1curl(1) Curl Manual curl(1)
2
6 curl - transfer a URL
7
9 curl [options / URLs]
10
12 curl is a tool to transfer data from or to a server, using one of the
13 supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP,
14 IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP,
15 SMB, SMBS, SMTP, SMTPS, TELNET and TFTP). The command is designed to
16 work without user interaction.
17 curl offers a busload of useful tricks like proxy support, user authen‐
19 tication, FTP upload, HTTP post, SSL connections, cookies, file trans‐
20 fer resume, Metalink, and more. As you will see below, the number of
21 features will make your head spin!
22 curl is powered by libcurl for all transfer-related features. See
24 libcurl(3) for details.
25
27 The URL syntax is protocol-dependent. You'll find a detailed descrip‐
28 tion in RFC 3986.
29 You can specify multiple URLs or parts of URLs by writing part sets
31 within braces and quoting the URL as in:
32 "http://site.{one,two,three}.com"
34 or you can get sequences of alphanumeric series by using [] as in:
36 "ftp://ftp.example.com/file[1-100].txt"
38 "ftp://ftp.example.com/file[001-100].txt" (with leading zeros)
40 "ftp://ftp.example.com/file[a-z].txt"
42 Nested sequences are not supported, but you can use several ones next
44 to each other:
45 "http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html"
47 You can specify any amount of URLs on the command line. They will be
49 fetched in a sequential manner in the specified order. You can specify
50 command line options and URLs mixed and in any order on the command
51 line.
52 You can specify a step counter for the ranges to get every Nth number
54 or letter:
55 "http://example.com/file[1-100:10].txt"
57 "http://example.com/file[a-z:2].txt"
59 When using [] or {} sequences when invoked from a command line prompt,
61 you probably have to put the full URL within double quotes to avoid the
62 shell from interfering with it. This also goes for other characters
63 treated special, like for example '&', '?' and '*'.
64 Provide the IPv6 zone index in the URL with an escaped percentage sign
66 and the interface name. Like in
67 "http://[fe80::3%25eth0]/"
69 If you specify URL without protocol:// prefix, curl will attempt to
71 guess what protocol you might want. It will then default to HTTP but
72 try other protocols based on often-used host name prefixes. For exam‐
73 ple, for host names starting with "ftp." curl will assume you want to
74 speak FTP.
75 curl will do its best to use what you pass to it as a URL. It is not
77 trying to validate it as a syntactically correct URL by any means but
78 is instead very liberal with what it accepts.
79 curl will attempt to re-use connections for multiple file transfers, so
81 that getting many files from the same server will not do multiple con‐
82 nects / handshakes. This improves speed. Of course this is only done on
83 files specified on a single command line and cannot be used between
84 separate curl invokes.
85
87 curl normally displays a progress meter during operations, indicating
88 the amount of transferred data, transfer speeds and estimated time
89 left, etc. The progress meter displays number of bytes and the speeds
90 are in bytes per second. The suffixes (k, M, G, T, P) are 1024 based.
91 For example 1k is 1024 bytes. 1M is 1048576 bytes.
92 curl displays this data to the terminal by default, so if you invoke
94 curl to do an operation and it is about to write data to the terminal,
95 it disables the progress meter as otherwise it would mess up the output
96 mixing progress meter and response data.
97 If you want a progress meter for HTTP POST or PUT requests, you need to
99 redirect the response output to a file, using shell redirect (>), -o,
100 --output or similar.
101 It is not the same case for FTP upload as that operation does not spit
103 out any response data to the terminal.
104 If you prefer a progress "bar" instead of the regular meter, -#,
106 --progress-bar is your friend. You can also disable the progress meter
107 completely with the -s, --silent option.
108
110 Options start with one or two dashes. Many of the options require an
111 additional value next to them.
112 The short "single-dash" form of the options, -d for example, may be
114 used with or without a space between it and its value, although a space
115 is a recommended separator. The long "double-dash" form, -d, --data for
116 example, requires a space between it and its value.
117 Short version options that don't need any additional values can be used
119 immediately next to each other, like for example you can specify all
120 the options -O, -L and -v at once as -OLv.
121 In general, all boolean options are enabled with --option and yet again
123 disabled with --no-option. That is, you use the exact same option name
124 but prefix it with "no-". However, in this list we mostly only list and
125 show the --option version of them. (This concept with --no options was
126 added in 7.19.0. Previously most options were toggled on/off on
127 repeated use of the same command line option.)
128 --abstract-unix-socket <path>
130 (HTTP) Connect through an abstract Unix domain socket, instead
131 of using the network. Note: netstat shows the path of an
132 abstract socket prefixed with '@', however the <path> argument
133 should not have this leading character.
134 Added in 7.53.0.
136 --alt-svc <file name>
138 (HTTPS) WARNING: this option is experimental. Do not use in pro‐
139 duction.
140 This option enables the alt-svc parser in curl. If the file name
142 points to an existing alt-svc cache file, that will be used.
143 After a completed transfer, the cache will be saved to the file
144 name again if it has been modified.
145 Specify a "" file name (zero length) to avoid loading/saving and
147 make curl just handle the cache in memory.
148 If this option is used several times, curl will load contents
150 from all the files but the last one will be used for saving.
151 Added in 7.64.1.
153 --anyauth
155 (HTTP) Tells curl to figure out authentication method by itself,
156 and use the most secure one the remote site claims to support.
157 This is done by first doing a request and checking the response-
158 headers, thus possibly inducing an extra network round-trip.
159 This is used instead of setting a specific authentication
160 method, which you can do with --basic, --digest, --ntlm, and
161 --negotiate.
162 Using --anyauth is not recommended if you do uploads from stdin,
164 since it may require data to be sent twice and then the client
165 must be able to rewind. If the need should arise when uploading
166 from stdin, the upload operation will fail.
167 Used together with -u, --user.
169 See also --proxy-anyauth and --basic and --digest.
171 -a, --append
173 (FTP SFTP) When used in an upload, this makes curl append to the
174 target file instead of overwriting it. If the remote file
175 doesn't exist, it will be created. Note that this flag is
176 ignored by some SFTP servers (including OpenSSH).
177 --basic
179 (HTTP) Tells curl to use HTTP Basic authentication with the
180 remote host. This is the default and this option is usually
181 pointless, unless you use it to override a previously set option
182 that sets a different authentication method (such as --ntlm,
183 --digest, or --negotiate).
184 Used together with -u, --user.
186 See also --proxy-basic.
188 --cacert <file>
190 (TLS) Tells curl to use the specified certificate file to verify
191 the peer. The file may contain multiple CA certificates. The
192 certificate(s) must be in PEM format. Normally curl is built to
193 use a default file for this, so this option is typically used to
194 alter that default file.
195 curl recognizes the environment variable named 'CURL_CA_BUNDLE'
197 if it is set, and uses the given path as a path to a CA cert
198 bundle. This option overrides that variable.
199 The windows version of curl will automatically look for a CA
201 certs file named ´curl-ca-bundle.crt´, either in the same direc‐
202 tory as curl.exe, or in the Current Working Directory, or in any
203 folder along your PATH.
204 If curl is built against the NSS SSL library, the NSS PEM
206 PKCS#11 module (libnsspem.so) needs to be available for this
207 option to work properly.
208 (iOS and macOS only) If curl is built against Secure Transport,
210 then this option is supported for backward compatibility with
211 other SSL engines, but it should not be set. If the option is
212 not set, then curl will use the certificates in the system and
213 user Keychain to verify the peer, which is the preferred method
214 of verifying the peer's certificate chain.
215 (Schannel only) This option is supported for Schannel in Windows
217 7 or later with libcurl 7.60 or later. This option is supported
218 for backward compatibility with other SSL engines; instead it is
219 recommended to use Windows' store of root certificates (the
220 default for Schannel).
221 If this option is used several times, the last one will be used.
223 --capath <dir>
225 (TLS) Tells curl to use the specified certificate directory to
226 verify the peer. Multiple paths can be provided by separating
227 them with ":" (e.g. "path1:path2:path3"). The certificates must
228 be in PEM format, and if curl is built against OpenSSL, the
229 directory must have been processed using the c_rehash utility
230 supplied with OpenSSL. Using --capath can allow OpenSSL-powered
231 curl to make SSL-connections much more efficiently than using
232 --cacert if the --cacert file contains many CA certificates.
233 If this option is set, the default capath value will be ignored,
235 and if it is used several times, the last one will be used.
236 --cert-status
238 (TLS) Tells curl to verify the status of the server certificate
239 by using the Certificate Status Request (aka. OCSP stapling) TLS
240 extension.
241 If this option is enabled and the server sends an invalid (e.g.
243 expired) response, if the response suggests that the server cer‐
244 tificate has been revoked, or no response at all is received,
245 the verification fails.
246 This is currently only implemented in the OpenSSL, GnuTLS and
248 NSS backends.
249 Added in 7.41.0.
251 --cert-type <type>
253 (TLS) Tells curl what type the provided client certificate is
254 using. PEM, DER, ENG and P12 are recognized types. If not spec‐
255 ified, PEM is assumed.
256 If this option is used several times, the last one will be used.
258 See also -E, --cert and --key and --key-type.
260 -E, --cert <certificate[:password]>
262 (TLS) Tells curl to use the specified client certificate file
263 when getting a file with HTTPS, FTPS or another SSL-based proto‐
264 col. The certificate must be in PKCS#12 format if using Secure
265 Transport, or PEM format if using any other engine. If the
266 optional password isn't specified, it will be queried for on the
267 terminal. Note that this option assumes a "certificate" file
268 that is the private key and the client certificate concatenated!
269 See -E, --cert and --key to specify them independently.
270 If curl is built against the NSS SSL library then this option
272 can tell curl the nickname of the certificate to use within the
273 NSS database defined by the environment variable SSL_DIR (or by
274 default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (lib‐
275 nsspem.so) is available then PEM files may be loaded. If you
276 want to use a file from the current directory, please precede it
277 with "./" prefix, in order to avoid confusion with a nickname.
278 If the nickname contains ":", it needs to be preceded by "\" so
279 that it is not recognized as password delimiter. If the nick‐
280 name contains "\", it needs to be escaped as "\\" so that it is
281 not recognized as an escape character.
282 If curl is built against OpenSSL library, and the engine pkcs11
284 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
285 ify a certificate located in a PKCS#11 device. A string begin‐
286 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
287 PKCS#11 URI is provided, then the --engine option will be set as
288 "pkcs11" if none was provided and the --cert-type option will be
289 set as "ENG" if none was provided.
290 (iOS and macOS only) If curl is built against Secure Transport,
292 then the certificate string can either be the name of a certifi‐
293 cate/private key in the system or user keychain, or the path to
294 a PKCS#12-encoded certificate and private key. If you want to
295 use a file from the current directory, please precede it with
296 "./" prefix, in order to avoid confusion with a nickname.
297 (Schannel only) Client certificates must be specified by a path
299 expression to a certificate store. (Loading PFX is not sup‐
300 ported; you can import it to a store first). You can use "<store
301 location>\<store name>\<thumbprint>" to refer to a certificate
302 in the system certificates store, for example, "Curren‐
303 tUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint
304 is usually a SHA-1 hex string which you can see in certificate
305 details. Following store locations are supported: CurrentUser,
306 LocalMachine, CurrentService, Services, CurrentUserGroupPolicy,
307 LocalMachineGroupPolicy, LocalMachineEnterprise.
308 If this option is used several times, the last one will be used.
310 See also --cert-type and --key and --key-type.
312 --ciphers <list of ciphers>
314 (TLS) Specifies which ciphers to use in the connection. The list
315 of ciphers must specify valid ciphers. Read up on SSL cipher
316 list details on this URL:
317 https://curl.haxx.se/docs/ssl-ciphers.html
319 If this option is used several times, the last one will be used.
321 --compressed-ssh
323 (SCP SFTP) Enables built-in SSH compression. This is a request,
324 not an order; the server may or may not do it.
325 Added in 7.56.0.
327 --compressed
329 (HTTP) Request a compressed response using one of the algorithms
330 curl supports, and automatically decompress the content. Headers
331 are not modified.
332 If this option is used and the server sends an unsupported
334 encoding, curl will report an error.
335 -K, --config <file>
337 Specify a text file to read curl arguments from. The command
339 line arguments found in the text file will be used as if they
340 were provided on the command line.
341 Options and their parameters must be specified on the same line
343 in the file, separated by whitespace, colon, or the equals sign.
344 Long option names can optionally be given in the config file
345 without the initial double dashes and if so, the colon or equals
346 characters can be used as separators. If the option is specified
347 with one or two dashes, there can be no colon or equals charac‐
348 ter between the option and its parameter.
349 If the parameter contains whitespace (or starts with : or =),
351 the parameter must be enclosed within quotes. Within double
352 quotes, the following escape sequences are available: \\, \",
353 \t, \n, \r and \v. A backslash preceding any other letter is
354 ignored. If the first column of a config line is a '#' charac‐
355 ter, the rest of the line will be treated as a comment. Only
356 write one option per physical line in the config file.
357 Specify the filename to -K, --config as '-' to make curl read
359 the file from stdin.
360 Note that to be able to specify a URL in the config file, you
362 need to specify it using the --url option, and not by simply
363 writing the URL on its own line. So, it could look similar to
364 this:
365 url = "https://curl.haxx.se/docs/"
367 When curl is invoked, it (unless -q, --disable is used) checks
369 for a default config file and uses it if found. The default con‐
370 fig file is checked for in the following places in this order:
371 1) curl tries to find the "home dir": It first checks for the
373 CURL_HOME and then the HOME environment variables. Failing that,
374 it uses getpwuid() on Unix-like systems (which returns the home
375 dir given the current user in your system). On Windows, it then
376 checks for the APPDATA variable, or as a last resort the '%USER‐
377 PROFILE%\Application Data'.
378 2) On windows, if there is no .curlrc file in the home dir, it
380 checks for one in the same dir the curl executable is placed. On
381 Unix-like systems, it will simply try to load .curlrc from the
382 determined home dir.
383 # --- Example file ---
385 # this is a comment
386 url = "example.com"
387 output = "curlhere.html"
388 user-agent = "superagent/1.0"
389 # and fetch another URL too
391 url = "example.com/docs/manpage.html"
392 -O
393 referer = "http://nowhereatall.example.com/"
394 # --- End of example file ---
395 This option can be used multiple times to load multiple config
397 files.
398 --connect-timeout <seconds>
400 Maximum time in seconds that you allow curl's connection to
401 take. This only limits the connection phase, so if curl con‐
402 nects within the given period it will continue - if not it will
403 exit. Since version 7.32.0, this option accepts decimal values.
404 If this option is used several times, the last one will be used.
406 See also -m, --max-time.
408 --connect-to <HOST1:PORT1:HOST2:PORT2>
410 For a request to the given HOST1:PORT1 pair, connect to
412 HOST2:PORT2 instead. This option is suitable to direct requests
413 at a specific server, e.g. at a specific cluster node in a clus‐
414 ter of servers. This option is only used to establish the net‐
415 work connection. It does NOT affect the hostname/port that is
416 used for TLS/SSL (e.g. SNI, certificate verification) or for the
417 application protocols. "HOST1" and "PORT1" may be the empty
418 string, meaning "any host/port". "HOST2" and "PORT2" may also be
419 the empty string, meaning "use the request's original
420 host/port".
421 A "host" specified to this option is compared as a string, so it
423 needs to match the name used in request URL. It can be either
424 numerical such as "127.0.0.1" or the full host name such as
425 "example.org".
426 This option can be used many times to add many connect rules.
428 See also --resolve and -H, --header. Added in 7.49.0.
430 -C, --continue-at <offset>
432 Continue/Resume a previous file transfer at the given offset.
433 The given offset is the exact number of bytes that will be
434 skipped, counting from the beginning of the source file before
435 it is transferred to the destination. If used with uploads, the
436 FTP server command SIZE will not be used by curl.
437 Use "-C -" to tell curl to automatically find out where/how to
439 resume the transfer. It then uses the given output/input files
440 to figure that out.
441 If this option is used several times, the last one will be used.
443 See also -r, --range.
445 -c, --cookie-jar <filename>
447 (HTTP) Specify to which file you want curl to write all cookies
448 after a completed operation. Curl writes all cookies from its
449 in-memory cookie storage to the given file at the end of opera‐
450 tions. If no cookies are known, no data will be written. The
451 file will be written using the Netscape cookie file format. If
452 you set the file name to a single dash, "-", the cookies will be
453 written to stdout.
454 This command line option will activate the cookie engine that
456 makes curl record and use cookies. Another way to activate it is
457 to use the -b, --cookie option.
458 If the cookie jar can't be created or written to, the whole curl
460 operation won't fail or even report an error clearly. Using -v,
461 --verbose will get a warning displayed, but that is the only
462 visible feedback you get about this possibly lethal situation.
463 If this option is used several times, the last specified file
465 name will be used.
