentication type. Currently, the only supported
2991 option is "SRP", for TLS-SRP (RFC 5054). If --tlsuser and
2992 --tlspassword are specified but --tlsauthtype is not, then this
2993 option defaults to "SRP". This option works only if the under‐
2994 lying libcurl is built with TLS-SRP support, which requires
2995 OpenSSL or GnuTLS with TLS-SRP support.
2996 Added in 7.21.4.
2998 --tlspassword
3000 Set password for use with the TLS authentication method speci‐
3001 fied with --tlsauthtype. Requires that --tlsuser also be set.
3002 This doesn't work with TLS 1.3.
3004 Added in 7.21.4.
3006 --tlsuser <name>
3008 Set username for use with the TLS authentication method speci‐
3009 fied with --tlsauthtype. Requires that --tlspassword also is
3010 set.
3011 This doesn't work with TLS 1.3.
3013 Added in 7.21.4.
3015 --tlsv1.0
3017 (TLS) Forces curl to use TLS version 1.0 or later when connect‐
3018 ing to a remote TLS server.
3019 In old versions of curl this option was documented to allow
3021 _only_ TLS 1.0, but behavior was inconsistent depending on the
3022 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
3023 sion.
3024 Added in 7.34.0.
3026 --tlsv1.1
3028 (TLS) Forces curl to use TLS version 1.1 or later when connect‐
3029 ing to a remote TLS server.
3030 In old versions of curl this option was documented to allow
3032 _only_ TLS 1.1, but behavior was inconsistent depending on the
3033 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
3034 sion.
3035 Added in 7.34.0.
3037 --tlsv1.2
3039 (TLS) Forces curl to use TLS version 1.2 or later when connect‐
3040 ing to a remote TLS server.
3041 In old versions of curl this option was documented to allow
3043 _only_ TLS 1.2, but behavior was inconsistent depending on the
3044 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
3045 sion.
3046 Added in 7.34.0.
3048 --tlsv1.3
3050 (TLS) Forces curl to use TLS version 1.3 or later when connect‐
3051 ing to a remote TLS server.
3052 Note that TLS 1.3 is only supported by a subset of TLS backends.
3054 At the time of this writing, they are BoringSSL, NSS, and Secure
3055 Transport (on iOS 11 or later, and macOS 10.13 or later).
3056 Added in 7.52.0.
3058 -1, --tlsv1
3060 (SSL) Tells curl to use at least TLS version 1.x when negotiat‐
3061 ing with a remote TLS server. That means TLS version 1.0 or
3062 higher
3063 See also --http1.1 and --http2. -1, --tlsv1 requires that the
3065 underlying libcurl was built to support TLS. This option over‐
3066 rides --tlsv1.1 and --tlsv1.2 and --tlsv1.3.
3067 --tr-encoding
3069 (HTTP) Request a compressed Transfer-Encoding response using one
3070 of the algorithms curl supports, and uncompress the data while
3071 receiving it.
3072 Added in 7.21.6.
3074 --trace-ascii <file>
3076 Enables a full trace dump of all incoming and outgoing data,
3077 including descriptive information, to the given output file. Use
3078 "-" as filename to have the output sent to stdout.
3079 This is very similar to --trace, but leaves out the hex part and
3081 only shows the ASCII part of the dump. It makes smaller output
3082 that might be easier to read for untrained humans.
3083 If this option is used several times, the last one will be used.
3085 This option overrides --trace and -v, --verbose.
3087 --trace-time
3089 Prepends a time stamp to each trace or verbose line that curl
3090 displays.
3091 Added in 7.14.0.
3093 --trace <file>
3095 Enables a full trace dump of all incoming and outgoing data,
3096 including descriptive information, to the given output file. Use
3097 "-" as filename to have the output sent to stdout. Use "%" as
3098 filename to have the output sent to stderr.
3099 If this option is used several times, the last one will be used.
3101 This option overrides -v, --verbose and --trace-ascii.
3103 --unix-socket <path>
3105 (HTTP) Connect through this Unix domain socket, instead of using
3106 the network.
