1curl(1) Curl Manual curl(1)
2
6 curl - transfer a URL
7
9 curl [options / URLs]
10
12 curl is a tool to transfer data from or to a server, using one of the
13 supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP,
14 IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP,
15 SMB, SMBS, SMTP, SMTPS, TELNET and TFTP). The command is designed to
16 work without user interaction.
17 curl offers a busload of useful tricks like proxy support, user authen‐
19 tication, FTP upload, HTTP post, SSL connections, cookies, file trans‐
20 fer resume, Metalink, and more. As you will see below, the number of
21 features will make your head spin!
22 curl is powered by libcurl for all transfer-related features. See
24 libcurl(3) for details.
25
27 The URL syntax is protocol-dependent. You'll find a detailed descrip‐
28 tion in RFC 3986.
29 You can specify multiple URLs or parts of URLs by writing part sets
31 within braces and quoting the URL as in:
32 "http://site.{one,two,three}.com"
34 or you can get sequences of alphanumeric series by using [] as in:
36 "ftp://ftp.example.com/file[1-100].txt"
38 "ftp://ftp.example.com/file[001-100].txt" (with leading zeros)
40 "ftp://ftp.example.com/file[a-z].txt"
42 Nested sequences are not supported, but you can use several ones next
44 to each other:
45 "http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html"
47 You can specify any amount of URLs on the command line. They will be
49 fetched in a sequential manner in the specified order. You can specify
50 command line options and URLs mixed and in any order on the command
51 line.
52 You can specify a step counter for the ranges to get every Nth number
54 or letter:
55 "http://example.com/file[1-100:10].txt"
57 "http://example.com/file[a-z:2].txt"
59 When using [] or {} sequences when invoked from a command line prompt,
61 you probably have to put the full URL within double quotes to avoid the
62 shell from interfering with it. This also goes for other characters
63 treated special, like for example '&', '?' and '*'.
64 Provide the IPv6 zone index in the URL with an escaped percentage sign
66 and the interface name. Like in
67 "http://[fe80::3%25eth0]/"
69 If you specify URL without protocol:// prefix, curl will attempt to
71 guess what protocol you might want. It will then default to HTTP but
72 try other protocols based on often-used host name prefixes. For exam‐
73 ple, for host names starting with "ftp." curl will assume you want to
74 speak FTP.
75 curl will do its best to use what you pass to it as a URL. It is not
77 trying to validate it as a syntactically correct URL by any means but
78 is instead very liberal with what it accepts.
79 curl will attempt to re-use connections for multiple file transfers, so
81 that getting many files from the same server will not do multiple con‐
82 nects / handshakes. This improves speed. Of course this is only done on
83 files specified on a single command line and cannot be used between
84 separate curl invokes.
85
87 If not told otherwise, curl writes the received data to stdout. It can
88 be instructed to instead save that data into a local file, using the
89 -o, --output or -O, --remote-name options. If curl is given multiple
90 URLs to transfer on the command line, it similarly needs multiple op‐
91 tions for where to save them.
92 curl does not parse or otherwise "understand" the content it gets or
94 writes as output. It does no encoding or decoding, unless explicitly
95 asked so with dedicated command line options.
96
98 curl supports numerous protocols, or put in URL terms: schemes. Your
99 particular build may not support them all.
100 DICT Lets you lookup words using online dictionaries.
102 FILE Read or write local files. curl does not support accessing
104 file:// URL remotely, but when running on Microsoft Windows us‐
105 ing the native UNC approach will work.
106 FTP(S) curl supports the File Transfer Protocol with a lot of tweaks
108 and levers. With or without using TLS.
109 GOPHER Retrieve files.
111 HTTP(S)
113 curl supports HTTP with numerous options and variations. It can
114 speak HTTP version 0.9, 1.0, 1.1, 2 and 3 depending on build op‐
115 tions and the correct command line options.
116 IMAP(S)
118 Using the mail reading protocol, curl can "download" emails for
119 you. With or without using TLS.
120 LDAP(S)
122 curl can do directory lookups for you, with or without TLS.
123 MQTT curl supports MQTT version 3. Downloading over MQTT equals "sub‐
125 scribe" to a topic while uploading/posting equals "publish" on a
126 topic. MQTT support is experimental and TLS based MQTT is not
127 supported (yet).
128 POP3(S)
130 Downloading from a pop3 server means getting a mail. With or
131 without using TLS.
132 RTMP(S)
134 The Realtime Messaging Protocol is primarily used to server
135 streaming media and curl can download it.
136 RTSP curl supports RTSP 1.0 downloads.
138 SCP curl supports SSH version 2 scp transfers.
140 SFTP curl supports SFTP (draft 5) done over SSH version 2.
142 SMB(S) curl supports SMB version 1 for upload and download.
144 SMTP(S)
146 Uploading contents to an SMTP server means sending an email.
147 With or without TLS.
148 TELNET Telling curl to fetch a telnet URL starts an interactive session
150 where it sends what it reads on stdin and outputs what the
151 server sends it.