466 -b, --cookie <data|filename>
468 (HTTP) Pass the data to the HTTP server in the Cookie header. It
469 is supposedly the data previously received from the server in a
470 "Set-Cookie:" line. The data should be in the format
471 "NAME1=VALUE1; NAME2=VALUE2".
472 If no '=' symbol is used in the argument, it is instead treated
474 as a filename to read previously stored cookie from. This option
475 also activates the cookie engine which will make curl record
476 incoming cookies, which may be handy if you're using this in
477 combination with the -L, --location option or do multiple URL
478 transfers on the same invoke. If the file name is exactly a
479 minus ("-"), curl will instead read the contents from stdin.
480 The file format of the file to read cookies from should be plain
482 HTTP headers (Set-Cookie style) or the Netscape/Mozilla cookie
483 file format.
484 The file specified with -b, --cookie is only used as input. No
486 cookies will be written to the file. To store cookies, use the
487 -c, --cookie-jar option.
488 Exercise caution if you are using this option and multiple
490 transfers may occur. If you use the NAME1=VALUE1; format, or in
491 a file use the Set-Cookie format and don't specify a domain,
492 then the cookie is sent for any domain (even after redirects are
493 followed) and cannot be modified by a server-set cookie. If the
494 cookie engine is enabled and a server sets a cookie of the same
495 name then both will be sent on a future transfer to that server,
496 likely not what you intended. To address these issues set a
497 domain in Set-Cookie (doing that will include sub domains) or
498 use the Netscape format.
499 If this option is used several times, the last one will be used.
501 Users very often want to both read cookies from a file and write
503 updated cookies back to a file, so using both -b, --cookie and
504 -c, --cookie-jar in the same command line is common.
505 --create-dirs
507 When used in conjunction with the -o, --output option, curl will
508 create the necessary local directory hierarchy as needed. This
509 option creates the dirs mentioned with the -o, --output option,
510 nothing else. If the --output file name uses no dir or if the
511 dirs it mentions already exist, no dir will be created.
512 Created dirs are made with mode 0750 on unix style file systems.
514 To create remote directories when using FTP or SFTP, try --ftp-
516 create-dirs.
517 --crlf (FTP SMTP) Convert LF to CRLF in upload. Useful for MVS
519 (OS/390).
520 (SMTP added in 7.40.0)
522 --crlfile <file>
524 (TLS) Provide a file using PEM format with a Certificate Revoca‐
525 tion List that may specify peer certificates that are to be con‐
526 sidered revoked.
527 If this option is used several times, the last one will be used.
529 Added in 7.19.7.
531 --data-ascii <data>
533 (HTTP) This is just an alias for -d, --data.
534 --data-binary <data>
536 (HTTP) This posts data exactly as specified with no extra pro‐
537 cessing whatsoever.
538 If you start the data with the letter @, the rest should be a
540 filename. Data is posted in a similar manner as -d, --data
541 does, except that newlines and carriage returns are preserved
542 and conversions are never done.
543 Like -d, --data the default content-type sent to the server is
545 application/x-www-form-urlencoded. If you want the data to be
546 treated as arbitrary binary data by the server then set the con‐
547 tent-type to octet-stream: -H "Content-Type: application/octet-
548 stream".
549 If this option is used several times, the ones following the
551 first will append data as described in -d, --data.
552 --data-raw <data>
554 (HTTP) This posts data similarly to -d, --data but without the
555 special interpretation of the @ character.
556 See also -d, --data. Added in 7.43.0.
558 --data-urlencode <data>
560 (HTTP) This posts data, similar to the other -d, --data options
561 with the exception that this performs URL-encoding.
562 To be CGI-compliant, the <data> part should begin with a name
564 followed by a separator and a content specification. The <data>
565 part can be passed to curl using one of the following syntaxes:
566 content
568 This will make curl URL-encode the content and pass that
569 on. Just be careful so that the content doesn't contain
570 any = or @ symbols, as that will then make the syntax
571 match one of the other cases below!
572 =content
574 This will make curl URL-encode the content and pass that
575 on. The preceding = symbol is not included in the data.
576 name=content
578 This will make curl URL-encode the content part and pass
579 that on. Note that the name part is expected to be URL-
580 encoded already.
581 @filename
583 This will make curl load data from the given file
584 (including any newlines), URL-encode that data and pass
585 it on in the POST.
586 name@filename
588 This will make curl load data from the given file
589 (including any newlines), URL-encode that data and pass
590 it on in the POST. The name part gets an equal sign
591 appended, resulting in name=urlencoded-file-content. Note
592 that the name is expected to be URL-encoded already.
593 See also -d, --data and --data-raw. Added in 7.18.0.
595 -d, --data <data>
597 (HTTP MQTT) Sends the specified data in a POST request to the
598 HTTP server, in the same way that a browser does when a user has
599 filled in an HTML form and presses the submit button. This will
600 cause curl to pass the data to the server using the content-type
601 application/x-www-form-urlencoded. Compare to -F, --form.
602 --data-raw is almost the same but does not have a special inter‐
604 pretation of the @ character. To post data purely binary, you
605 should instead use the --data-binary option. To URL-encode the
606 value of a form field you may use --data-urlencode.
607 If any of these options is used more than once on the same com‐
609 mand line, the data pieces specified will be merged together
610 with a separating &-symbol. Thus, using '-d name=daniel -d
611 skill=lousy' would generate a post chunk that looks like
612 'name=daniel&skill=lousy'.
613 If you start the data with the letter @, the rest should be a
615 file name to read the data from, or - if you want curl to read
616 the data from stdin. Posting data from a file named 'foobar'
617 would thus be done with -d, --data @foobar. When -d, --data is
618 told to read from a file like that, carriage returns and new‐
619 lines will be stripped out. If you don't want the @ character to
620 have a special interpretation use --data-raw instead.
621 See also --data-binary and --data-urlencode and --data-raw. This
623 option overrides -F, --form and -I, --head and -T, --upload-
624 file.
625 --delegation <LEVEL>
627 (GSS/kerberos) Set LEVEL to tell the server what it is allowed
628 to delegate when it comes to user credentials.
629 none Don't allow any delegation.
631 policy Delegates if and only if the OK-AS-DELEGATE flag is set
633 in the Kerberos service ticket, which is a matter of
634 realm policy.
635 always Unconditionally allow the server to delegate.
637 --digest
639 (HTTP) Enables HTTP Digest authentication. This is an authenti‐
640 cation scheme that prevents the password from being sent over
641 the wire in clear text. Use this in combination with the normal
642 -u, --user option to set user name and password.
643 If this option is used several times, only the first one is
645 used.
646 See also -u, --user and --proxy-digest and --anyauth. This
648 option overrides --basic and --ntlm and --negotiate.
649 --disable-eprt
651 (FTP) Tell curl to disable the use of the EPRT and LPRT commands
652 when doing active FTP transfers. Curl will normally always first
653 attempt to use EPRT, then LPRT before using PORT, but with this
654 option, it will use PORT right away. EPRT and LPRT are exten‐
655 sions to the original FTP protocol, and may not work on all
656 servers, but they enable more functionality in a better way than
657 the traditional PORT command.
658 --eprt can be used to explicitly enable EPRT again and --no-eprt
660 is an alias for --disable-eprt.
661 If the server is accessed using IPv6, this option will have no
663 effect as EPRT is necessary then.
664 Disabling EPRT only changes the active behavior. If you want to
666 switch to passive mode you need to not use -P, --ftp-port or
667 force it with --ftp-pasv.
668 --disable-epsv
670 (FTP) (FTP) Tell curl to disable the use of the EPSV command
671 when doing passive FTP transfers. Curl will normally always
672 first attempt to use EPSV before PASV, but with this option, it
673 will not try using EPSV.
674 --epsv can be used to explicitly enable EPSV again and --no-epsv
676 is an alias for --disable-epsv.
677 If the server is an IPv6 host, this option will have no effect
679 as EPSV is necessary then.
680 Disabling EPSV only changes the passive behavior. If you want to
682 switch to active mode you need to use -P, --ftp-port.
683 -q, --disable
685 If used as the first parameter on the command line, the curlrc
686 config file will not be read and used. See the -K, --config for
687 details on the default config file search path.
688 --disallow-username-in-url
690 (HTTP) This tells curl to exit if passed a url containing a
691 username.
692 See also --proto. Added in 7.61.0.
694 --dns-interface <interface>
696 (DNS) Tell curl to send outgoing DNS requests through <inter‐
697 face>. This option is a counterpart to --interface (which does
698 not affect DNS). The supplied string must be an interface name
699 (not an address).
700 See also --dns-ipv4-addr and --dns-ipv6-addr. --dns-interface
702 requires that the underlying libcurl was built to support c-
703 ares. Added in 7.33.0.
704 --dns-ipv4-addr <address>
706 (DNS) Tell curl to bind to <ip-address> when making IPv4 DNS
707 requests, so that the DNS requests originate from this address.
708 The argument should be a single IPv4 address.
709 See also --dns-interface and --dns-ipv6-addr. --dns-ipv4-addr
711 requires that the underlying libcurl was built to support c-
712 ares. Added in 7.33.0.
713 --dns-ipv6-addr <address>
715 (DNS) Tell curl to bind to <ip-address> when making IPv6 DNS
716 requests, so that the DNS requests originate from this address.
717 The argument should be a single IPv6 address.
718 See also --dns-interface and --dns-ipv4-addr. --dns-ipv6-addr
720 requires that the underlying libcurl was built to support c-
721 ares. Added in 7.33.0.
722 --dns-servers <addresses>
724 Set the list of DNS servers to be used instead of the system
725 default. The list of IP addresses should be separated with com‐
726 mas. Port numbers may also optionally be given as :<port-number>
727 after each IP address.
728 --dns-servers requires that the underlying libcurl was built to
730 support c-ares. Added in 7.33.0.
731 --doh-url <URL>
733 (all) Specifies which DNS-over-HTTPS (DOH) server to use to
734 resolve hostnames, instead of using the default name resolver
735 mechanism. The URL must be HTTPS.
736 If this option is used several times, the last one will be used.
738 Added in 7.62.0.
740 -D, --dump-header <filename>
742 (HTTP FTP) Write the received protocol headers to the specified
743 file.
744 This option is handy to use when you want to store the headers
746 that an HTTP site sends to you. Cookies from the headers could
747 then be read in a second curl invocation by using the -b,
748 --cookie option! The -c, --cookie-jar option is a better way to
749 store cookies.
750 If no headers are received, the use of this option will create
752 an empty file.
753 When used in FTP, the FTP server response lines are considered
755 being "headers" and thus are saved there.
756 If this option is used several times, the last one will be used.
758 See also -o, --output.
760 --egd-file <file>
762 (TLS) Specify the path name to the Entropy Gathering Daemon
763 socket. The socket is used to seed the random engine for SSL
764 connections.
765 See also --random-file.
767 --engine <name>
769 (TLS) Select the OpenSSL crypto engine to use for cipher opera‐
770 tions. Use --engine list to print a list of build-time supported
771 engines. Note that not all (or none) of the engines may be
772 available at run-time.
773 --etag-compare <file>
775 (HTTP) This option makes a conditional HTTP request for the spe‐
776 cific ETag read from the given file by sending a custom If-None-
777 Match header using the extracted ETag.
778 For correct results, make sure that specified file contains only
780 a single line with a desired ETag. An empty file is parsed as an
781 empty ETag.
782 Use the option --etag-save to first save the ETag from a
784 response, and then use this option to compare using the saved
785 ETag in a subsequent request.
786 OMPARISON: There are 2 types of comparison or ETags, Weak and
788 Strong. This option expects, and uses a strong comparison.
789 Added in 7.68.0.
791 --etag-save <file>
793 (HTTP) This option saves an HTTP ETag to the specified file.
794 Etag is usually part of headers returned by a request. When
795 server sends an ETag, it must be enveloped by a double quote.
796 This option extracts the ETag without the double quotes and
797 saves it into the <file>.
798 A server can send a week ETag which is prefixed by "W/". This
800 identifier is not considered, and only relevant ETag between
801 quotation marks is parsed.
802 It an ETag wasn't send by the server or it cannot be parsed, and
804 empty file is created.
805 Added in 7.68.0.
807 --expect100-timeout <seconds>
809 (HTTP) Maximum time in seconds that you allow curl to wait for a
810 100-continue response when curl emits an Expects: 100-continue
811 header in its request. By default curl will wait one second.
812 This option accepts decimal values! When curl stops waiting, it
813 will continue as if the response has been received.
814 See also --connect-timeout. Added in 7.47.0.
816 --fail-early
818 Fail and exit on the first detected transfer error.
819 When curl is used to do multiple transfers on the command line,
821 it will attempt to operate on each given URL, one by one. By
822 default, it will ignore errors if there are more URLs given and
823 the last URL's success will determine the error code curl
824 returns. So early failures will be "hidden" by subsequent suc‐
825 cessful transfers.
826 Using this option, curl will instead return an error on the
828 first transfer that fails, independent of the amount of URLs
829 that are given on the command line. This way, no transfer fail‐
830 ures go undetected by scripts and similar.
831 This option is global and does not need to be specified for each
833 use of -:, --next.
834 This option does not imply -f, --fail, which causes transfers to
836 fail due to the server's HTTP status code. You can combine the
837 two options, however note -f, --fail is not global and is there‐
838 fore contained by -:, --next.
839 Added in 7.52.0.
841 -f, --fail
843 (HTTP) Fail silently (no output at all) on server errors. This
844 is mostly done to better enable scripts etc to better deal with
845 failed attempts. In normal cases when an HTTP server fails to
846 deliver a document, it returns an HTML document stating so
847 (which often also describes why and more). This flag will pre‐
848 vent curl from outputting that and return error 22.
849 This method is not fail-safe and there are occasions where non-
851 successful response codes will slip through, especially when
852 authentication is involved (response codes 401 and 407).
853 --false-start
855 (TLS) Tells curl to use false start during the TLS handshake.
856 False start is a mode where a TLS client will start sending
857 application data before verifying the server's Finished message,
858 thus saving a round trip when performing a full handshake.
859 This is currently only implemented in the NSS and Secure Trans‐
861 port (on iOS 7.0 or later, or OS X 10.9 or later) backends.
862 Added in 7.42.0.
864 --form-string <name=string>
866 (HTTP SMTP IMAP) Similar to -F, --form except that the value
867 string for the named parameter is used literally. Leading '@'
868 and '<' characters, and the ';type=' string in the value have no
869 special meaning. Use this in preference to -F, --form if there's
870 any possibility that the string value may accidentally trigger
871 the '@' or '<' features of -F, --form.
872 See also -F, --form.
874 -F, --form <name=content>
876 (HTTP SMTP IMAP) For HTTP protocol family, this lets curl emu‐
877 late a filled-in form in which a user has pressed the submit
878 button. This causes curl to POST data using the Content-Type
879 multipart/form-data according to RFC 2388.
880 For SMTP and IMAP protocols, this is the mean to compose a mul‐
882 tipart mail message to transmit.
883 This enables uploading of binary files etc. To force the 'con‐
885 tent' part to be a file, prefix the file name with an @ sign. To
886 just get the content part from a file, prefix the file name with
887 the symbol <. The difference between @ and < is then that @
888 makes a file get attached in the post as a file upload, while
889 the < makes a text field and just get the contents for that text
890 field from a file.
891 Tell curl to read content from stdin instead of a file by using
893 - as filename. This goes for both @ and < constructs. When stdin
894 is used, the contents is buffered in memory first by curl to
895 determine its size and allow a possible resend. Defining a
896 part's data from a named non-regular file (such as a named pipe
897 or similar) is unfortunately not subject to buffering and will
898 be effectively read at transmission time; since the full size is
899 unknown before the transfer starts, such data is sent as chunks
900 by HTTP and rejected by IMAP.
901 Example: send an image to an HTTP server, where 'profile' is the
903 name of the form-field to which the file portrait.jpg will be
904 the input:
905 curl -F profile=@portrait.jpg https://example.com/upload.cgi
907 Example: send your name and shoe size in two text fields to the
909 server:
910 curl -F name=John -F shoesize=11 https://example.com/
912 Example: send your essay in a text field to the server. Send it
914 as a plain text field, but get the contents for it from a local
915 file:
916 curl -F "story=<hugefile.txt" https://example.com/
918 You can also tell curl what Content-Type to use by using
920 'type=', in a manner similar to:
921 curl -F "web=@index.html;type=text/html" example.com
923 or
925 curl -F "name=daniel;type=text/foo" example.com
927 You can also explicitly change the name field of a file upload
929 part by setting filename=, like this:
930 curl -F "file=@localfile;filename=nameinpost" example.com
932 If filename/path contains ',' or ';', it must be quoted by dou‐
934 ble-quotes like:
935 curl -F "file=@\"localfile\";filename=\"nameinpost\"" exam‐
937 ple.com
938 or
940 curl -F 'file=@"localfile";filename="nameinpost"' example.com
942 Note that if a filename/path is quoted by double-quotes, any
944 double-quote or backslash within the filename must be escaped by
945 backslash.