3107 Added in 7.40.0.
3109 -T, --upload-file <file>
3111 This transfers the specified local file to the remote URL. If
3112 there is no file part in the specified URL, curl will append the
3113 local file name. NOTE that you must use a trailing / on the last
3114 directory to really prove to Curl that there is no file name or
3115 curl will think that your last directory name is the remote file
3116 name to use. That will most likely cause the upload operation to
3117 fail. If this is used on an HTTP(S) server, the PUT command will
3118 be used.
3119 Use the file name "-" (a single dash) to use stdin instead of a
3121 given file. Alternately, the file name "." (a single period)
3122 may be specified instead of "-" to use stdin in non-blocking
3123 mode to allow reading server output while stdin is being
3124 uploaded.
3125 You can specify one -T, --upload-file for each URL on the com‐
3127 mand line. Each -T, --upload-file + URL pair specifies what to
3128 upload and to where. curl also supports "globbing" of the -T,
3129 --upload-file argument, meaning that you can upload multiple
3130 files to a single URL by using the same URL globbing style sup‐
3131 ported in the URL, like this:
3132 curl --upload-file "{file1,file2}" http://www.example.com
3134 or even
3136 curl -T "img[1-1000].png" ftp://ftp.example.com/upload/
3138 When uploading to an SMTP server: the uploaded data is assumed
3140 to be RFC 5322 formatted. It has to feature the necessary set of
3141 headers and mail body formatted correctly by the user as curl
3142 will not transcode nor encode it further in any way.
3143 --url <url>
3145 Specify a URL to fetch. This option is mostly handy when you
3146 want to specify URL(s) in a config file.
3147 If the given URL is missing a scheme name (such as "http://" or
3149 "ftp://" etc) then curl will make a guess based on the host. If
3150 the outermost sub-domain name matches DICT, FTP, IMAP, LDAP,
3151 POP3 or SMTP then that protocol will be used, otherwise HTTP
3152 will be used. Since 7.45.0 guessing can be disabled by setting a
3153 default protocol, see --proto-default for details.
3154 This option may be used any number of times. To control where
3156 this URL is written, use the -o, --output or the -O, --remote-
3157 name options.
3158 -B, --use-ascii
3160 (FTP LDAP) Enable ASCII transfer. For FTP, this can also be
3161 enforced by using a URL that ends with ";type=A". This option
3162 causes data sent to stdout to be in text mode for win32 systems.
3163 -A, --user-agent <name>
3165 (HTTP) Specify the User-Agent string to send to the HTTP server.
3166 To encode blanks in the string, surround the string with single
3167 quote marks. This header can also be set with the -H, --header
3168 or the --proxy-header options.
3169 If this option is used several times, the last one will be used.
3171 -u, --user <user:password>
3173 Specify the user name and password to use for server authentica‐
3174 tion. Overrides -n, --netrc and --netrc-optional.
3175 If you simply specify the user name, curl will prompt for a
3177 password.
3178 The user name and passwords are split up on the first colon,
3180 which makes it impossible to use a colon in the user name with
3181 this option. The password can, still.
3182 On systems where it works, curl will hide the given option argu‐
3184 ment from process listings. This is not enough to protect cre‐
3185 dentials from possibly getting seen by other users on the same
3186 system as they will still be visible for a brief moment before
3187 cleared. Such sensitive data should be retrieved from a file
3188 instead or similar and never used in clear text in a command
3189 line.
3190 When using Kerberos V5 with a Windows based server you should
3192 include the Windows domain name in the user name, in order for
3193 the server to successfully obtain a Kerberos Ticket. If you
3194 don't then the initial authentication handshake may fail.
3195 When using NTLM, the user name can be specified simply as the
3197 user name, without the domain, if there is a single domain and
3198 forest in your setup for example.
3199 To specify the domain name use either Down-Level Logon Name or
3201 UPN (User Principal Name) formats. For example, EXAMPLE\user and
3202 user@example.com respectively.
3203 If you use a Windows SSPI-enabled curl binary and perform Ker‐
3205 beros V5, Negotiate, NTLM or Digest authentication then you can
3206 tell curl to select the user name and password from your envi‐
3207 ronment by specifying a single colon with this option: "-u :".
3208 If this option is used several times, the last one will be used.
3210 -v, --verbose
3212 Makes curl verbose during the operation. Useful for debugging
3213 and seeing what's going on "under the hood". A line starting
3214 with '>' means "header data" sent by curl, '<' means "header
3215 data" received by curl that is hidden in normal cases, and a
3216 line starting with '*' means additional info provided by curl.