152 TFTP curl can do TFTP downloads and uploads.
154
156 curl normally displays a progress meter during operations, indicating
157 the amount of transferred data, transfer speeds and estimated time
158 left, etc. The progress meter displays number of bytes and the speeds
159 are in bytes per second. The suffixes (k, M, G, T, P) are 1024 based.
160 For example 1k is 1024 bytes. 1M is 1048576 bytes.
161 curl displays this data to the terminal by default, so if you invoke
163 curl to do an operation and it is about to write data to the terminal,
164 it disables the progress meter as otherwise it would mess up the output
165 mixing progress meter and response data.
166 If you want a progress meter for HTTP POST or PUT requests, you need to
168 redirect the response output to a file, using shell redirect (>), -o,
169 --output or similar.
170 It is not the same case for FTP upload as that operation does not spit
172 out any response data to the terminal.
173 If you prefer a progress "bar" instead of the regular meter, -#,
175 --progress-bar is your friend. You can also disable the progress meter
176 completely with the -s, --silent option.
177
179 Options start with one or two dashes. Many of the options require an
180 additional value next to them.
181 The short "single-dash" form of the options, -d for example, may be
183 used with or without a space between it and its value, although a space
184 is a recommended separator. The long "double-dash" form, -d, --data for
185 example, requires a space between it and its value.
186 Short version options that don't need any additional values can be used
188 immediately next to each other, like for example you can specify all
189 the options -O, -L and -v at once as -OLv.
190 In general, all boolean options are enabled with --option and yet again
192 disabled with --no-option. That is, you use the exact same option name
193 but prefix it with "no-". However, in this list we mostly only list and
194 show the --option version of them. (This concept with --no options was
195 added in 7.19.0. Previously most options were toggled on/off on re‐
196 peated use of the same command line option.)
197 --abstract-unix-socket <path>
199 (HTTP) Connect through an abstract Unix domain socket, instead
200 of using the network. Note: netstat shows the path of an ab‐
201 stract socket prefixed with '@', however the <path> argument
202 should not have this leading character.
203 Added in 7.53.0.
205 --alt-svc <file name>
207 (HTTPS) WARNING: this option is experimental. Do not use in pro‐
208 duction.
209 This option enables the alt-svc parser in curl. If the file name
211 points to an existing alt-svc cache file, that will be used. Af‐
212 ter a completed transfer, the cache will be saved to the file
213 name again if it has been modified.
214 Specify a "" file name (zero length) to avoid loading/saving and
216 make curl just handle the cache in memory.
217 If this option is used several times, curl will load contents
219 from all the files but the last one will be used for saving.
220 Added in 7.64.1.
222 --anyauth
224 (HTTP) Tells curl to figure out authentication method by itself,
225 and use the most secure one the remote site claims to support.
226 This is done by first doing a request and checking the response-
227 headers, thus possibly inducing an extra network round-trip.
228 This is used instead of setting a specific authentication
229 method, which you can do with --basic, --digest, --ntlm, and
230 --negotiate.
231 Using --anyauth is not recommended if you do uploads from stdin,
233 since it may require data to be sent twice and then the client
234 must be able to rewind. If the need should arise when uploading
235 from stdin, the upload operation will fail.
236 Used together with -u, --user.
238 See also --proxy-anyauth, --basic and --digest.
240 -a, --append
242 (FTP SFTP) When used in an upload, this makes curl append to the
243 target file instead of overwriting it. If the remote file
244 doesn't exist, it will be created. Note that this flag is ig‐
245 nored by some SFTP servers (including OpenSSH).
246 --aws-sigv4 <provider1[:provider2[:region[:service]]]>
248 Use AWS V4 signature authentication in the transfer.
249 The provider argument is a string that is used by the algorithm
251 when creating outgoing authentication headers.
252 The region argument is a string that points to a geographic area
254 of a resources collection (region-code) when the region name is
255 omitted from the endpoint.
256 The service argument is a string that points to a function pro‐
258 vided by a cloud (service-code) when the service name is omitted
259 from the endpoint.
260 Added in 7.75.0.
262 --basic
264 (HTTP) Tells curl to use HTTP Basic authentication with the re‐
265 mote host. This is the default and this option is usually point‐
266 less, unless you use it to override a previously set option that
267 sets a different authentication method (such as --ntlm, --di‐
268 gest, or --negotiate).
269 Used together with -u, --user.
271 See also --proxy-basic.
273 --cacert <file>
275 (TLS) Tells curl to use the specified certificate file to verify
276 the peer. The file may contain multiple CA certificates. The
277 certificate(s) must be in PEM format. Normally curl is built to
278 use a default file for this, so this option is typically used to
279 alter that default file.
280 curl recognizes the environment variable named 'CURL_CA_BUNDLE'
282 if it is set, and uses the given path as a path to a CA cert
283 bundle. This option overrides that variable.
284 The windows version of curl will automatically look for a CA
286 certs file named ´curl-ca-bundle.crt´, either in the same direc‐
287 tory as curl.exe, or in the Current Working Directory, or in any
288 folder along your PATH.