946 Quoting must also be applied to non-file data if it contains
948 semicolons, leading/trailing spaces or leading double quotes:
949 curl -F 'colors="red; green; blue";type=text/x-myapp' exam‐
951 ple.com
952 You can add custom headers to the field by setting headers=,
954 like
955 curl -F "submit=OK;headers=\"X-submit-type: OK\"" example.com
957 or
959 curl -F "submit=OK;headers=@headerfile" example.com
961 The headers= keyword may appear more that once and above notes
963 about quoting apply. When headers are read from a file, Empty
964 lines and lines starting with '#' are comments and ignored; each
965 header can be folded by splitting between two words and starting
966 the continuation line with a space; embedded carriage-returns
967 and trailing spaces are stripped. Here is an example of a
968 header file contents:
969 # This file contain two headers.
971 X-header-1: this is a header
972 # The following header is folded.
974 X-header-2: this is
975 another header
976 To support sending multipart mail messages, the syntax is
979 extended as follows:
980 - name can be omitted: the equal sign is the first character of
981 the argument,
982 - if data starts with '(', this signals to start a new multi‐
983 part: it can be followed by a content type specification.
984 - a multipart can be terminated with a '=)' argument.
985 Example: the following command sends an SMTP mime e-mail con‐
987 sisting in an inline part in two alternative formats: plain text
988 and HTML. It attaches a text file:
989 curl -F '=(;type=multipart/alternative' \
991 -F '=plain text message' \
992 -F '= <body>HTML message</body>;type=text/html' \
993 -F '=)' -F '=@textfile.txt' ... smtp://example.com
994 Data can be encoded for transfer using encoder=. Available
996 encodings are binary and 8bit that do nothing else than adding
997 the corresponding Content-Transfer-Encoding header, 7bit that
998 only rejects 8-bit characters with a transfer error, quoted-
999 printable and base64 that encodes data according to the corre‐
1000 sponding schemes, limiting lines length to 76 characters.
1001 Example: send multipart mail with a quoted-printable text mes‐
1003 sage and a base64 attached file:
1004 curl -F '=text message;encoder=quoted-printable' \
1006 -F '=@localfile;encoder=base64' ... smtp://example.com
1007 See further examples and details in the MANUAL.
1009 This option can be used multiple times.
1011 This option overrides -d, --data and -I, --head and -T,
1013 --upload-file.
1014 --ftp-account <data>
1016 (FTP) When an FTP server asks for "account data" after user name
1017 and password has been provided, this data is sent off using the
1018 ACCT command.
1019 If this option is used several times, the last one will be used.
1021 Added in 7.13.0.
1023 --ftp-alternative-to-user <command>
1025 (FTP) If authenticating with the USER and PASS commands fails,
1026 send this command. When connecting to Tumbleweed's Secure
1027 Transport server over FTPS using a client certificate, using
1028 "SITE AUTH" will tell the server to retrieve the username from
1029 the certificate.
1030 Added in 7.15.5.
1032 --ftp-create-dirs
1034 (FTP SFTP) When an FTP or SFTP URL/operation uses a path that
1035 doesn't currently exist on the server, the standard behavior of
1036 curl is to fail. Using this option, curl will instead attempt to
1037 create missing directories.
1038 See also --create-dirs.
1040 --ftp-method <method>
1042 (FTP) Control what method curl should use to reach a file on an
1043 FTP(S) server. The method argument should be one of the follow‐
1044 ing alternatives:
1045 multicwd
1047 curl does a single CWD operation for each path part in
1048 the given URL. For deep hierarchies this means very many
1049 commands. This is how RFC 1738 says it should be done.
1050 This is the default but the slowest behavior.
1051 nocwd curl does no CWD at all. curl will do SIZE, RETR, STOR
1053 etc and give a full path to the server for all these com‐
1054 mands. This is the fastest behavior.
1055 singlecwd
1057 curl does one CWD with the full target directory and then
1058 operates on the file "normally" (like in the multicwd
1059 case). This is somewhat more standards compliant than
1060 'nocwd' but without the full penalty of 'multicwd'.
1061 Added in 7.15.1.
1063 --ftp-pasv
1065 (FTP) Use passive mode for the data connection. Passive is the
1066 internal default behavior, but using this option can be used to
1067 override a previous -P, --ftp-port option.
1068 If this option is used several times, only the first one is
1070 used. Undoing an enforced passive really isn't doable but you
1071 must then instead enforce the correct -P, --ftp-port again.
1072 Passive mode means that curl will try the EPSV command first and
1074 then PASV, unless --disable-epsv is used.
1075 See also --disable-epsv. Added in 7.11.0.
1077 -P, --ftp-port <address>
1079 (FTP) Reverses the default initiator/listener roles when con‐
1080 necting with FTP. This option makes curl use active mode. curl
1081 then tells the server to connect back to the client's specified
1082 address and port, while passive mode asks the server to setup an
1083 IP address and port for it to connect to. <address> should be
1084 one of:
1085 interface
1087 e.g. "eth0" to specify which interface's IP address you
1088 want to use (Unix only)
1089 IP address
1091 e.g. "192.168.10.1" to specify the exact IP address
1092 host name
1094 e.g. "my.host.domain" to specify the machine
1095 - make curl pick the same IP address that is already used
1097 for the control connection
1098 If this option is used several times, the last one will be used. Dis‐
1100 able the use of PORT with --ftp-pasv. Disable the attempt to use the
1101 EPRT command instead of PORT by using --disable-eprt. EPRT is really
1102 PORT++.
1103 Since 7.19.5, you can append ":[start]-[end]" to the right of the
1105 address, to tell curl what TCP port range to use. That means you spec‐
1106 ify a port range, from a lower to a higher number. A single number
1107 works as well, but do note that it increases the risk of failure since
1108 the port may not be available.
1109 See also --ftp-pasv and --disable-eprt.
1111 --ftp-pret
1113 (FTP) Tell curl to send a PRET command before PASV (and EPSV).
1114 Certain FTP servers, mainly drftpd, require this non-standard
1115 command for directory listings as well as up and downloads in
1116 PASV mode.
1117 Added in 7.20.0.
1119 --ftp-skip-pasv-ip
1121 (FTP) Tell curl to not use the IP address the server suggests in
1122 its response to curl's PASV command when curl connects the data
1123 connection. Instead curl will re-use the same IP address it
1124 already uses for the control connection.
1125 This option has no effect if PORT, EPRT or EPSV is used instead
1127 of PASV.
1128 See also --ftp-pasv. Added in 7.14.2.
1130 --ftp-ssl-ccc-mode <active/passive>
1132 (FTP) Sets the CCC mode. The passive mode will not initiate the
1133 shutdown, but instead wait for the server to do it, and will not
1134 reply to the shutdown from the server. The active mode initiates
1135 the shutdown and waits for a reply from the server.
1136 See also --ftp-ssl-ccc. Added in 7.16.2.
1138 --ftp-ssl-ccc
1140 (FTP) Use CCC (Clear Command Channel) Shuts down the SSL/TLS
1141 layer after authenticating. The rest of the control channel com‐
1142 munication will be unencrypted. This allows NAT routers to fol‐
1143 low the FTP transaction. The default mode is passive.
1144 See also --ssl and --ftp-ssl-ccc-mode. Added in 7.16.1.
1146 --ftp-ssl-control
1148 (FTP) Require SSL/TLS for the FTP login, clear for transfer.
1149 Allows secure authentication, but non-encrypted data transfers
1150 for efficiency. Fails the transfer if the server doesn't sup‐
1151 port SSL/TLS.
1152 Added in 7.16.0.
1154 -G, --get
1156 When used, this option will make all data specified with -d,
1157 --data, --data-binary or --data-urlencode to be used in an HTTP
1158 GET request instead of the POST request that otherwise would be
1159 used. The data will be appended to the URL with a '?' separator.
1160 If used in combination with -I, --head, the POST data will
1162 instead be appended to the URL with a HEAD request.
1163 If this option is used several times, only the first one is
1165 used. This is because undoing a GET doesn't make sense, but you
1166 should then instead enforce the alternative method you prefer.
1167 -g, --globoff
1169 This option switches off the "URL globbing parser". When you set
1170 this option, you can specify URLs that contain the letters {}[]
1171 without having them being interpreted by curl itself. Note that
1172 these letters are not normal legal URL contents but they should
1173 be encoded according to the URI standard.
1174 --happy-eyeballs-timeout-ms <milliseconds>
1176 Happy eyeballs is an algorithm that attempts to connect to both
1177 IPv4 and IPv6 addresses for dual-stack hosts, preferring IPv6
1178 first for the number of milliseconds. If the IPv6 address cannot
1179 be connected to within that time then a connection attempt is
1180 made to the IPv4 address in parallel. The first connection to be
1181 established is the one that is used.
1182 The range of suggested useful values is limited. Happy Eyeballs
1184 RFC 6555 says "It is RECOMMENDED that connection attempts be
1185 paced 150-250 ms apart to balance human factors against network
1186 load." libcurl currently defaults to 200 ms. Firefox and Chrome
1187 currently default to 300 ms.
1188 If this option is used several times, the last one will be used.
1190 Added in 7.59.0.
1192 --haproxy-protocol
1194 (HTTP) Send a HAProxy PROXY protocol v1 header at the beginning
1195 of the connection. This is used by some load balancers and
1196 reverse proxies to indicate the client's true IP address and
1197 port.
1198 This option is primarily useful when sending test requests to a
1200 service that expects this header.
1201 Added in 7.60.0.
1203 -I, --head
1205 (HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the
1206 command HEAD which this uses to get nothing but the header of a
1207 document. When used on an FTP or FILE file, curl displays the
1208 file size and last modification time only.
1209 -H, --header <header/@file>
1211 (HTTP) Extra header to include in the request when sending HTTP
1212 to a server. You may specify any number of extra headers. Note
1213 that if you should add a custom header that has the same name as
1214 one of the internal ones curl would use, your externally set
1215 header will be used instead of the internal one. This allows you
1216 to make even trickier stuff than curl would normally do. You
1217 should not replace internally set headers without knowing per‐
1218 fectly well what you're doing. Remove an internal header by giv‐
1219 ing a replacement without content on the right side of the
1220 colon, as in: -H "Host:". If you send the custom header with no-
1221 value then its header must be terminated with a semicolon, such
1222 as -H "X-Custom-Header;" to send "X-Custom-Header:".
1223 curl will make sure that each header you add/replace is sent
1225 with the proper end-of-line marker, you should thus not add that
1226 as a part of the header content: do not add newlines or carriage
1227 returns, they will only mess things up for you.
1228 Starting in 7.55.0, this option can take an argument in @file‐
1230 name style, which then adds a header for each line in the input
1231 file. Using @- will make curl read the header file from stdin.
1232 See also the -A, --user-agent and -e, --referer options.
1234 Starting in 7.37.0, you need --proxy-header to send custom head‐
1236 ers intended for a proxy.
1237 Example:
1239 curl -H "X-First-Name: Joe" http://example.com/
1241 WARNING: headers set with this option will be set in all
1243 requests - even after redirects are followed, like when told
1244 with -L, --location. This can lead to the header being sent to
1245 other hosts than the original host, so sensitive headers should
1246 be used with caution combined with following redirects.
1247 This option can be used multiple times to add/replace/remove
1249 multiple headers.
1250 -h, --help
1252 Usage help. This lists all current command line options with a
1253 short description.
1254 --hostpubmd5 <md5>
1256 (SFTP SCP) Pass a string containing 32 hexadecimal digits. The
1257 string should be the 128 bit MD5 checksum of the remote host's
1258 public key, curl will refuse the connection with the host unless
1259 the md5sums match.
1260 Added in 7.17.1.
1262 --http0.9
1264 (HTTP) Tells curl to be fine with HTTP version 0.9 response.
1265 HTTP/0.9 is a completely headerless response and therefore you
1267 can also connect with this to non-HTTP servers and still get a
1268 response since curl will simply transparently downgrade - if
1269 allowed.
1270 Since curl 7.66.0, HTTP/0.9 is disabled by default.
1272 -0, --http1.0
1274 (HTTP) Tells curl to use HTTP version 1.0 instead of using its
1275 internally preferred HTTP version.
1276 This option overrides --http1.1 and --http2.
1278 --http1.1
1280 (HTTP) Tells curl to use HTTP version 1.1.
1281 This option overrides -0, --http1.0 and --http2. Added in
1283 7.33.0.
1284 --http2-prior-knowledge
1286 (HTTP) Tells curl to issue its non-TLS HTTP requests using
1287 HTTP/2 without HTTP/1.1 Upgrade. It requires prior knowledge
1288 that the server supports HTTP/2 straight away. HTTPS requests
1289 will still do HTTP/2 the standard way with negotiated protocol
1290 version in the TLS handshake.
1291 --http2-prior-knowledge requires that the underlying libcurl was
1293 built to support HTTP/2. This option overrides --http1.1 and -0,
1294 --http1.0 and --http2. Added in 7.49.0.
1295 --http2
1297 (HTTP) Tells curl to use HTTP version 2.
1298 See also --http1.1 and --http3. --http2 requires that the under‐
1300 lying libcurl was built to support HTTP/2. This option overrides
1301 --http1.1 and -0, --http1.0 and --http2-prior-knowledge. Added
1302 in 7.33.0.
1303 --http3
1305 (HTTP) WARNING: this option is experimental. Do not use in pro‐
1306 duction.
1307 Tells curl to use HTTP version 3 directly to the host and port
1309 number used in the URL. A normal HTTP/3 transaction will be done
1310 to a host and then get redirected via Alt-SVc, but this option
1311 allows a user to circumvent that when you know that the target
1312 speaks HTTP/3 on the given host and port.
1313 This option will make curl fail if a QUIC connection cannot be
1315 established, it cannot fall back to a lower HTTP version on its
1316 own.
1317 See also --http1.1 and --http2. --http3 requires that the under‐
1319 lying libcurl was built to support HTTP/3. This option overrides
1320 --http1.1 and -0, --http1.0 and --http2 and --http2-prior-knowl‐
1321 edge. Added in 7.66.0.
1322 --ignore-content-length
1324 (FTP HTTP) For HTTP, Ignore the Content-Length header. This is
1325 particularly useful for servers running Apache 1.x, which will
1326 report incorrect Content-Length for files larger than 2 giga‐
1327 bytes.
1328 For FTP (since 7.46.0), skip the RETR command to figure out the
1330 size before downloading a file.
1331 -i, --include
1333 Include the HTTP response headers in the output. The HTTP
1334 response headers can include things like server name, cookies,
1335 date of the document, HTTP version and more...
1336 To view the request headers, consider the -v, --verbose option.
1338 See also -v, --verbose.
1340 -k, --insecure
1342 (TLS) By default, every SSL connection curl makes is verified to
1343 be secure. This option allows curl to proceed and operate even
1344 for server connections otherwise considered insecure.
1345 The server connection is verified by making sure the server's
1347 certificate contains the right name and verifies successfully
1348 using the cert store.
1349 See this online resource for further details:
1351 https://curl.haxx.se/docs/sslcerts.html
1352 See also --proxy-insecure and --cacert.
1354 --interface <name>
1356 Perform an operation using a specified interface. You can enter
1358 interface name, IP address or host name. An example could look
1359 like:
1360 curl --interface eth0:1 https://www.example.com/
1362 If this option is used several times, the last one will be used.
1364 On Linux it can be used to specify a VRF, but the binary needs
1366 to either have CAP_NET_RAW or to be run as root. More informa‐
1367 tion about Linux VRF: https://www.kernel.org/doc/Documenta‐
1368 tion/networking/vrf.txt
1369 See also --dns-interface.
1371 -4, --ipv4
1373 This option tells curl to resolve names to IPv4 addresses only,
1374 and not for example try IPv6.
1375 See also --http1.1 and --http2. This option overrides -6,
1377 --ipv6.
1378 -6, --ipv6
1380 This option tells curl to resolve names to IPv6 addresses only,
1381 and not for example try IPv4.
1382 See also --http1.1 and --http2. This option overrides -4,
1384 --ipv4.
1385 -j, --junk-session-cookies
1387 (HTTP) When curl is told to read cookies from a given file, this
1388 option will make it discard all "session cookies". This will
1389 basically have the same effect as if a new session is started.
1390 Typical browsers always discard session cookies when they're
1391 closed down.
1392 See also -b, --cookie and -c, --cookie-jar.
1394 --keepalive-time <seconds>
1396 This option sets the time a connection needs to remain idle
1397 before sending keepalive probes and the time between individual
1398 keepalive probes. It is currently effective on operating systems
1399 offering the TCP_KEEPIDLE and TCP_KEEPINTVL socket options
1400 (meaning Linux, recent AIX, HP-UX and more). This option has no
1401 effect if --no-keepalive is used.
1402 If this option is used several times, the last one will be used.
1404 If unspecified, the option defaults to 60 seconds.
1405 Added in 7.18.0.
1407 --key-type <type>
1409 (TLS) Private key file type. Specify which type your --key pro‐
1410 vided private key is. DER, PEM, and ENG are supported. If not
1411 specified, PEM is assumed.