3217 If you only want HTTP headers in the output, -i, --include might
3219 be the option you're looking for.
3220 If you think this option still doesn't give you enough details,
3222 consider using --trace or --trace-ascii instead.
3223 Use -s, --silent to make curl really quiet.
3225 See also -i, --include. This option overrides --trace and
3227 --trace-ascii.
3228 -V, --version
3230 Displays information about curl and the libcurl version it uses.
3231 The first line includes the full version of curl, libcurl and
3233 other 3rd party libraries linked with the executable.
3234 The second line (starts with "Protocols:") shows all protocols
3236 that libcurl reports to support.
3237 The third line (starts with "Features:") shows specific features
3239 libcurl reports to offer. Available features include:
3240 IPv6 You can use IPv6 with this.
3242 krb4 Krb4 for FTP is supported.
3244 SSL SSL versions of various protocols are supported, such as
3246 HTTPS, FTPS, POP3S and so on.
3247 libz Automatic decompression of compressed files over HTTP is
3249 supported.
3250 NTLM NTLM authentication is supported.
3252 Debug This curl uses a libcurl built with Debug. This enables
3254 more error-tracking and memory debugging etc. For curl-
3255 developers only!
3256 AsynchDNS
3258 This curl uses asynchronous name resolves. Asynchronous
3259 name resolves can be done using either the c-ares or the
3260 threaded resolver backends.
3261 SPNEGO SPNEGO authentication is supported.
3263 Largefile
3265 This curl supports transfers of large files, files larger
3266 than 2GB.
3267 IDN This curl supports IDN - international domain names.
3269 GSS-API
3271 GSS-API is supported.
3272 SSPI SSPI is supported.
3274 TLS-SRP
3276 SRP (Secure Remote Password) authentication is supported
3277 for TLS.
3278 HTTP2 HTTP/2 support has been built-in.
3280 UnixSockets
3282 Unix sockets support is provided.
3283 HTTPS-proxy
3285 This curl is built to support HTTPS proxy.
3286 Metalink
3288 This curl supports Metalink (both version 3 and 4 (RFC
3289 5854)), which describes mirrors and hashes. curl will
3290 use mirrors for failover if there are errors (such as the
3291 file or server not being available).
3292 PSL PSL is short for Public Suffix List and means that this
3294 curl has been built with knowledge about "public suf‐
3295 fixes".
3296 MultiSSL
3298 This curl supports multiple TLS backends.
3299 -w, --write-out <format>
3301 Make curl display information on stdout after a completed trans‐
3302 fer. The format is a string that may contain plain text mixed
3303 with any number of variables. The format can be specified as a
3304 literal "string", or you can have curl read the format from a
3305 file with "@filename" and to tell curl to read the format from
3306 stdin you write "@-".
3307 The variables present in the output format will be substituted
3309 by the value or text that curl thinks fit, as described below.
3310 All variables are specified as %{variable_name} and to output a
3311 normal % you just write them as %%. You can output a newline by
3312 using \n, a carriage return with \r and a tab space with \t.
3313 The output will be written to standard output, but this can be
3315 switched to standard error by using %{stderr}.
3316 NOTE: The %-symbol is a special symbol in the win32-environment,
3318 where all occurrences of % must be doubled when using this
3319 option.
3320 The variables available are:
3322 content_type The Content-Type of the requested document, if
3324 there was any.
3325 filename_effective
3327 The ultimate filename that curl writes out to.
3328 This is only meaningful if curl is told to write
3329 to a file with the -O, --remote-name or -o,
3330 --output option. It's most useful in combination
3331 with the -J, --remote-header-name option. (Added
3332 in 7.26.0)
3333 ftp_entry_path The initial path curl ended up in when logging on
3335 to the remote FTP server. (Added in 7.15.4)
3336 http_code The numerical response code that was found in the
3338 last retrieved HTTP(S) or FTP(s) transfer. In
3339 7.18.2 the alias response_code was added to show
3340 the same info.
3341 http_connect The numerical code that was found in the last
3343 response (from a proxy) to a curl CONNECT
3344 request. (Added in 7.12.4)
3345 http_version The http version that was effectively used.