1412 If this option is used several times, the last one will be used.
1414 --key <key>
1416 (TLS SSH) Private key file name. Allows you to provide your pri‐
1417 vate key in this separate file. For SSH, if not specified, curl
1418 tries the following candidates in order: '~/.ssh/id_rsa',
1419 '~/.ssh/id_dsa', './id_rsa', './id_dsa'.
1420 If curl is built against OpenSSL library, and the engine pkcs11
1422 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
1423 ify a private key located in a PKCS#11 device. A string begin‐
1424 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
1425 PKCS#11 URI is provided, then the --engine option will be set as
1426 "pkcs11" if none was provided and the --key-type option will be
1427 set as "ENG" if none was provided.
1428 If this option is used several times, the last one will be used.
1430 --krb <level>
1432 (FTP) Enable Kerberos authentication and use. The level must be
1433 entered and should be one of 'clear', 'safe', 'confidential', or
1434 'private'. Should you use a level that is not one of these,
1435 'private' will instead be used.
1436 If this option is used several times, the last one will be used.
1438 --krb requires that the underlying libcurl was built to support
1440 Kerberos.
1441 --libcurl <file>
1443 Append this option to any ordinary curl command line, and you
1444 will get a libcurl-using C source code written to the file that
1445 does the equivalent of what your command-line operation does!
1446 If this option is used several times, the last given file name
1448 will be used.
1449 Added in 7.16.1.
1451 --limit-rate <speed>
1453 Specify the maximum transfer rate you want curl to use - for
1454 both downloads and uploads. This feature is useful if you have a
1455 limited pipe and you'd like your transfer not to use your entire
1456 bandwidth. To make it slower than it otherwise would be.
1457 The given speed is measured in bytes/second, unless a suffix is
1459 appended. Appending 'k' or 'K' will count the number as kilo‐
1460 bytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it
1461 gigabytes. Examples: 200K, 3m and 1G.
1462 If you also use the -Y, --speed-limit option, that option will
1464 take precedence and might cripple the rate-limiting slightly, to
1465 help keeping the speed-limit logic working.
1466 If this option is used several times, the last one will be used.
1468 -l, --list-only
1470 (FTP POP3) (FTP) When listing an FTP directory, this switch
1471 forces a name-only view. This is especially useful if the user
1472 wants to machine-parse the contents of an FTP directory since
1473 the normal directory view doesn't use a standard look or format.
1474 When used like this, the option causes a NLST command to be sent
1475 to the server instead of LIST.
1476 Note: Some FTP servers list only files in their response to
1478 NLST; they do not include sub-directories and symbolic links.
1479 (POP3) When retrieving a specific email from POP3, this switch
1481 forces a LIST command to be performed instead of RETR. This is
1482 particularly useful if the user wants to see if a specific mes‐
1483 sage id exists on the server and what size it is.
1484 Note: When combined with -X, --request, this option can be used
1486 to send an UIDL command instead, so the user may use the email's
1487 unique identifier rather than it's message id to make the
1488 request.
1489 Added in 4.0.
1491 --local-port <num/range>
1493 Set a preferred single number or range (FROM-TO) of local port
1494 numbers to use for the connection(s). Note that port numbers by
1495 nature are a scarce resource that will be busy at times so set‐
1496 ting this range to something too narrow might cause unnecessary
1497 connection setup failures.
1498 Added in 7.15.2.
1500 --location-trusted
1502 (HTTP) Like -L, --location, but will allow sending the name +
1503 password to all hosts that the site may redirect to. This may or
1504 may not introduce a security breach if the site redirects you to
1505 a site to which you'll send your authentication info (which is
1506 plaintext in the case of HTTP Basic authentication).
1507 See also -u, --user.
1509 -L, --location
1511 (HTTP) If the server reports that the requested page has moved
1512 to a different location (indicated with a Location: header and a
1513 3XX response code), this option will make curl redo the request
1514 on the new place. If used together with -i, --include or -I,
1515 --head, headers from all requested pages will be shown. When
1516 authentication is used, curl only sends its credentials to the
1517 initial host. If a redirect takes curl to a different host, it
1518 won't be able to intercept the user+password. See also --loca‐
1519 tion-trusted on how to change this. You can limit the amount of
1520 redirects to follow by using the --max-redirs option.
1521 When curl follows a redirect and if the request is a POST, it
1523 will do the following request with a GET if the HTTP response
1524 was 301, 302, or 303. If the response code was any other 3xx
1525 code, curl will re-send the following request using the same
1526 unmodified method.
1527 You can tell curl to not change POST requests to GET after a 30x
1529 response by using the dedicated options for that: --post301,
1530 --post302 and --post303.
1531 The method set with -X, --request overrides the method curl
1533 would otherwise select to use.
1534 --login-options <options>
1536 (IMAP POP3 SMTP) Specify the login options to use during server
1537 authentication.
1538 You can use the login options to specify protocol specific
1540 options that may be used during authentication. At present only
1541 IMAP, POP3 and SMTP support login options. For more information
1542 about the login options please see RFC 2384, RFC 5092 and IETF
1543 draft draft-earhart-url-smtp-00.txt
1544 If this option is used several times, the last one will be used.
1546 Added in 7.34.0.
1548 --mail-auth <address>
1550 (SMTP) Specify a single address. This will be used to specify
1551 the authentication address (identity) of a submitted message
1552 that is being relayed to another server.
1553 See also --mail-rcpt and --mail-from. Added in 7.25.0.
1555 --mail-from <address>
1557 (SMTP) Specify a single address that the given mail should get
1558 sent from.
1559 See also --mail-rcpt and --mail-auth. Added in 7.20.0.
1561 --mail-rcpt-allowfails
1563 (SMTP) When sending data to multiple recipients, by default curl
1564 will abort SMTP conversation if at least one of the recipients
1565 causes RCPT TO command to return an error.
1566 The default behavior can be changed by passing --mail-rcpt-
1568 allowfails command-line option which will make curl ignore
1569 errors and proceed with the remaining valid recipients.
1570 In case when all recipients cause RCPT TO command to fail, curl
1572 will abort SMTP conversation and return the error received from
1573 to the last RCPT TO command. Added in 7.69.0.
1574 --mail-rcpt <address>
1576 (SMTP) Specify a single address, user name or mailing list name.
1577 Repeat this option several times to send to multiple recipients.
1578 When performing a mail transfer, the recipient should specify a
1580 valid email address to send the mail to.
1581 When performing an address verification (VRFY command), the
1583 recipient should be specified as the user name or user name and
1584 domain (as per Section 3.5 of RFC5321). (Added in 7.34.0)
1585 When performing a mailing list expand (EXPN command), the recip‐
1587 ient should be specified using the mailing list name, such as
1588 "Friends" or "London-Office". (Added in 7.34.0)
1589 Added in 7.20.0.
1591 -M, --manual
1593 Manual. Display the huge help text.
1594 --max-filesize <bytes>
1596 Specify the maximum size (in bytes) of a file to download. If
1597 the file requested is larger than this value, the transfer will
1598 not start and curl will return with exit code 63.
1599 A size modifier may be used. For example, Appending 'k' or 'K'
1601 will count the number as kilobytes, 'm' or 'M' makes it
1602 megabytes, while 'g' or 'G' makes it gigabytes. Examples: 200K,
1603 3m and 1G. (Added in 7.58.0)
1604 NOTE: The file size is not always known prior to download, and
1606 for such files this option has no effect even if the file trans‐
1607 fer ends up being larger than this given limit. This concerns
1608 both FTP and HTTP transfers.
1609 See also --limit-rate.
1611 --max-redirs <num>
1613 (HTTP) Set maximum number of redirection-followings allowed.
1614 When -L, --location is used, is used to prevent curl from fol‐
1615 lowing redirections too much. By default, the limit is set to 50
1616 redirections. Set this option to -1 to make it unlimited.
1617 If this option is used several times, the last one will be used.
1619 -m, --max-time <seconds>
1621 Maximum time in seconds that you allow the whole operation to
1622 take. This is useful for preventing your batch jobs from hang‐
1623 ing for hours due to slow networks or links going down. Since
1624 7.32.0, this option accepts decimal values, but the actual time‐
1625 out will decrease in accuracy as the specified timeout increases
1626 in decimal precision.
1627 If this option is used several times, the last one will be used.
1629 See also --connect-timeout.
1631 --metalink
1633 This option can tell curl to parse and process a given URI as
1634 Metalink file (both version 3 and 4 (RFC 5854) are supported)
1635 and make use of the mirrors listed within for failover if there
1636 are errors (such as the file or server not being available). It
1637 will also verify the hash of the file after the download com‐
1638 pletes. The Metalink file itself is downloaded and processed in
1639 memory and not stored in the local file system.
1640 Example to use a remote Metalink file:
1642 curl --metalink http://www.example.com/example.metalink
1644 To use a Metalink file in the local file system, use FILE proto‐
1646 col (file://):
1647 curl --metalink file://example.metalink
1649 Please note that if FILE protocol is disabled, there is no way
1651 to use a local Metalink file at the time of this writing. Also
1652 note that if --metalink and -i, --include are used together,
1653 --include will be ignored. This is because including headers in
1654 the response will break Metalink parser and if the headers are
1655 included in the file described in Metalink file, hash check will
1656 fail.
1657 --metalink requires that the underlying libcurl was built to
1659 support metalink. Added in 7.27.0.
1660 --negotiate
1662 (HTTP) Enables Negotiate (SPNEGO) authentication.
1663 This option requires a library built with GSS-API or SSPI sup‐
1665 port. Use -V, --version to see if your curl supports GSS-
1666 API/SSPI or SPNEGO.
1667 When using this option, you must also provide a fake -u, --user
1669 option to activate the authentication code properly. Sending a
1670 '-u :' is enough as the user name and password from the -u,
1671 --user option aren't actually used.
1672 If this option is used several times, only the first one is
1674 used.
1675 See also --basic and --ntlm and --anyauth and --proxy-negotiate.
1677 --netrc-file <filename>
1679 This option is similar to -n, --netrc, except that you provide
1680 the path (absolute or relative) to the netrc file that curl
1681 should use. You can only specify one netrc file per invocation.
1682 If several --netrc-file options are provided, the last one will
1683 be used.
1684 It will abide by --netrc-optional if specified.
1686 This option overrides -n, --netrc. Added in 7.21.5.
1688 --netrc-optional
1690 Very similar to -n, --netrc, but this option makes the .netrc
1691 usage optional and not mandatory as the -n, --netrc option does.
1692 See also --netrc-file. This option overrides -n, --netrc.
1694 -n, --netrc
1696 Makes curl scan the .netrc (_netrc on Windows) file in the
1697 user's home directory for login name and password. This is typi‐
1698 cally used for FTP on Unix. If used with HTTP, curl will enable
1699 user authentication. See netrc(5) ftp(1) for details on the file
1700 format. Curl will not complain if that file doesn't have the
1701 right permissions (it should not be either world- or group-read‐
1702 able). The environment variable "HOME" is used to find the home
1703 directory.
1704 A quick and very simple example of how to setup a .netrc to
1706 allow curl to FTP to the machine host.domain.com with user name
1707 'myself' and password 'secret' should look similar to:
1708 machine host.domain.com login myself password secret
1710 -:, --next
1712 Tells curl to use a separate operation for the following URL and
1713 associated options. This allows you to send several URL
1714 requests, each with their own specific options, for example,
1715 such as different user names or custom requests for each.
1716 -:, --next will reset all local options and only global ones
1718 will have their values survive over to the operation following
1719 the -:, --next instruction. Global options include -v, --ver‐
1720 bose, --trace, --trace-ascii and --fail-early.
1721 For example, you can do both a GET and a POST in a single com‐
1723 mand line:
1724 curl www1.example.com --next -d postthis www2.example.com
1726 Added in 7.36.0.
1728 --no-alpn
1730 (HTTPS) Disable the ALPN TLS extension. ALPN is enabled by
1731 default if libcurl was built with an SSL library that supports
1732 ALPN. ALPN is used by a libcurl that supports HTTP/2 to negoti‐
1733 ate HTTP/2 support with the server during https sessions.
1734 See also --no-npn and --http2. --no-alpn requires that the
1736 underlying libcurl was built to support TLS. Added in 7.36.0.
1737 -N, --no-buffer
1739 Disables the buffering of the output stream. In normal work sit‐
1740 uations, curl will use a standard buffered output stream that
1741 will have the effect that it will output the data in chunks, not
1742 necessarily exactly when the data arrives. Using this option
1743 will disable that buffering.
1744 Note that this is the negated option name documented. You can
1746 thus use --buffer to enforce the buffering.
1747 --no-keepalive
1749 Disables the use of keepalive messages on the TCP connection.
1750 curl otherwise enables them by default.
1751 Note that this is the negated option name documented. You can
1753 thus use --keepalive to enforce keepalive.
1754 --no-npn
1756 (HTTPS) Disable the NPN TLS extension. NPN is enabled by default
1757 if libcurl was built with an SSL library that supports NPN. NPN
1758 is used by a libcurl that supports HTTP/2 to negotiate HTTP/2
1759 support with the server during https sessions.
1760 See also --no-alpn and --http2. --no-npn requires that the
1762 underlying libcurl was built to support TLS. Added in 7.36.0.
1763 --no-progress-meter
1765 Option to switch off the progress meter output without muting or
1766 otherwise affecting warning and informational messages like -s,
1767 --silent does.
1768 Note that this is the negated option name documented. You can
1770 thus use --progress-meter to enable the progress meter again.
1771 See also -v, --verbose and -s, --silent. Added in 7.67.0.
1773 --no-sessionid
1775 (TLS) Disable curl's use of SSL session-ID caching. By default
1776 all transfers are done using the cache. Note that while nothing
1777 should ever get hurt by attempting to reuse SSL session-IDs,
1778 there seem to be broken SSL implementations in the wild that may
1779 require you to disable this in order for you to succeed.
1780 Note that this is the negated option name documented. You can
1782 thus use --sessionid to enforce session-ID caching.
1783 Added in 7.16.0.
1785 --noproxy <no-proxy-list>
1787 Comma-separated list of hosts which do not use a proxy, if one
1788 is specified. The only wildcard is a single * character, which
1789 matches all hosts, and effectively disables the proxy. Each name
1790 in this list is matched as either a domain which contains the
1791 hostname, or the hostname itself. For example, local.com would
1792 match local.com, local.com:80, and www.local.com, but not
1793 www.notlocal.com.
1794 Since 7.53.0, This option overrides the environment variables
1796 that disable the proxy. If there's an environment variable dis‐
1797 abling a proxy, you can set noproxy list to "" to override it.
1798 Added in 7.19.4.
1800 --ntlm-wb
1802 (HTTP) Enables NTLM much in the style --ntlm does, but hand over
1803 the authentication to the separate binary ntlmauth application
1804 that is executed when needed.
1805 See also --ntlm and --proxy-ntlm.
1807 --ntlm (HTTP) Enables NTLM authentication. The NTLM authentication
1809 method was designed by Microsoft and is used by IIS web servers.
1810 It is a proprietary protocol, reverse-engineered by clever peo‐
1811 ple and implemented in curl based on their efforts. This kind of
1812 behavior should not be endorsed, you should encourage everyone
1813 who uses NTLM to switch to a public and documented authentica‐
1814 tion method instead, such as Digest.
1815 If you want to enable NTLM for your proxy authentication, then
1817 use --proxy-ntlm.
1818 If this option is used several times, only the first one is
1820 used.
1821 See also --proxy-ntlm. --ntlm requires that the underlying
1823 libcurl was built to support TLS. This option overrides --basic
1824 and --negotiate and --digest and --anyauth.
1825 --oauth2-bearer <token>
1827 (IMAP POP3 SMTP HTTP) Specify the Bearer Token for OAUTH 2.0
1828 server authentication. The Bearer Token is used in conjunction
1829 with the user name which can be specified as part of the --url
1830 or -u, --user options.
1831 The Bearer Token and user name are formatted according to RFC
1833 6750.
1834 If this option is used several times, the last one will be used.
1836 -o, --output <file>
1838 Write output to <file> instead of stdout. If you are using {} or
1839 [] to fetch multiple documents, you should quote the URL and you
1840 can use '#' followed by a number in the <file> specifier. That
1841 variable will be replaced with the current string for the URL
1842 being fetched. Like in:
1843 curl "http://{one,two}.example.com" -o "file_#1.txt"
1845 or use several variables like:
1847 curl "http://{site,host}.host[1-5].com" -o "#1_#2"
1849 You may use this option as many times as the number of URLs you
1851 have. For example, if you specify two URLs on the same command
1852 line, you can use it like this:
1853 curl -o aa example.com -o bb example.net
1855 and the order of the -o options and the URLs doesn't matter,
1857 just that the first -o is for the first URL and so on, so the
1858 above command line can also be written as
1859 curl example.com example.net -o aa -o bb
1861 See also the --create-dirs option to create the local directo‐
1863 ries dynamically. Specifying the output as '-' (a single dash)
1864 will force the output to be done to stdout.