3347 (Added in 7.50.0)
3348 local_ip The IP address of the local end of the most
3350 recently done connection - can be either IPv4 or
3351 IPv6 (Added in 7.29.0)
3352 local_port The local port number of the most recently done
3354 connection (Added in 7.29.0)
3355 num_connects Number of new connects made in the recent trans‐
3357 fer. (Added in 7.12.3)
3358 num_redirects Number of redirects that were followed in the
3360 request. (Added in 7.12.3)
3361 proxy_ssl_verify_result
3363 The result of the HTTPS proxy's SSL peer certifi‐
3364 cate verification that was requested. 0 means the
3365 verification was successful. (Added in 7.52.0)
3366 redirect_url When an HTTP request was made without -L, --loca‐
3368 tion to follow redirects (or when --max-redir is
3369 met), this variable will show the actual URL a
3370 redirect would have gone to. (Added in 7.18.2)
3371 remote_ip The remote IP address of the most recently done
3373 connection - can be either IPv4 or IPv6 (Added in
3374 7.29.0)
3375 remote_port The remote port number of the most recently done
3377 connection (Added in 7.29.0)
3378 scheme The URL scheme (sometimes called protocol) that
3380 was effectively used (Added in 7.52.0)
3381 size_download The total amount of bytes that were downloaded.
3383 size_header The total amount of bytes of the downloaded head‐
3385 ers.
3386 size_request The total amount of bytes that were sent in the
3388 HTTP request.
3389 size_upload The total amount of bytes that were uploaded.
3391 speed_download The average download speed that curl measured for
3393 the complete download. Bytes per second.
3394 speed_upload The average upload speed that curl measured for
3396 the complete upload. Bytes per second.
3397 ssl_verify_result
3399 The result of the SSL peer certificate verifica‐
3400 tion that was requested. 0 means the verification
3401 was successful. (Added in 7.19.0)
3402 stderr From this point on, the -w, --write-out output
3404 will be written to standard error. (Added in
3405 7.63.0)
3406 stdout From this point on, the -w, --write-out output
3408 will be written to standard output. This is the
3409 default, but can be used to switch back after
3410 switching to stderr. (Added in 7.63.0)
3411 time_appconnect
3413 The time, in seconds, it took from the start
3414 until the SSL/SSH/etc connect/handshake to the
3415 remote host was completed. (Added in 7.19.0)
3416 time_connect The time, in seconds, it took from the start
3418 until the TCP connect to the remote host (or
3419 proxy) was completed.
3420 time_namelookup
3422 The time, in seconds, it took from the start
3423 until the name resolving was completed.
3424 time_pretransfer
3426 The time, in seconds, it took from the start
3427 until the file transfer was just about to begin.
3428 This includes all pre-transfer commands and nego‐
3429 tiations that are specific to the particular pro‐
3430 tocol(s) involved.
3431 time_redirect The time, in seconds, it took for all redirection
3433 steps including name lookup, connect, pretransfer
3434 and transfer before the final transaction was
3435 started. time_redirect shows the complete execu‐
3436 tion time for multiple redirections. (Added in
3437 7.12.3)
3438 time_starttransfer
3440 The time, in seconds, it took from the start
3441 until the first byte was just about to be trans‐
3442 ferred. This includes time_pretransfer and also
3443 the time the server needed to calculate the
3444 result.
3445 time_total The total time, in seconds, that the full opera‐
3447 tion lasted.
3448 url_effective The URL that was fetched last. This is most mean‐
3450 ingful if you've told curl to follow location:
3451 headers.
3452 If this option is used several times, the last one will be used.
3454 --xattr
3456 When saving output to a file, this option tells curl to store
3457 certain file metadata in extended file attributes. Currently,
3458 the URL is stored in the xdg.origin.url attribute and, for HTTP,
3459 the content type is stored in the mime_type attribute. If the
3460 file system does not support extended attributes, a warning is
3461 issued.
3462
3464 ~/.curlrc
3465 Default config file, see -K, --config for details.
3466
3468 The environment variables can be specified in lower case or upper case.
3469 The lower case version has precedence. http_proxy is an exception as it
3470 is only available in lower case.
3471 Using an environment variable to set the proxy has the same effect as
3473 using the -x, --proxy option.