1865 See also -O, --remote-name and --remote-name-all and -J,
1867 --remote-header-name.
1868 --parallel-immediate
1870 When doing parallel transfers, this option will instruct curl
1871 that it should rather prefer opening up more connections in par‐
1872 allel at once rather than waiting to see if new transfers can be
1873 added as multiplexed streams on another connection.
1874 See also -Z, --parallel and --parallel-max. Added in 7.68.0.
1876 --parallel-max
1878 When asked to do parallel transfers, using -Z, --parallel, this
1879 option controls the maximum amount of transfers to do simultane‐
1880 ously.
1881 The default is 50.
1883 See also -Z, --parallel. Added in 7.66.0.
1885 -Z, --parallel
1887 Makes curl perform its transfers in parallel as compared to the
1888 regular serial manner.
1889 Added in 7.66.0.
1891 --pass <phrase>
1893 (SSH TLS) Passphrase for the private key
1894 If this option is used several times, the last one will be used.
1896 --path-as-is
1898 Tell curl to not handle sequences of /../ or /./ in the given
1899 URL path. Normally curl will squash or merge them according to
1900 standards but with this option set you tell it not to do that.
1901 Added in 7.42.0.
1903 --pinnedpubkey <hashes>
1905 (TLS) Tells curl to use the specified public key file (or
1906 hashes) to verify the peer. This can be a path to a file which
1907 contains a single public key in PEM or DER format, or any number
1908 of base64 encoded sha256 hashes preceded by ´sha256//´ and sepa‐
1909 rated by ´;´
1910 When negotiating a TLS or SSL connection, the server sends a
1912 certificate indicating its identity. A public key is extracted
1913 from this certificate and if it does not exactly match the pub‐
1914 lic key provided to this option, curl will abort the connection
1915 before sending or receiving any data.
1916 PEM/DER support:
1918 7.39.0: OpenSSL, GnuTLS and GSKit
1919 7.43.0: NSS and wolfSSL
1920 7.47.0: mbedtls sha256 support:
1921 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL
1922 7.47.0: mbedtls Other SSL backends not supported.
1923 If this option is used several times, the last one will be used.
1925 --post301
1927 (HTTP) Tells curl to respect RFC 7231/6.4.2 and not convert POST
1928 requests into GET requests when following a 301 redirection. The
1929 non-RFC behaviour is ubiquitous in web browsers, so curl does
1930 the conversion by default to maintain consistency. However, a
1931 server may require a POST to remain a POST after such a redi‐
1932 rection. This option is meaningful only when using -L, --loca‐
1933 tion.
1934 See also --post302 and --post303 and -L, --location. Added in
1936 7.17.1.
1937 --post302
1939 (HTTP) Tells curl to respect RFC 7231/6.4.3 and not convert POST
1940 requests into GET requests when following a 302 redirection. The
1941 non-RFC behaviour is ubiquitous in web browsers, so curl does
1942 the conversion by default to maintain consistency. However, a
1943 server may require a POST to remain a POST after such a redi‐
1944 rection. This option is meaningful only when using -L, --loca‐
1945 tion.
1946 See also --post301 and --post303 and -L, --location. Added in
1948 7.19.1.
1949 --post303
1951 (HTTP) Tells curl to violate RFC 7231/6.4.4 and not convert POST
1952 requests into GET requests when following 303 redirections. A
1953 server may require a POST to remain a POST after a 303 redirect‐
1954 ion. This option is meaningful only when using -L, --location.
1955 See also --post302 and --post301 and -L, --location. Added in
1957 7.26.0.
1958 --preproxy [protocol://]host[:port]
1960 Use the specified SOCKS proxy before connecting to an HTTP or
1961 HTTPS -x, --proxy. In such a case curl first connects to the
1962 SOCKS proxy and then connects (through SOCKS) to the HTTP or
1963 HTTPS proxy. Hence pre proxy.
1964 The pre proxy string should be specified with a protocol:// pre‐
1966 fix to specify alternative proxy protocols. Use socks4://,
1967 socks4a://, socks5:// or socks5h:// to request the specific
1968 SOCKS version to be used. No protocol specified will make curl
1969 default to SOCKS4.
1970 If the port number is not specified in the proxy string, it is
1972 assumed to be 1080.
1973 User and password that might be provided in the proxy string are
1975 URL decoded by curl. This allows you to pass in special charac‐
1976 ters such as @ by using %40 or pass in a colon with %3a.
1977 If this option is used several times, the last one will be used.
1979 Added in 7.52.0.
1981 -#, --progress-bar
1983 Make curl display transfer progress as a simple progress bar
1984 instead of the standard, more informational, meter.
1985 This progress bar draws a single line of '#' characters across
1987 the screen and shows a percentage if the transfer size is known.
1988 For transfers without a known size, there will be space ship
1989 (-=o=-) that moves back and forth but only while data is being
1990 transferred, with a set of flying hash sign symbols on top.
1991 --proto-default <protocol>
1993 Tells curl to use protocol for any URL missing a scheme name.
1994 Example:
1996 curl --proto-default https ftp.mozilla.org
1998 An unknown or unsupported protocol causes error CURLE_UNSUP‐
2000 PORTED_PROTOCOL (1).
2001 This option does not change the default proxy protocol (http).
2003 Without this option curl would make a guess based on the host,
2005 see --url for details.
2006 Added in 7.45.0.
2008 --proto-redir <protocols>
2010 Tells curl to limit what protocols it may use on redirect. Pro‐
2011 tocols denied by --proto are not overridden by this option. See
2012 --proto for how protocols are represented.
2013 Example, allow only HTTP and HTTPS on redirect:
2015 curl --proto-redir -all,http,https http://example.com
2017 By default curl will allow HTTP, HTTPS, FTP and FTPS on redirect
2019 (7.65.2). Older versions of curl allowed all protocols on redi‐
2020 rect except several disabled for security reasons: Since 7.19.4
2021 FILE and SCP are disabled, and since 7.40.0 SMB and SMBS are
2022 also disabled. Specifying all or +all enables all protocols on
2023 redirect, including those disabled for security.
2024 Added in 7.20.2.
2026 --proto <protocols>
2028 Tells curl to limit what protocols it may use in the transfer.
2029 Protocols are evaluated left to right, are comma separated, and
2030 are each a protocol name or 'all', optionally prefixed by zero
2031 or more modifiers. Available modifiers are:
2032 + Permit this protocol in addition to protocols already permit‐
2034 ted (this is the default if no modifier is used).
2035 - Deny this protocol, removing it from the list of protocols
2037 already permitted.
2038 = Permit only this protocol (ignoring the list already permit‐
2040 ted), though subject to later modification by subsequent
2041 entries in the comma separated list.
2042 For example:
2044 --proto -ftps uses the default protocols, but disables ftps
2046 --proto -all,https,+http
2048 only enables http and https
2049 --proto =http,https
2051 also only enables http and https
2052 Unknown protocols produce a warning. This allows scripts to safely rely
2054 on being able to disable potentially dangerous protocols, without rely‐
2055 ing upon support for that protocol being built into curl to avoid an
2056 error.
2057 This option can be used multiple times, in which case the effect is the
2059 same as concatenating the protocols into one instance of the option.
2060 See also --proto-redir and --proto-default. Added in 7.20.2.
2062 --proxy-anyauth
2064 Tells curl to pick a suitable authentication method when commu‐
2065 nicating with the given HTTP proxy. This might cause an extra
2066 request/response round-trip.
2067 See also -x, --proxy and --proxy-basic and --proxy-digest. Added
2069 in 7.13.2.
2070 --proxy-basic
2072 Tells curl to use HTTP Basic authentication when communicating
2073 with the given proxy. Use --basic for enabling HTTP Basic with a
2074 remote host. Basic is the default authentication method curl
2075 uses with proxies.
2076 See also -x, --proxy and --proxy-anyauth and --proxy-digest.
2078 --proxy-cacert <file>
2080 Same as --cacert but used in HTTPS proxy context.
2081 See also --proxy-capath and --cacert and --capath and -x,
2083 --proxy. Added in 7.52.0.
2084 --proxy-capath <dir>
2086 Same as --capath but used in HTTPS proxy context.
2087 See also --proxy-cacert and -x, --proxy and --capath. Added in
2089 7.52.0.
2090 --proxy-cert-type <type>
2092 Same as --cert-type but used in HTTPS proxy context.
2093 Added in 7.52.0.
2095 --proxy-cert <cert[:passwd]>
2097 Same as -E, --cert but used in HTTPS proxy context.
2098 Added in 7.52.0.
2100 --proxy-ciphers <list>
2102 Same as --ciphers but used in HTTPS proxy context.
2103 Added in 7.52.0.
2105 --proxy-crlfile <file>
2107 Same as --crlfile but used in HTTPS proxy context.
2108 Added in 7.52.0.
2110 --proxy-digest
2112 Tells curl to use HTTP Digest authentication when communicating
2113 with the given proxy. Use --digest for enabling HTTP Digest with
2114 a remote host.
2115 See also -x, --proxy and --proxy-anyauth and --proxy-basic.
2117 --proxy-header <header/@file>
2119 (HTTP) Extra header to include in the request when sending HTTP
2120 to a proxy. You may specify any number of extra headers. This is
2121 the equivalent option to -H, --header but is for proxy communi‐
2122 cation only like in CONNECT requests when you want a separate
2123 header sent to the proxy to what is sent to the actual remote
2124 host.
2125 curl will make sure that each header you add/replace is sent
2127 with the proper end-of-line marker, you should thus not add that
2128 as a part of the header content: do not add newlines or carriage
2129 returns, they will only mess things up for you.
2130 Headers specified with this option will not be included in
2132 requests that curl knows will not be sent to a proxy.
2133 Starting in 7.55.0, this option can take an argument in @file‐
2135 name style, which then adds a header for each line in the input
2136 file. Using @- will make curl read the header file from stdin.
2137 This option can be used multiple times to add/replace/remove
2139 multiple headers.
2140 Added in 7.37.0.
2142 --proxy-insecure
2144 Same as -k, --insecure but used in HTTPS proxy context.
2145 Added in 7.52.0.
2147 --proxy-key-type <type>
2149 Same as --key-type but used in HTTPS proxy context.
2150 Added in 7.52.0.
2152 --proxy-key <key>
2154 Same as --key but used in HTTPS proxy context.
2155 --proxy-negotiate
2157 Tells curl to use HTTP Negotiate (SPNEGO) authentication when
2158 communicating with the given proxy. Use --negotiate for enabling
2159 HTTP Negotiate (SPNEGO) with a remote host.
2160 See also --proxy-anyauth and --proxy-basic. Added in 7.17.1.
2162 --proxy-ntlm
2164 Tells curl to use HTTP NTLM authentication when communicating
2165 with the given proxy. Use --ntlm for enabling NTLM with a remote
2166 host.
2167 See also --proxy-negotiate and --proxy-anyauth.
2169 --proxy-pass <phrase>
2171 Same as --pass but used in HTTPS proxy context.
2172 Added in 7.52.0.
2174 --proxy-pinnedpubkey <hashes>
2176 (TLS) Tells curl to use the specified public key file (or
2177 hashes) to verify the proxy. This can be a path to a file which
2178 contains a single public key in PEM or DER format, or any number
2179 of base64 encoded sha256 hashes preceded by ´sha256//´ and sepa‐
2180 rated by ´;´
2181 When negotiating a TLS or SSL connection, the server sends a
2183 certificate indicating its identity. A public key is extracted
2184 from this certificate and if it does not exactly match the pub‐
2185 lic key provided to this option, curl will abort the connection
2186 before sending or receiving any data.
2187 If this option is used several times, the last one will be used.
2189 --proxy-service-name <name>
2191 This option allows you to change the service name for proxy
2192 negotiation.
2193 Added in 7.43.0.
2195 --proxy-ssl-allow-beast
2197 Same as --ssl-allow-beast but used in HTTPS proxy context.
2198 Added in 7.52.0.
2200 --proxy-tls13-ciphers <ciphersuite list>
2202 (TLS) Specifies which cipher suites to use in the connection to
2203 your HTTPS proxy when it negotiates TLS 1.3. The list of ciphers
2204 suites must specify valid ciphers. Read up on TLS 1.3 cipher
2205 suite details on this URL:
2206 https://curl.haxx.se/docs/ssl-ciphers.html
2208 This option is currently used only when curl is built to use
2210 OpenSSL 1.1.1 or later. If you are using a different SSL backend
2211 you can try setting TLS 1.3 cipher suites by using the --proxy-
2212 ciphers option.
2213 If this option is used several times, the last one will be used.
2215 --proxy-tlsauthtype <type>
2217 Same as --tlsauthtype but used in HTTPS proxy context.
2218 Added in 7.52.0.
2220 --proxy-tlspassword <string>
2222 Same as --tlspassword but used in HTTPS proxy context.
2223 Added in 7.52.0.
2225 --proxy-tlsuser <name>
2227 Same as --tlsuser but used in HTTPS proxy context.
2228 Added in 7.52.0.
2230 --proxy-tlsv1
2232 Same as -1, --tlsv1 but used in HTTPS proxy context.
2233 Added in 7.52.0.
2235 -U, --proxy-user <user:password>
2237 Specify the user name and password to use for proxy authentica‐
2238 tion.
2239 If you use a Windows SSPI-enabled curl binary and do either
2241 Negotiate or NTLM authentication then you can tell curl to
2242 select the user name and password from your environment by spec‐
2243 ifying a single colon with this option: "-U :".
2244 On systems where it works, curl will hide the given option argu‐
2246 ment from process listings. This is not enough to protect cre‐
2247 dentials from possibly getting seen by other users on the same
2248 system as they will still be visible for a brief moment before
2249 cleared. Such sensitive data should be retrieved from a file
2250 instead or similar and never used in clear text in a command
2251 line.
2252 If this option is used several times, the last one will be used.
2254 -x, --proxy [protocol://]host[:port]
2256 Use the specified proxy.
2257 The proxy string can be specified with a protocol:// prefix. No
2259 protocol specified or http:// will be treated as HTTP proxy. Use
2260 socks4://, socks4a://, socks5:// or socks5h:// to request a spe‐
2261 cific SOCKS version to be used. (The protocol support was added
2262 in curl 7.21.7)
2263 HTTPS proxy support via https:// protocol prefix was added in
2265 7.52.0 for OpenSSL, GnuTLS and NSS.
2266 Unrecognized and unsupported proxy protocols cause an error
2268 since 7.52.0. Prior versions may ignore the protocol and use
2269 http:// instead.
2270 If the port number is not specified in the proxy string, it is
2272 assumed to be 1080.
2273 This option overrides existing environment variables that set
2275 the proxy to use. If there's an environment variable setting a
2276 proxy, you can set proxy to "" to override it.
2277 All operations that are performed over an HTTP proxy will trans‐
2279 parently be converted to HTTP. It means that certain protocol
2280 specific operations might not be available. This is not the case
2281 if you can tunnel through the proxy, as one with the -p, --prox‐
2282 ytunnel option.
2283 User and password that might be provided in the proxy string are
2285 URL decoded by curl. This allows you to pass in special charac‐
2286 ters such as @ by using %40 or pass in a colon with %3a.
2287 The proxy host can be specified the exact same way as the proxy
2289 environment variables, including the protocol prefix (http://)
2290 and the embedded user + password.
2291 If this option is used several times, the last one will be used.
2293 --proxy1.0 <host[:port]>
2295 Use the specified HTTP 1.0 proxy. If the port number is not
2296 specified, it is assumed at port 1080.
2297 The only difference between this and the HTTP proxy option -x,
2299 --proxy, is that attempts to use CONNECT through the proxy will
2300 specify an HTTP 1.0 protocol instead of the default HTTP 1.1.
2301 -p, --proxytunnel
2303 When an HTTP proxy is used -x, --proxy, this option will make
2304 curl tunnel through the proxy. The tunnel approach is made with
2305 the HTTP proxy CONNECT request and requires that the proxy
2306 allows direct connect to the remote port number curl wants to
2307 tunnel through to.
2308 To suppress proxy CONNECT response headers when curl is set to
2310 output headers use --suppress-connect-headers.
2311 See also -x, --proxy.
2313 --pubkey <key>
2315 (SFTP SCP) Public key file name. Allows you to provide your pub‐
2316 lic key in this separate file.
2317 If this option is used several times, the last one will be used.
2319 (As of 7.39.0, curl attempts to automatically extract the public
2321 key from the private key file, so passing this option is gener‐
2322 ally not required. Note that this public key extraction requires
2323 libcurl to be linked against a copy of libssh2 1.2.8 or higher
2324 that is itself linked against OpenSSL.)
2325 -Q, --quote
2327 (FTP SFTP) Send an arbitrary command to the remote FTP or SFTP
2328 server. Quote commands are sent BEFORE the transfer takes place
2329 (just after the initial PWD command in an FTP transfer, to be
2330 exact). To make commands take place after a successful transfer,
2331 prefix them with a dash '-'. To make commands be sent after
2332 curl has changed the working directory, just before the transfer
2333 command(s), prefix the command with a '+' (this is only sup‐
2334 ported for FTP). You may specify any number of commands.
2335 If the server returns failure for one of the commands, the
2337 entire operation will be aborted. You must send syntactically
2338 correct FTP commands as RFC 959 defines to FTP servers, or one
2339 of the commands listed below to SFTP servers.
2340 Prefix the command with an asterisk (*) to make curl continue
2342 even if the command fails as by default curl will stop at first
2343 failure.
2344 This option can be used multiple times.
2346 SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP
2348 quote commands itself before sending them to the server. File
2349 names may be quoted shell-style to embed spaces or special char‐
2350 acters. Following is the list of all supported SFTP quote com‐
2351 mands:
2352 chgrp group file
2354 The chgrp command sets the group ID of the file named by
2355 the file operand to the group ID specified by the group
2356 operand. The group operand is a decimal integer group ID.
2357 chmod mode file
2359 The chmod command modifies the file mode bits of the
2360 specified file. The mode operand is an octal integer mode
2361 number.
2362 chown user file
2364 The chown command sets the owner of the file named by the
2365 file operand to the user ID specified by the user oper‐
2366 and. The user operand is a decimal integer user ID.
2367 ln source_file target_file
2369 The ln and symlink commands create a symbolic link at the
2370 target_file location pointing to the source_file loca‐
2371 tion.
2372 mkdir directory_name
2374 The mkdir command creates the directory named by the
2375 directory_name operand.
2376 pwd The pwd command returns the absolute pathname of the cur‐
2378 rent working directory.
2379 rename source target
2381 The rename command renames the file or directory named by
2382 the source operand to the destination path named by the
2383 target operand.
2384 rm file
2386 The rm command removes the file specified by the file op‐
2387 erand.
2388 rmdir directory
2390 The rmdir command removes the directory entry specified
2391 by the directory operand, provided it is empty.
2392 symlink source_file target_file
2394 See ln.
2395 --random-file <file>
2397 Specify the path name to file containing what will be considered
2398 as random data. The data may be used to seed the random engine
2399 for SSL connections. See also the --egd-file option.
2400 -r, --range <range>
2402 (HTTP FTP SFTP FILE) Retrieve a byte range (i.e. a partial docu‐
2403 ment) from an HTTP/1.1, FTP or SFTP server or a local FILE.
2404 Ranges can be specified in a number of ways.
2405 0-499 specifies the first 500 bytes
2407 500-999 specifies the second 500 bytes
2409 -500 specifies the last 500 bytes
2411 9500- specifies the bytes from offset 9500 and forward
2413 0-0,-1 specifies the first and last byte only(*)(HTTP)
2415 100-199,500-599
2417 specifies two separate 100-byte ranges(*) (HTTP)
2418 (*) = NOTE that this will cause the server to reply with a mul‐
2420 tipart response!
2421 Only digit characters (0-9) are valid in the 'start' and 'stop'
2423 fields of the 'start-stop' range syntax. If a non-digit charac‐
2424 ter is given in the range, the server's response will be unspec‐
2425 ified, depending on the server's configuration.
2426 You should also be aware that many HTTP/1.1 servers do not have
2428 this feature enabled, so that when you attempt to get a range,
2429 you'll instead get the whole document.
2430 FTP and SFTP range downloads only support the simple 'start-
2432 stop' syntax (optionally with one of the numbers omitted). FTP
2433 use depends on the extended FTP command SIZE.
2434 If this option is used several times, the last one will be used.
2436 --raw (HTTP) When used, it disables all internal HTTP decoding of con‐
2438 tent or transfer encodings and instead makes them passed on
2439 unaltered, raw.
2440 Added in 7.16.2.
2442 -e, --referer <URL>
2444 (HTTP) Sends the "Referrer Page" information to the HTTP server.
2445 This can also be set with the -H, --header flag of course. When
2446 used with -L, --location you can append ";auto" to the -e,
2447 --referer URL to make curl automatically set the previous URL
2448 when it follows a Location: header. The ";auto" string can be
2449 used alone, even if you don't set an initial -e, --referer.
2450 If this option is used several times, the last one will be used.
2452 See also -A, --user-agent and -H, --header.
2454 -J, --remote-header-name
2456 (HTTP) This option tells the -O, --remote-name option to use the
2457 server-specified Content-Disposition filename instead of
2458 extracting a filename from the URL.
2459 If the server specifies a file name and a file with that name
2461 already exists in the current working directory it will not be
2462 overwritten and an error will occur. If the server doesn't spec‐
2463 ify a file name then this option has no effect.
2464 There's no attempt to decode %-sequences (yet) in the provided
2466 file name, so this option may provide you with rather unexpected
2467 file names.
2468 WARNING: Exercise judicious use of this option, especially on
2470 Windows. A rogue server could send you the name of a DLL or
2471 other file that could possibly be loaded automatically by Win‐
2472 dows or some third party software.
2473 --remote-name-all
2475 This option changes the default action for all given URLs to be
2476 dealt with as if -O, --remote-name were used for each one. So if
2477 you want to disable that for a specific URL after --remote-name-
2478 all has been used, you must use "-o -" or --no-remote-name.
2479 Added in 7.19.0.
2481 -O, --remote-name
2483 Write output to a local file named like the remote file we get.
2484 (Only the file part of the remote file is used, the path is cut
2485 off.)
2486 The file will be saved in the current working directory. If you
2488 want the file saved in a different directory, make sure you
2489 change the current working directory before invoking curl with
2490 this option.
2491 The remote file name to use for saving is extracted from the
2493 given URL, nothing else, and if it already exists it will be
2494 overwritten. If you want the server to be able to choose the
2495 file name refer to -J, --remote-header-name which can be used in
2496 addition to this option. If the server chooses a file name and
2497 that name already exists it will not be overwritten.
2498 There is no URL decoding done on the file name. If it has %20 or
2500 other URL encoded parts of the name, they will end up as-is as
2501 file name.
2502 You may use this option as many times as the number of URLs you
2504 have.
2505 -R, --remote-time
2507 When used, this will make curl attempt to figure out the time‐
2508 stamp of the remote file, and if that is available make the
2509 local file get that same timestamp.
2510 --request-target
2512 (HTTP) Tells curl to use an alternative "target" (path) instead
2513 of using the path as provided in the URL. Particularly useful
2514 when wanting to issue HTTP requests without leading slash or
2515 other data that doesn't follow the regular URL pattern, like
2516 "OPTIONS *".
2517 Added in 7.55.0.
2519 -X, --request <command>
2521 (HTTP) Specifies a custom request method to use when communicat‐
2522 ing with the HTTP server. The specified request method will be
2523 used instead of the method otherwise used (which defaults to
2524 GET). Read the HTTP 1.1 specification for details and explana‐
2525 tions. Common additional HTTP requests include PUT and DELETE,
2526 but related technologies like WebDAV offers PROPFIND, COPY, MOVE
2527 and more.
2528 Normally you don't need this option. All sorts of GET, HEAD,
2530 POST and PUT requests are rather invoked by using dedicated com‐
2531 mand line options.
2532 This option only changes the actual word used in the HTTP
2534 request, it does not alter the way curl behaves. So for example
2535 if you want to make a proper HEAD request, using -X HEAD will
2536 not suffice. You need to use the -I, --head option.
2537 The method string you set with -X, --request will be used for
2539 all requests, which if you for example use -L, --location may
2540 cause unintended side-effects when curl doesn't change request
2541 method according to the HTTP 30x response codes - and similar.
2542 (FTP) Specifies a custom FTP command to use instead of LIST when
2544 doing file lists with FTP.
2545 (POP3) Specifies a custom POP3 command to use instead of LIST or
2547 RETR. (Added in 7.26.0)
2548 (IMAP) Specifies a custom IMAP command to use instead of LIST.
2550 (Added in 7.30.0)
2551 (SMTP) Specifies a custom SMTP command to use instead of HELP or
2553 VRFY. (Added in 7.34.0)
2554 If this option is used several times, the last one will be used.
2556 --resolve <host:port:addr[,addr]...>
2558 Provide a custom address for a specific host and port pair.
2559 Using this, you can make the curl requests(s) use a specified
2560 address and prevent the otherwise normally resolved address to
2561 be used. Consider it a sort of /etc/hosts alternative provided
2562 on the command line. The port number should be the number used
2563 for the specific protocol the host will be used for. It means
2564 you need several entries if you want to provide address for the
2565 same host but different ports.
2566 By specifying '*' as host you can tell curl to resolve any host
2568 and specific port pair to the specified address. Wildcard is
2569 resolved last so any --resolve with a specific host and port
2570 will be used first.
2571 The provided address set by this option will be used even if -4,
2573 --ipv4 or -6, --ipv6 is set to make curl use another IP version.
2574 Support for providing the IP address within [brackets] was added
2576 in 7.57.0.
2577 Support for providing multiple IP addresses per entry was added
2579 in 7.59.0.
2580 Support for resolving with wildcard was added in 7.64.0.
2582 This option can be used many times to add many host names to
2584 resolve.
2585 Added in 7.21.3.
2587 --retry-all-errors
2589 Retry on any error. This option is used together with --retry.
2590 This option is the "sledgehammer" of retrying. Do not use this
2592 option by default (eg in curlrc), there may be unintended conse‐
2593 quences such as sending or receiving duplicate data. Do not use
2594 with redirected input or output. You'd be much better off han‐
2595 dling your unique problems in shell script. Please read the
2596 example below.
2597 Warning: For server compatibility curl attempts to retry failed
2599 flaky transfers as close as possible to how they were started,
2600 but this is not possible with redirected input or output. For
2601 example, before retrying it removes output data from a failed
2602 partial transfer that was written to an output file. However
2603 this is not true of data redirected to a | pipe or > file, which
2604 are not reset. We strongly suggest don't parse or record output
2605 via redirect in combination with this option, since you may
2606 receive duplicate data.
2607 Added in 7.71.0.
2609 --retry-connrefused
2611 In addition to the other conditions, consider ECONNREFUSED as a
2612 transient error too for --retry. This option is used together
2613 with --retry.
2614 Added in 7.52.0.
2616 --retry-delay <seconds>
2618 Make curl sleep this amount of time before each retry when a
2619 transfer has failed with a transient error (it changes the
2620 default backoff time algorithm between retries). This option is
2621 only interesting if --retry is also used. Setting this delay to
2622 zero will make curl use the default backoff time.
2623 If this option is used several times, the last one will be used.
2625 Added in 7.12.3.
2627 --retry-max-time <seconds>
2629 The retry timer is reset before the first transfer attempt.
2630 Retries will be done as usual (see --retry) as long as the timer
2631 hasn't reached this given limit. Notice that if the timer hasn't
2632 reached the limit, the request will be made and while perform‐
2633 ing, it may take longer than this given time period. To limit a
2634 single request´s maximum time, use -m, --max-time. Set this
2635 option to zero to not timeout retries.
2636 If this option is used several times, the last one will be used.
2638 Added in 7.12.3.
2640 --retry <num>
2642 If a transient error is returned when curl tries to perform a
2643 transfer, it will retry this number of times before giving up.
2644 Setting the number to 0 makes curl do no retries (which is the
2645 default). Transient error means either: a timeout, an FTP 4xx
2646 response code or an HTTP 408 or 5xx response code.
2647 When curl is about to retry a transfer, it will first wait one
2649 second and then for all forthcoming retries it will double the
2650 waiting time until it reaches 10 minutes which then will be the
2651 delay between the rest of the retries. By using --retry-delay
2652 you disable this exponential backoff algorithm. See also
2653 --retry-max-time to limit the total time allowed for retries.
2654 Since curl 7.66.0, curl will comply with the Retry-After:
2656 response header if one was present to know when to issue the
2657 next retry.
2658 If this option is used several times, the last one will be used.
2660 Added in 7.12.3.
2662 --sasl-authzid <identity>
2664 Use this authorisation identity (authzid), during SASL PLAIN
2665 authentication, in addition to the authentication identity
2666 (authcid) as specified by -u, --user.
2667 If the option isn't specified, the server will derive the
2669 authzid from the authcid, but if specified, and depending on the
2670 server implementation, it may be used to access another user's
2671 inbox, that the user has been granted access to, or a shared
2672 mailbox for example.
2673 Added in 7.66.0.
2675 --sasl-ir
2677 Enable initial response in SASL authentication.
2678 Added in 7.31.0.
2680 --service-name <name>
2682 This option allows you to change the service name for SPNEGO.
2683 Examples: --negotiate --service-name sockd would use
2685 sockd/server-name.
2686 Added in 7.43.0.
2688 -S, --show-error
2690 When used with -s, --silent, it makes curl show an error message
2691 if it fails.
2692 -s, --silent
2694 Silent or quiet mode. Don't show progress meter or error mes‐
2695 sages. Makes Curl mute. It will still output the data you ask
2696 for, potentially even to the terminal/stdout unless you redirect
2697 it.
2698 Use -S, --show-error in addition to this option to disable
2700 progress meter but still show error messages.
2701 See also -v, --verbose and --stderr.
2703 --socks4 <host[:port]>
2705 Use the specified SOCKS4 proxy. If the port number is not speci‐
2706 fied, it is assumed at port 1080.
2707 This option overrides any previous use of -x, --proxy, as they
2709 are mutually exclusive.
2710 Since 7.21.7, this option is superfluous since you can specify a
2712 socks4 proxy with -x, --proxy using a socks4:// protocol prefix.
2713 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2715 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2716 such a case curl first connects to the SOCKS proxy and then con‐
2717 nects (through SOCKS) to the HTTP or HTTPS proxy.
2718 If this option is used several times, the last one will be used.
2720 Added in 7.15.2.
2722 --socks4a <host[:port]>
2724 Use the specified SOCKS4a proxy. If the port number is not spec‐
2725 ified, it is assumed at port 1080.
2726 This option overrides any previous use of -x, --proxy, as they
2728 are mutually exclusive.
2729 Since 7.21.7, this option is superfluous since you can specify a
2731 socks4a proxy with -x, --proxy using a socks4a:// protocol pre‐
2732 fix.
2733 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2735 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2736 such a case curl first connects to the SOCKS proxy and then con‐
2737 nects (through SOCKS) to the HTTP or HTTPS proxy.
2738 If this option is used several times, the last one will be used.
2740 Added in 7.18.0.
2742 --socks5-basic
2744 Tells curl to use username/password authentication when connect‐
2745 ing to a SOCKS5 proxy. The username/password authentication is
2746 enabled by default. Use --socks5-gssapi to force GSS-API
2747 authentication to SOCKS5 proxies.
2748 Added in 7.55.0.
2750 --socks5-gssapi-nec
2752 As part of the GSS-API negotiation a protection mode is negoti‐
2753 ated. RFC 1961 says in section 4.3/4.4 it should be protected,
2754 but the NEC reference implementation does not. The option
2755 --socks5-gssapi-nec allows the unprotected exchange of the pro‐
2756 tection mode negotiation.
2757 Added in 7.19.4.
2759 --socks5-gssapi-service <name>
2761 The default service name for a socks server is rcmd/server-fqdn.
2762 This option allows you to change it.
2763 Examples: --socks5 proxy-name --socks5-gssapi-service sockd
2765 would use sockd/proxy-name --socks5 proxy-name --socks5-gssapi-
2766 service sockd/real-name would use sockd/real-name for cases
2767 where the proxy-name does not match the principal name.
2768 Added in 7.19.4.
2770 --socks5-gssapi
2772 Tells curl to use GSS-API authentication when connecting to a
2773 SOCKS5 proxy. The GSS-API authentication is enabled by default
2774 (if curl is compiled with GSS-API support). Use --socks5-basic
2775 to force username/password authentication to SOCKS5 proxies.
2776 Added in 7.55.0.
2778 --socks5-hostname <host[:port]>
2780 Use the specified SOCKS5 proxy (and let the proxy resolve the
2781 host name). If the port number is not specified, it is assumed
2782 at port 1080.
2783 This option overrides any previous use of -x, --proxy, as they
2785 are mutually exclusive.
2786 Since 7.21.7, this option is superfluous since you can specify a
2788 socks5 hostname proxy with -x, --proxy using a socks5h:// proto‐
2789 col prefix.
2790 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2792 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2793 such a case curl first connects to the SOCKS proxy and then con‐
2794 nects (through SOCKS) to the HTTP or HTTPS proxy.
2795 If this option is used several times, the last one will be used.
2797 Added in 7.18.0.
2799 --socks5 <host[:port]>
2801 Use the specified SOCKS5 proxy - but resolve the host name
2802 locally. If the port number is not specified, it is assumed at
2803 port 1080.
2804 This option overrides any previous use of -x, --proxy, as they
2806 are mutually exclusive.
2807 Since 7.21.7, this option is superfluous since you can specify a
2809 socks5 proxy with -x, --proxy using a socks5:// protocol prefix.
2810 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2812 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2813 such a case curl first connects to the SOCKS proxy and then con‐
2814 nects (through SOCKS) to the HTTP or HTTPS proxy.