3474 http_proxy [protocol://]<host>[:port]
3477 Sets the proxy server to use for HTTP.
3478 HTTPS_PROXY [protocol://]<host>[:port]
3480 Sets the proxy server to use for HTTPS.
3481 [url-protocol]_PROXY [protocol://]<host>[:port]
3483 Sets the proxy server to use for [url-protocol], where the pro‐
3484 tocol is a protocol that curl supports and as specified in a
3485 URL. FTP, FTPS, POP3, IMAP, SMTP, LDAP etc.
3486 ALL_PROXY [protocol://]<host>[:port]
3488 Sets the proxy server to use if no protocol-specific proxy is
3489 set.
3490 NO_PROXY <comma-separated list of hosts/domains>
3492 list of host names that shouldn't go through any proxy. If set
3493 to an asterisk '*' only, it matches all hosts. Each name in this
3494 list is matched as either a domain name which contains the host‐
3495 name, or the hostname itself.
3496 This environment variable disables use of the proxy even when
3498 specified with the -x, --proxy option. That is
3499 NO_PROXY=direct.example.com curl -x http://proxy.example.com
3500 http://direct.example.com accesses the target URL directly, and
3501 NO_PROXY=direct.example.com curl -x http://proxy.example.com
3502 http://somewhere.example.com accesses the target URL through the
3503 proxy.
3504 The list of host names can also be include numerical IP
3506 addresses, and IPv6 versions should then be given without
3507 enclosing brackets.
3508
3511 Since curl version 7.21.7, the proxy string may be specified with a
3512 protocol:// prefix to specify alternative proxy protocols.
3513 If no protocol is specified in the proxy string or if the string
3515 doesn't match a supported one, the proxy will be treated as an HTTP
3516 proxy.
3517 The supported proxy protocol prefixes are as follows:
3519 http://
3521 Makes it use it as an HTTP proxy. The default if no scheme pre‐
3522 fix is used.
3523 https://
3525 Makes it treated as an HTTPS proxy.
3526 socks4://
3528 Makes it the equivalent of --socks4
3529 socks4a://
3531 Makes it the equivalent of --socks4a
3532 socks5://
3534 Makes it the equivalent of --socks5
3535 socks5h://
3537 Makes it the equivalent of --socks5-hostname
3538
3540 There are a bunch of different error codes and their corresponding
3541 error messages that may appear during bad conditions. At the time of
3542 this writing, the exit codes are:
3543 1 Unsupported protocol. This build of curl has no support for this
3545 protocol.
3546 2 Failed to initialize.
3548 3 URL malformed. The syntax was not correct.
3550 4 A feature or option that was needed to perform the desired
3552 request was not enabled or was explicitly disabled at build-
3553 time. To make curl able to do this, you probably need another
3554 build of libcurl!
3555 5 Couldn't resolve proxy. The given proxy host could not be
3557 resolved.
3558 6 Couldn't resolve host. The given remote host was not resolved.
3560 7 Failed to connect to host.
3562 8 Weird server reply. The server sent data curl couldn't parse.
3564 9 FTP access denied. The server denied login or denied access to
3566 the particular resource or directory you wanted to reach. Most
3567 often you tried to change to a directory that doesn't exist on
3568 the server.
3569 10 FTP accept failed. While waiting for the server to connect back
3571 when an active FTP session is used, an error code was sent over
3572 the control connection or similar.
3573 11 FTP weird PASS reply. Curl couldn't parse the reply sent to the
3575 PASS request.
3576 12 During an active FTP session while waiting for the server to
3578 connect back to curl, the timeout expired.
3579 13 FTP weird PASV reply, Curl couldn't parse the reply sent to the
3581 PASV request.
3582 14 FTP weird 227 format. Curl couldn't parse the 227-line the
3584 server sent.
3585 15 FTP can't get host. Couldn't resolve the host IP we got in the
3587 227-line.
3588 16 HTTP/2 error. A problem was detected in the HTTP2 framing layer.
3590 This is somewhat generic and can be one out of several problems,
3591 see the error message for details.
3592 17 FTP couldn't set binary. Couldn't change transfer method to
3594 binary.
3595 18 Partial file. Only a part of the file was transferred.
3597 19 FTP couldn't download/access the given file, the RETR (or simi‐
3599 lar) command failed.
3600 21 FTP quote error. A quote command returned error from the server.