2815 If this option is used several times, the last one will be used.
2817 This option (as well as --socks4) does not work with IPV6, FTPS
2819 or LDAP.
2820 Added in 7.18.0.
2822 -Y, --speed-limit <speed>
2824 If a download is slower than this given speed (in bytes per sec‐
2825 ond) for speed-time seconds it gets aborted. speed-time is set
2826 with -y, --speed-time and is 30 if not set.
2827 If this option is used several times, the last one will be used.
2829 -y, --speed-time <seconds>
2831 If a download is slower than speed-limit bytes per second during
2832 a speed-time period, the download gets aborted. If speed-time is
2833 used, the default speed-limit will be 1 unless set with -Y,
2834 --speed-limit.
2835 This option controls transfers and thus will not affect slow
2837 connects etc. If this is a concern for you, try the --connect-
2838 timeout option.
2839 If this option is used several times, the last one will be used.
2841 --ssl-allow-beast
2843 This option tells curl to not work around a security flaw in the
2844 SSL3 and TLS1.0 protocols known as BEAST. If this option isn't
2845 used, the SSL layer may use workarounds known to cause interop‐
2846 erability problems with some older SSL implementations. WARNING:
2847 this option loosens the SSL security, and by using this flag you
2848 ask for exactly that.
2849 Added in 7.25.0.
2851 --ssl-no-revoke
2853 (Schannel) This option tells curl to disable certificate revoca‐
2854 tion checks. WARNING: this option loosens the SSL security, and
2855 by using this flag you ask for exactly that.
2856 Added in 7.44.0.
2858 --ssl-reqd
2860 (FTP IMAP POP3 SMTP) Require SSL/TLS for the connection. Termi‐
2861 nates the connection if the server doesn't support SSL/TLS.
2862 This option was formerly known as --ftp-ssl-reqd.
2864 Added in 7.20.0.
2866 --ssl-revoke-best-effort
2868 (Schannel) This option tells curl to ignore certificate revoca‐
2869 tion checks when they failed due to missing/offline distribution
2870 points for the revocation check lists.
2871 Added in 7.70.0.
2873 --ssl (FTP IMAP POP3 SMTP) Try to use SSL/TLS for the connection.
2875 Reverts to a non-secure connection if the server doesn't support
2876 SSL/TLS. See also --ftp-ssl-control and --ssl-reqd for differ‐
2877 ent levels of encryption required.
2878 This option was formerly known as --ftp-ssl (Added in 7.11.0).
2880 That option name can still be used but will be removed in a
2881 future version.
2882 Added in 7.20.0.
2884 -2, --sslv2
2886 (SSL) Forces curl to use SSL version 2 when negotiating with a
2887 remote SSL server. Sometimes curl is built without SSLv2 sup‐
2888 port. SSLv2 is widely considered insecure (see RFC 6176).
2889 See also --http1.1 and --http2. -2, --sslv2 requires that the
2891 underlying libcurl was built to support TLS. This option over‐
2892 rides -3, --sslv3 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
2893 -3, --sslv3
2895 (SSL) Forces curl to use SSL version 3 when negotiating with a
2896 remote SSL server. Sometimes curl is built without SSLv3 sup‐
2897 port. SSLv3 is widely considered insecure (see RFC 7568).
2898 See also --http1.1 and --http2. -3, --sslv3 requires that the
2900 underlying libcurl was built to support TLS. This option over‐
2901 rides -2, --sslv2 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
2902 --stderr
2904 Redirect all writes to stderr to the specified file instead. If
2905 the file name is a plain '-', it is instead written to stdout.
2906 If this option is used several times, the last one will be used.
2908 See also -v, --verbose and -s, --silent.
2910 --styled-output
2912 Enables the automatic use of bold font styles when writing HTTP
2913 headers to the terminal. Use --no-styled-output to switch them
2914 off.
2915 Added in 7.61.0.
2917 --suppress-connect-headers
2919 When -p, --proxytunnel is used and a CONNECT request is made
2920 don't output proxy CONNECT response headers. This option is
2921 meant to be used with -D, --dump-header or -i, --include which
2922 are used to show protocol headers in the output. It has no
2923 effect on debug options such as -v, --verbose or --trace, or any
2924 statistics.
2925 See also -D, --dump-header and -i, --include and -p, --proxytun‐
2927 nel.
2928 --tcp-fastopen
2930 Enable use of TCP Fast Open (RFC7413).
2931 Added in 7.49.0.
2933 --tcp-nodelay
2935 Turn on the TCP_NODELAY option. See the curl_easy_setopt(3) man
2936 page for details about this option.
2937 Since 7.50.2, curl sets this option by default and you need to
2939 explicitly switch it off if you don't want it on.
2940 Added in 7.11.2.
2942 -t, --telnet-option <opt=val>
2944 Pass options to the telnet protocol. Supported options are:
2945 TTYPE=<term> Sets the terminal type.
2947 XDISPLOC=<X display> Sets the X display location.
2949 NEW_ENV=<var,val> Sets an environment variable.
2951 --tftp-blksize <value>
2953 (TFTP) Set TFTP BLKSIZE option (must be >512). This is the block
2954 size that curl will try to use when transferring data to or from
2955 a TFTP server. By default 512 bytes will be used.
2956 If this option is used several times, the last one will be used.
2958 Added in 7.20.0.
2960 --tftp-no-options
2962 (TFTP) Tells curl not to send TFTP options requests.
2963 This option improves interop with some legacy servers that do
2965 not acknowledge or properly implement TFTP options. When this
2966 option is used --tftp-blksize is ignored.
2967 Added in 7.48.0.
2969 -z, --time-cond <time>
2971 (HTTP FTP) Request a file that has been modified later than the
2972 given time and date, or one that has been modified before that
2973 time. The <date expression> can be all sorts of date strings or
2974 if it doesn't match any internal ones, it is taken as a filename
2975 and tries to get the modification date (mtime) from <file>
2976 instead. See the curl_getdate(3) man pages for date expression
2977 details.
2978 Start the date expression with a dash (-) to make it request for
2980 a document that is older than the given date/time, default is a
2981 document that is newer than the specified date/time.
2982 If this option is used several times, the last one will be used.
2984 --tls-max <VERSION>
2986 (SSL) VERSION defines maximum supported TLS version. The minimum
2987 acceptable version is set by tlsv1.0, tlsv1.1, tlsv1.2 or
2988 tlsv1.3.
2989 default
2992 Use up to recommended TLS version.
2993 1.0 Use up to TLSv1.0.
2995 1.1 Use up to TLSv1.1.
2997 1.2 Use up to TLSv1.2.
2999 1.3 Use up to TLSv1.3.
3001 See also --tlsv1.0 and --tlsv1.1 and --tlsv1.2 and --tlsv1.3. --tls-max
3003 requires that the underlying libcurl was built to support TLS. Added in
3004 7.54.0.
3005 --tls13-ciphers <ciphersuite list>
3007 (TLS) Specifies which cipher suites to use in the connection if
3008 it negotiates TLS 1.3. The list of ciphers suites must specify
3009 valid ciphers. Read up on TLS 1.3 cipher suite details on this
3010 URL:
3011 https://curl.haxx.se/docs/ssl-ciphers.html
3013 This option is currently used only when curl is built to use
3015 OpenSSL 1.1.1 or later. If you are using a different SSL backend
3016 you can try setting TLS 1.3 cipher suites by using the --ciphers
3017 option.
3018 If this option is used several times, the last one will be used.
3020 --tlsauthtype <type>
3022 Set TLS authentication type. Currently, the only supported
3023 option is "SRP", for TLS-SRP (RFC 5054). If --tlsuser and
3024 --tlspassword are specified but --tlsauthtype is not, then this
3025 option defaults to "SRP". This option works only if the under‐
3026 lying libcurl is built with TLS-SRP support, which requires
3027 OpenSSL or GnuTLS with TLS-SRP support.
3028 Added in 7.21.4.
3030 --tlspassword
3032 Set password for use with the TLS authentication method speci‐
3033 fied with --tlsauthtype. Requires that --tlsuser also be set.
3034 This doesn't work with TLS 1.3.
3036 Added in 7.21.4.
3038 --tlsuser <name>
3040 Set username for use with the TLS authentication method speci‐
3041 fied with --tlsauthtype. Requires that --tlspassword also is
3042 set.
3043 This doesn't work with TLS 1.3.
3045 Added in 7.21.4.
3047 --tlsv1.0
3049 (TLS) Forces curl to use TLS version 1.0 or later when connect‐
3050 ing to a remote TLS server.
3051 In old versions of curl this option was documented to allow
3053 _only_ TLS 1.0, but behavior was inconsistent depending on the
3054 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
3055 sion.
3056 Added in 7.34.0.
3058 --tlsv1.1
3060 (TLS) Forces curl to use TLS version 1.1 or later when connect‐
3061 ing to a remote TLS server.
3062 In old versions of curl this option was documented to allow
3064 _only_ TLS 1.1, but behavior was inconsistent depending on the
3065 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
3066 sion.
3067 Added in 7.34.0.
3069 --tlsv1.2
3071 (TLS) Forces curl to use TLS version 1.2 or later when connect‐
3072 ing to a remote TLS server.
3073 In old versions of curl this option was documented to allow
3075 _only_ TLS 1.2, but behavior was inconsistent depending on the
3076 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
3077 sion.
3078 Added in 7.34.0.
3080 --tlsv1.3
3082 (TLS) Forces curl to use TLS version 1.3 or later when connect‐
3083 ing to a remote TLS server.
3084 Note that TLS 1.3 is only supported by a subset of TLS backends.
3086 At the time of this writing, they are BoringSSL, NSS, and Secure
3087 Transport (on iOS 11 or later, and macOS 10.13 or later).
3088 Added in 7.52.0.
3090 -1, --tlsv1
3092 (SSL) Tells curl to use at least TLS version 1.x when negotiat‐
3093 ing with a remote TLS server. That means TLS version 1.0 or
3094 higher
3095 See also --http1.1 and --http2. -1, --tlsv1 requires that the
3097 underlying libcurl was built to support TLS. This option over‐
3098 rides --tlsv1.1 and --tlsv1.2 and --tlsv1.3.
3099 --tr-encoding
3101 (HTTP) Request a compressed Transfer-Encoding response using one
3102 of the algorithms curl supports, and uncompress the data while
3103 receiving it.
3104 Added in 7.21.6.
3106 --trace-ascii <file>
3108 Enables a full trace dump of all incoming and outgoing data,
3109 including descriptive information, to the given output file. Use
3110 "-" as filename to have the output sent to stdout.
3111 This is very similar to --trace, but leaves out the hex part and
3113 only shows the ASCII part of the dump. It makes smaller output
3114 that might be easier to read for untrained humans.
3115 If this option is used several times, the last one will be used.
3117 This option overrides --trace and -v, --verbose.
3119 --trace-time
3121 Prepends a time stamp to each trace or verbose line that curl
3122 displays.
3123 Added in 7.14.0.
3125 --trace <file>
3127 Enables a full trace dump of all incoming and outgoing data,
3128 including descriptive information, to the given output file. Use
3129 "-" as filename to have the output sent to stdout. Use "%" as
3130 filename to have the output sent to stderr.
3131 If this option is used several times, the last one will be used.
3133 This option overrides -v, --verbose and --trace-ascii.
3135 --unix-socket <path>
3137 (HTTP) Connect through this Unix domain socket, instead of using
3138 the network.
3139 Added in 7.40.0.
3141 -T, --upload-file <file>
3143 This transfers the specified local file to the remote URL. If
3144 there is no file part in the specified URL, curl will append the
3145 local file name. NOTE that you must use a trailing / on the last
3146 directory to really prove to Curl that there is no file name or
3147 curl will think that your last directory name is the remote file
3148 name to use. That will most likely cause the upload operation to
3149 fail. If this is used on an HTTP(S) server, the PUT command will
3150 be used.
3151 Use the file name "-" (a single dash) to use stdin instead of a
3153 given file. Alternately, the file name "." (a single period)
3154 may be specified instead of "-" to use stdin in non-blocking
3155 mode to allow reading server output while stdin is being
3156 uploaded.
3157 You can specify one -T, --upload-file for each URL on the com‐
3159 mand line. Each -T, --upload-file + URL pair specifies what to
3160 upload and to where. curl also supports "globbing" of the -T,
3161 --upload-file argument, meaning that you can upload multiple
3162 files to a single URL by using the same URL globbing style sup‐
3163 ported in the URL, like this:
3164 curl --upload-file "{file1,file2}" http://www.example.com
3166 or even
3168 curl -T "img[1-1000].png" ftp://ftp.example.com/upload/
3170 When uploading to an SMTP server: the uploaded data is assumed
3172 to be RFC 5322 formatted. It has to feature the necessary set of
3173 headers and mail body formatted correctly by the user as curl
3174 will not transcode nor encode it further in any way.
3175 --url <url>
3177 Specify a URL to fetch. This option is mostly handy when you
3178 want to specify URL(s) in a config file.
3179 If the given URL is missing a scheme name (such as "http://" or
3181 "ftp://" etc) then curl will make a guess based on the host. If
3182 the outermost sub-domain name matches DICT, FTP, IMAP, LDAP,
3183 POP3 or SMTP then that protocol will be used, otherwise HTTP
3184 will be used. Since 7.45.0 guessing can be disabled by setting a
3185 default protocol, see --proto-default for details.
3186 This option may be used any number of times. To control where
3188 this URL is written, use the -o, --output or the -O, --remote-
3189 name options.
3190 Warning: On Windows, particular file:// accesses can be con‐
3192 verted to network accesses by the operating system. Beware!
3193 -B, --use-ascii
3195 (FTP LDAP) Enable ASCII transfer. For FTP, this can also be
3196 enforced by using a URL that ends with ";type=A". This option
3197 causes data sent to stdout to be in text mode for win32 systems.
3198 -A, --user-agent <name>
3200 (HTTP) Specify the User-Agent string to send to the HTTP server.
3201 To encode blanks in the string, surround the string with single
3202 quote marks. This header can also be set with the -H, --header
3203 or the --proxy-header options.
3204 If you give an empty argument to -A, --user-agent (""), it will
3206 remove the header completely from the request. If you prefer a
3207 blank header, you can set it to a single space (" ").
3208 If this option is used several times, the last one will be used.
3210 -u, --user <user:password>
3212 Specify the user name and password to use for server authentica‐
3213 tion. Overrides -n, --netrc and --netrc-optional.
3214 If you simply specify the user name, curl will prompt for a
3216 password.
3217 The user name and passwords are split up on the first colon,
3219 which makes it impossible to use a colon in the user name with
3220 this option. The password can, still.
3221 On systems where it works, curl will hide the given option argu‐
3223 ment from process listings. This is not enough to protect cre‐
3224 dentials from possibly getting seen by other users on the same
3225 system as they will still be visible for a brief moment before
3226 cleared. Such sensitive data should be retrieved from a file
3227 instead or similar and never used in clear text in a command
3228 line.
3229 When using Kerberos V5 with a Windows based server you should
3231 include the Windows domain name in the user name, in order for
3232 the server to successfully obtain a Kerberos Ticket. If you
3233 don't then the initial authentication handshake may fail.
3234 When using NTLM, the user name can be specified simply as the
3236 user name, without the domain, if there is a single domain and
3237 forest in your setup for example.
3238 To specify the domain name use either Down-Level Logon Name or
3240 UPN (User Principal Name) formats. For example, EXAMPLE\user and
3241 user@example.com respectively.
3242 If you use a Windows SSPI-enabled curl binary and perform Ker‐
3244 beros V5, Negotiate, NTLM or Digest authentication then you can
3245 tell curl to select the user name and password from your envi‐
3246 ronment by specifying a single colon with this option: "-u :".
3247 If this option is used several times, the last one will be used.
3249 -v, --verbose
3251 Makes curl verbose during the operation. Useful for debugging
3252 and seeing what's going on "under the hood". A line starting
3253 with '>' means "header data" sent by curl, '<' means "header
3254 data" received by curl that is hidden in normal cases, and a
3255 line starting with '*' means additional info provided by curl.
3256 If you only want HTTP headers in the output, -i, --include might
3258 be the option you're looking for.
3259 If you think this option still doesn't give you enough details,
3261 consider using --trace or --trace-ascii instead.
3262 Use -s, --silent to make curl really quiet.
3264 See also -i, --include. This option overrides --trace and
3266 --trace-ascii.
3267 -V, --version
3269 Displays information about curl and the libcurl version it uses.
3270 The first line includes the full version of curl, libcurl and
3272 other 3rd party libraries linked with the executable.
3273 The second line (starts with "Protocols:") shows all protocols
3275 that libcurl reports to support.
3276 The third line (starts with "Features:") shows specific features
3278 libcurl reports to offer. Available features include:
3279 alt-svc
3281 Support for the Alt-Svc: header is provided.
3282 AsynchDNS
3284 This curl uses asynchronous name resolves. Asynchronous
3285 name resolves can be done using either the c-ares or the
3286 threaded resolver backends.
3287 brotli Support for automatic brotli compression over HTTP(S).
3289 CharConv
3291 curl was built with support for character set conversions
3292 (like EBCDIC)
3293 Debug This curl uses a libcurl built with Debug. This enables
3295 more error-tracking and memory debugging etc. For curl-
3296 developers only!
3297 GSS-API
3299 GSS-API is supported.
3300 HTTP2 HTTP/2 support has been built-in.
3302 HTTP3 HTTP/3 support has been built-in.
3304 HTTPS-proxy
3306 This curl is built to support HTTPS proxy.
3307 IDN This curl supports IDN - international domain names.
3309 IPv6 You can use IPv6 with this.
3311 krb4 Krb4 for FTP is supported.
3313 Largefile
3315 This curl supports transfers of large files, files larger
3316 than 2GB.
3317 libz Automatic decompression of compressed files over HTTP is
3319 supported.
3320 Metalink
3322 This curl supports Metalink
3323 MultiSSL
3325 This curl supports multiple TLS backends.
3326 NTLM NTLM authentication is supported.
3328 NTLM NTLM authentication is supported.
3330 PSL PSL is short for Public Suffix List and means that this
3332 curl has been built with knowledge about "public suf‐
3333 fixes".
3334 SPNEGO SPNEGO authentication is supported.
3336 SSL SSL versions of various protocols are supported, such as
3338 HTTPS, FTPS, POP3S and so on.
3339 SSPI SSPI is supported.
3341 TLS-SRP
3343 SRP (Secure Remote Password) authentication is supported
3344 for TLS.
3345 UnixSockets
3347 Unix sockets support is provided.
3348 -w, --write-out <format>
3350 Make curl display information on stdout after a completed trans‐
3351 fer. The format is a string that may contain plain text mixed
3352 with any number of variables. The format can be specified as a
3353 literal "string", or you can have curl read the format from a
3354 file with "@filename" and to tell curl to read the format from
3355 stdin you write "@-".
3356 The variables present in the output format will be substituted
3358 by the value or text that curl thinks fit, as described below.
3359 All variables are specified as %{variable_name} and to output a
3360 normal % you just write them as %%. You can output a newline by
3361 using \n, a carriage return with \r and a tab space with \t.
3362 The output will be written to standard output, but this can be
3364 switched to standard error by using %{stderr}.
3365 NOTE: The %-symbol is a special symbol in the win32-environment,
3367 where all occurrences of % must be doubled when using this
3368 option.
3369 The variables available are:
3371 content_type The Content-Type of the requested document, if
3373 there was any.
3374 filename_effective
3376 The ultimate filename that curl writes out to.
3377 This is only meaningful if curl is told to write
3378 to a file with the -O, --remote-name or -o,
3379 --output option. It's most useful in combination
3380 with the -J, --remote-header-name option. (Added
3381 in 7.26.0)
3382 ftp_entry_path The initial path curl ended up in when logging on
3384 to the remote FTP server. (Added in 7.15.4)
3385 http_code The numerical response code that was found in the
3387 last retrieved HTTP(S) or FTP(s) transfer. In
3388 7.18.2 the alias response_code was added to show
3389 the same info.
3390 http_connect The numerical code that was found in the last
3392 response (from a proxy) to a curl CONNECT
3393 request. (Added in 7.12.4)
3394 http_version The http version that was effectively used.
3396 (Added in 7.50.0)
3397 json A JSON object with all available keys.
3399 local_ip The IP address of the local end of the most
3401 recently done connection - can be either IPv4 or
3402 IPv6 (Added in 7.29.0)
3403 local_port The local port number of the most recently done
3405 connection (Added in 7.29.0)
3406 num_connects Number of new connects made in the recent trans‐
3408 fer. (Added in 7.12.3)
3409 num_redirects Number of redirects that were followed in the
3411 request. (Added in 7.12.3)
3412 proxy_ssl_verify_result
3414 The result of the HTTPS proxy's SSL peer certifi‐
3415 cate verification that was requested. 0 means the
3416 verification was successful. (Added in 7.52.0)
3417 redirect_url When an HTTP request was made without -L, --loca‐
3419 tion to follow redirects (or when --max-redir is
3420 met), this variable will show the actual URL a
3421 redirect would have gone to. (Added in 7.18.2)
3422 remote_ip The remote IP address of the most recently done
3424 connection - can be either IPv4 or IPv6 (Added in
3425 7.29.0)
3426 remote_port The remote port number of the most recently done
3428 connection (Added in 7.29.0)
3429 response_code The numerical response code that was found in the
3431 last transfer (formerly known as "http_code").
3432 (Added in 7.18.2)
3433 scheme The URL scheme (sometimes called protocol) that
3435 was effectively used (Added in 7.52.0)
3436 size_download The total amount of bytes that were downloaded.
3438 size_header The total amount of bytes of the downloaded head‐
3440 ers.
3441 size_request The total amount of bytes that were sent in the
3443 HTTP request.
3444 size_upload The total amount of bytes that were uploaded.
3446 speed_download The average download speed that curl measured for
3448 the complete download. Bytes per second.
3449 speed_upload The average upload speed that curl measured for
3451 the complete upload. Bytes per second.
3452 ssl_verify_result
3454 The result of the SSL peer certificate verifica‐
3455 tion that was requested. 0 means the verification
3456 was successful. (Added in 7.19.0)
3457 stderr From this point on, the -w, --write-out output
3459 will be written to standard error. (Added in
3460 7.63.0)
3461 stdout From this point on, the -w, --write-out output
3463 will be written to standard output. This is the
3464 default, but can be used to switch back after
3465 switching to stderr. (Added in 7.63.0)
3466 time_appconnect
3468 The time, in seconds, it took from the start
3469 until the SSL/SSH/etc connect/handshake to the
3470 remote host was completed. (Added in 7.19.0)
3471 time_connect The time, in seconds, it took from the start
3473 until the TCP connect to the remote host (or
3474 proxy) was completed.
3475 time_namelookup
3477 The time, in seconds, it took from the start
3478 until the name resolving was completed.
3479 time_pretransfer
3481 The time, in seconds, it took from the start
3482 until the file transfer was just about to begin.
3483 This includes all pre-transfer commands and nego‐
3484 tiations that are specific to the particular pro‐
3485 tocol(s) involved.
3486 time_redirect The time, in seconds, it took for all redirection
3488 steps including name lookup, connect, pretransfer
3489 and transfer before the final transaction was
3490 started. time_redirect shows the complete execu‐
3491 tion time for multiple redirections. (Added in
3492 7.12.3)
3493 time_starttransfer
3495 The time, in seconds, it took from the start
3496 until the first byte was just about to be trans‐
3497 ferred. This includes time_pretransfer and also
3498 the time the server needed to calculate the
3499 result.
3500 time_total The total time, in seconds, that the full opera‐
3502 tion lasted.
3503 url_effective The URL that was fetched last. This is most mean‐
3505 ingful if you've told curl to follow location:
3506 headers.
3507 If this option is used several times, the last one will be used.
3509 --xattr
3511 When saving output to a file, this option tells curl to store
3512 certain file metadata in extended file attributes. Currently,
3513 the URL is stored in the xdg.origin.url attribute and, for HTTP,
3514 the content type is stored in the mime_type attribute. If the
3515 file system does not support extended attributes, a warning is
3516 issued.
3517
3519 ~/.curlrc
3520 Default config file, see -K, --config for details.
3521
3523 The environment variables can be specified in lower case or upper case.
3524 The lower case version has precedence. http_proxy is an exception as it
3525 is only available in lower case.
3526 Using an environment variable to set the proxy has the same effect as
3528 using the -x, --proxy option.
3529 http_proxy [protocol://]<host>[:port]
3532 Sets the proxy server to use for HTTP.
3533 HTTPS_PROXY [protocol://]<host>[:port]
3535 Sets the proxy server to use for HTTPS.
3536 [url-protocol]_PROXY [protocol://]<host>[:port]
3538 Sets the proxy server to use for [url-protocol], where the pro‐
3539 tocol is a protocol that curl supports and as specified in a
3540 URL. FTP, FTPS, POP3, IMAP, SMTP, LDAP etc.
3541 ALL_PROXY [protocol://]<host>[:port]
3543 Sets the proxy server to use if no protocol-specific proxy is
3544 set.
3545 NO_PROXY <comma-separated list of hosts/domains>
3547 list of host names that shouldn't go through any proxy. If set
3548 to an asterisk '*' only, it matches all hosts. Each name in this
3549 list is matched as either a domain name which contains the host‐
3550 name, or the hostname itself.
3551 This environment variable disables use of the proxy even when
3553 specified with the -x, --proxy option. That is
3554 NO_PROXY=direct.example.com curl -x http://proxy.example.com
3555 http://direct.example.com accesses the target URL directly, and
3556 NO_PROXY=direct.example.com curl -x http://proxy.example.com
3557 http://somewhere.example.com accesses the target URL through the
3558 proxy.
3559 The list of host names can also be include numerical IP
3561 addresses, and IPv6 versions should then be given without
3562 enclosing brackets.
3563 CURL_SSL_BACKEND <TLS backend>
3565 If curl was built with support for "MultiSSL", meaning that it
3566 has built-in support for more than one TLS backend, this envi‐
3567 ronment variable can be set to the case insensitive name of the
3568 particular backend to use when curl is invokved. Setting a name
3569 that isn't a built-in alternative, will make curl stay with the
3570 default.
3571 QLOGDIR <directory name>
3573 If curl was built with HTTP/3 support, setting this environment
3574 variable to a local directory will make curl produce qlogs in
3575 that directory, using file names named after the destination
3576 connection id (in hex). Do note that these files can become
3577 rather large. Works with both QUIC backends.
3578 SSLKEYLOGFILE <file name>
3580 If you set this environment variable to a file name, curl will
3581 store TLS secrets from its connections in that file when invoked
3582 to enable you to analyze the TLS traffic in real time using net‐
3583 work analyzing tools such as Wireshark. This works with the fol‐
3584 lowing TLS backends: OpenSSL, libressl, BoringSSL, GnuTLS, NSS
3585 and wolfSSL.
3586
3588 Since curl version 7.21.7, the proxy string may be specified with a
3589 protocol:// prefix to specify alternative proxy protocols.
3590 If no protocol is specified in the proxy string or if the string
3592 doesn't match a supported one, the proxy will be treated as an HTTP
3593 proxy.
3594 The supported proxy protocol prefixes are as follows:
3596 http://
3598 Makes it use it as an HTTP proxy. The default if no scheme pre‐
3599 fix is used.
3600 https://
3602 Makes it treated as an HTTPS proxy.
3603 socks4://
3605 Makes it the equivalent of --socks4
3606 socks4a://
3608 Makes it the equivalent of --socks4a
3609 socks5://
3611 Makes it the equivalent of --socks5
3612 socks5h://
3614 Makes it the equivalent of --socks5-hostname
3615
3617 There are a bunch of different error codes and their corresponding
3618 error messages that may appear during bad conditions. At the time of
3619 this writing, the exit codes are:
3620 1 Unsupported protocol. This build of curl has no support for this
3622 protocol.
3623 2 Failed to initialize.
3625 3 URL malformed. The syntax was not correct.
3627 4 A feature or option that was needed to perform the desired
3629 request was not enabled or was explicitly disabled at build-
3630 time. To make curl able to do this, you probably need another
3631 build of libcurl!
3632 5 Couldn't resolve proxy. The given proxy host could not be
3634 resolved.
3635 6 Couldn't resolve host. The given remote host was not resolved.
3637 7 Failed to connect to host.
3639 8 Weird server reply. The server sent data curl couldn't parse.
3641 9 FTP access denied. The server denied login or denied access to
3643 the particular resource or directory you wanted to reach. Most
3644 often you tried to change to a directory that doesn't exist on
3645 the server.
3646 10 FTP accept failed. While waiting for the server to connect back
3648 when an active FTP session is used, an error code was sent over
3649 the control connection or similar.
3650 11 FTP weird PASS reply. Curl couldn't parse the reply sent to the
3652 PASS request.
3653 12 During an active FTP session while waiting for the server to
3655 connect back to curl, the timeout expired.
3656 13 FTP weird PASV reply, Curl couldn't parse the reply sent to the
3658 PASV request.
3659 14 FTP weird 227 format. Curl couldn't parse the 227-line the
3661 server sent.
3662 15 FTP can't get host. Couldn't resolve the host IP we got in the
3664 227-line.
3665 16 HTTP/2 error. A problem was detected in the HTTP2 framing layer.
3667 This is somewhat generic and can be one out of several problems,
3668 see the error message for details.
3669 17 FTP couldn't set binary. Couldn't change transfer method to
3671 binary.
3672 18 Partial file. Only a part of the file was transferred.
3674 19 FTP couldn't download/access the given file, the RETR (or simi‐
3676 lar) command failed.
3677 21 FTP quote error. A quote command returned error from the server.
3679 22 HTTP page not retrieved. The requested url was not found or
3681 returned another error with the HTTP error code being 400 or
3682 above. This return code only appears if -f, --fail is used.
3683 23 Write error. Curl couldn't write data to a local filesystem or
3685 similar.
3686 25 FTP couldn't STOR file. The server denied the STOR operation,
3688 used for FTP uploading.
3689 26 Read error. Various reading problems.
3691 27 Out of memory. A memory allocation request failed.
3693 28 Operation timeout. The specified time-out period was reached
3695 according to the conditions.
3696 30 FTP PORT failed. The PORT command failed. Not all FTP servers
3698 support the PORT command, try doing a transfer using PASV
3699 instead!
3700 31 FTP couldn't use REST. The REST command failed. This command is
3702 used for resumed FTP transfers.
3703 33 HTTP range error. The range "command" didn't work.
3705 34 HTTP post error. Internal post-request generation error.
3707 35 SSL connect error. The SSL handshaking failed.
3709 36 Bad download resume. Couldn't continue an earlier aborted down‐
3711 load.
3712 37 FILE couldn't read file. Failed to open the file. Permissions?
3714 38 LDAP cannot bind. LDAP bind operation failed.
3716 39 LDAP search failed.
3718 41 Function not found. A required LDAP function was not found.
3720 42 Aborted by callback. An application told curl to abort the oper‐
3722 ation.
3723 43 Internal error. A function was called with a bad parameter.
3725 45 Interface error. A specified outgoing interface could not be
3727 used.
3728 47 Too many redirects. When following redirects, curl hit the maxi‐
3730 mum amount.
3731 48 Unknown option specified to libcurl. This indicates that you
3733 passed a weird option to curl that was passed on to libcurl and
3734 rejected. Read up in the manual!
3735 49 Malformed telnet option.
3737 51 The peer's SSL certificate or SSH MD5 fingerprint was not OK.
3739 52 The server didn't reply anything, which here is considered an
3741 error.
3742 53 SSL crypto engine not found.
3744 54 Cannot set SSL crypto engine as default.
3746 55 Failed sending network data.
3748 56 Failure in receiving network data.
3750 58 Problem with the local certificate.
3752 59 Couldn't use specified SSL cipher.
3754 60 Peer certificate cannot be authenticated with known CA certifi‐
3756 cates.
3757 61 Unrecognized transfer encoding.
3759 62 Invalid LDAP URL.
3761 63 Maximum file size exceeded.
3763 64 Requested FTP SSL level failed.
3765 65 Sending the data requires a rewind that failed.
3767 66 Failed to initialise SSL Engine.
3769 67 The user name, password, or similar was not accepted and curl
3771 failed to log in.
3772 68 File not found on TFTP server.
3774 69 Permission problem on TFTP server.
3776 70 Out of disk space on TFTP server.
3778 71 Illegal TFTP operation.
3780 72 Unknown TFTP transfer ID.
3782 73 File already exists (TFTP).
3784 74 No such user (TFTP).
3786 75 Character conversion failed.
3788 76 Character conversion functions required.
3790 77 Problem with reading the SSL CA cert (path? access rights?).
3792 78 The resource referenced in the URL does not exist.
3794 79 An unspecified error occurred during the SSH session.
3796 80 Failed to shut down the SSL connection.
3798 82 Could not load CRL file, missing or wrong format (added in
3800 7.19.0).
3801 83 Issuer check failed (added in 7.19.0).
3803 84 The FTP PRET command failed
3805 85 RTSP: mismatch of CSeq numbers
3807 86 RTSP: mismatch of Session Identifiers
3809 87 unable to parse FTP file list
3811 88 FTP chunk callback reported error
3813 89 No connection available, the session will be queued
3815 90 SSL public key does not matched pinned public key
3817 91 Invalid SSL certificate status.
3819 92 Stream error in HTTP/2 framing layer.
3821 XX More error codes will appear here in future releases. The exist‐
3823 ing ones are meant to never change.
3824
3826 Daniel Stenberg is the main author, but the whole list of contributors
3827 is found in the separate THANKS file.
3828
3830 https://curl.haxx.se
3831
3833 ftp(1), wget(1)
3834Curl 7.71.1 November 16, 2016 curl(1)