3602 22 HTTP page not retrieved. The requested url was not found or
3604 returned another error with the HTTP error code being 400 or
3605 above. This return code only appears if -f, --fail is used.
3606 23 Write error. Curl couldn't write data to a local filesystem or
3608 similar.
3609 25 FTP couldn't STOR file. The server denied the STOR operation,
3611 used for FTP uploading.
3612 26 Read error. Various reading problems.
3614 27 Out of memory. A memory allocation request failed.
3616 28 Operation timeout. The specified time-out period was reached
3618 according to the conditions.
3619 30 FTP PORT failed. The PORT command failed. Not all FTP servers
3621 support the PORT command, try doing a transfer using PASV
3622 instead!
3623 31 FTP couldn't use REST. The REST command failed. This command is
3625 used for resumed FTP transfers.
3626 33 HTTP range error. The range "command" didn't work.
3628 34 HTTP post error. Internal post-request generation error.
3630 35 SSL connect error. The SSL handshaking failed.
3632 36 Bad download resume. Couldn't continue an earlier aborted down‐
3634 load.
3635 37 FILE couldn't read file. Failed to open the file. Permissions?
3637 38 LDAP cannot bind. LDAP bind operation failed.
3639 39 LDAP search failed.
3641 41 Function not found. A required LDAP function was not found.
3643 42 Aborted by callback. An application told curl to abort the oper‐
3645 ation.
3646 43 Internal error. A function was called with a bad parameter.
3648 45 Interface error. A specified outgoing interface could not be
3650 used.
3651 47 Too many redirects. When following redirects, curl hit the maxi‐
3653 mum amount.
3654 48 Unknown option specified to libcurl. This indicates that you
3656 passed a weird option to curl that was passed on to libcurl and
3657 rejected. Read up in the manual!
3658 49 Malformed telnet option.
3660 51 The peer's SSL certificate or SSH MD5 fingerprint was not OK.
3662 52 The server didn't reply anything, which here is considered an
3664 error.
3665 53 SSL crypto engine not found.
3667 54 Cannot set SSL crypto engine as default.
3669 55 Failed sending network data.
3671 56 Failure in receiving network data.
3673 58 Problem with the local certificate.
3675 59 Couldn't use specified SSL cipher.
3677 60 Peer certificate cannot be authenticated with known CA certifi‐
3679 cates.
3680 61 Unrecognized transfer encoding.
3682 62 Invalid LDAP URL.
3684 63 Maximum file size exceeded.
3686 64 Requested FTP SSL level failed.
3688 65 Sending the data requires a rewind that failed.
3690 66 Failed to initialise SSL Engine.
3692 67 The user name, password, or similar was not accepted and curl
3694 failed to log in.
3695 68 File not found on TFTP server.
3697 69 Permission problem on TFTP server.
3699 70 Out of disk space on TFTP server.
3701 71 Illegal TFTP operation.
3703 72 Unknown TFTP transfer ID.
3705 73 File already exists (TFTP).
3707 74 No such user (TFTP).
3709 75 Character conversion failed.
3711 76 Character conversion functions required.
3713 77 Problem with reading the SSL CA cert (path? access rights?).
3715 78 The resource referenced in the URL does not exist.
3717 79 An unspecified error occurred during the SSH session.
3719 80 Failed to shut down the SSL connection.
3721 82 Could not load CRL file, missing or wrong format (added in
3723 7.19.0).
3724 83 Issuer check failed (added in 7.19.0).
3726 84 The FTP PRET command failed
3728 85 RTSP: mismatch of CSeq numbers
3730 86 RTSP: mismatch of Session Identifiers
3732 87 unable to parse FTP file list
3734 88 FTP chunk callback reported error
3736 89 No connection available, the session will be queued
3738 90 SSL public key does not matched pinned public key
3740 91 Invalid SSL certificate status.
3742 92 Stream error in HTTP/2 framing layer.
3744 XX More error codes will appear here in future releases. The exist‐
3746 ing ones are meant to never change.
3747
3749 Daniel Stenberg is the main author, but the whole list of contributors
3750 is found in the separate THANKS file.
3751
3753 https://curl.haxx.se
3754
3756 ftp(1), wget(1)
3757Curl 7.69.1 November 16, 2016 curl(1)