289 If curl is built against the NSS SSL library, the NSS PEM
291 PKCS#11 module (libnsspem.so) needs to be available for this op‐
292 tion to work properly.
293 (iOS and macOS only) If curl is built against Secure Transport,
295 then this option is supported for backward compatibility with
296 other SSL engines, but it should not be set. If the option is
297 not set, then curl will use the certificates in the system and
298 user Keychain to verify the peer, which is the preferred method
299 of verifying the peer's certificate chain.
300 (Schannel only) This option is supported for Schannel in Windows
302 7 or later with libcurl 7.60 or later. This option is supported
303 for backward compatibility with other SSL engines; instead it is
304 recommended to use Windows' store of root certificates (the de‐
305 fault for Schannel).
306 If this option is used several times, the last one will be used.
308 --capath <dir>
310 (TLS) Tells curl to use the specified certificate directory to
311 verify the peer. Multiple paths can be provided by separating
312 them with ":" (e.g. "path1:path2:path3"). The certificates must
313 be in PEM format, and if curl is built against OpenSSL, the di‐
314 rectory must have been processed using the c_rehash utility sup‐
315 plied with OpenSSL. Using --capath can allow OpenSSL-powered
316 curl to make SSL-connections much more efficiently than using
317 --cacert if the --cacert file contains many CA certificates.
318 If this option is set, the default capath value will be ignored,
320 and if it is used several times, the last one will be used.
321 --cert-status
323 (TLS) Tells curl to verify the status of the server certificate
324 by using the Certificate Status Request (aka. OCSP stapling) TLS
325 extension.
326 If this option is enabled and the server sends an invalid (e.g.
328 expired) response, if the response suggests that the server cer‐
329 tificate has been revoked, or no response at all is received,
330 the verification fails.
331 This is currently only implemented in the OpenSSL, GnuTLS and
333 NSS backends.
334 Added in 7.41.0.
336 --cert-type <type>
338 (TLS) Tells curl what type the provided client certificate is
339 using. PEM, DER, ENG and P12 are recognized types. If not spec‐
340 ified, PEM is assumed.
341 If this option is used several times, the last one will be used.
343 See also -E, --cert, --key and --key-type.
345 -E, --cert <certificate[:password]>
347 (TLS) Tells curl to use the specified client certificate file
348 when getting a file with HTTPS, FTPS or another SSL-based proto‐
349 col. The certificate must be in PKCS#12 format if using Secure
350 Transport, or PEM format if using any other engine. If the op‐
351 tional password isn't specified, it will be queried for on the
352 terminal. Note that this option assumes a "certificate" file
353 that is the private key and the client certificate concatenated!
354 See -E, --cert and --key to specify them independently.
355 If curl is built against the NSS SSL library then this option
357 can tell curl the nickname of the certificate to use within the
358 NSS database defined by the environment variable SSL_DIR (or by
359 default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (lib‐
360 nsspem.so) is available then PEM files may be loaded. If you
361 want to use a file from the current directory, please precede it
362 with "./" prefix, in order to avoid confusion with a nickname.
363 If the nickname contains ":", it needs to be preceded by "\" so
364 that it is not recognized as password delimiter. If the nick‐
365 name contains "\", it needs to be escaped as "\\" so that it is
366 not recognized as an escape character.
367 If curl is built against OpenSSL library, and the engine pkcs11
369 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
370 ify a certificate located in a PKCS#11 device. A string begin‐
371 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
372 PKCS#11 URI is provided, then the --engine option will be set as
373 "pkcs11" if none was provided and the --cert-type option will be
374 set as "ENG" if none was provided.
375 (iOS and macOS only) If curl is built against Secure Transport,
377 then the certificate string can either be the name of a certifi‐
378 cate/private key in the system or user keychain, or the path to
379 a PKCS#12-encoded certificate and private key. If you want to
380 use a file from the current directory, please precede it with
381 "./" prefix, in order to avoid confusion with a nickname.
382 (Schannel only) Client certificates must be specified by a path
384 expression to a certificate store. (Loading PFX is not sup‐
385 ported; you can import it to a store first). You can use "<store
386 location>\<store name>\<thumbprint>" to refer to a certificate
387 in the system certificates store, for example, "Curren‐
388 tUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint
389 is usually a SHA-1 hex string which you can see in certificate
390 details. Following store locations are supported: CurrentUser,
391 LocalMachine, CurrentService, Services, CurrentUserGroupPolicy,
392 LocalMachineGroupPolicy, LocalMachineEnterprise.
393 If this option is used several times, the last one will be used.
395 See also --cert-type, --key and --key-type.
397 --ciphers <list of ciphers>
399 (TLS) Specifies which ciphers to use in the connection. The list
400 of ciphers must specify valid ciphers. Read up on SSL cipher
401 list details on this URL:
402 https://curl.se/docs/ssl-ciphers.html
404 If this option is used several times, the last one will be used.
406 --compressed-ssh
408 (SCP SFTP) Enables built-in SSH compression. This is a request,
409 not an order; the server may or may not do it.
410 Added in 7.56.0.
412 --compressed
414 (HTTP) Request a compressed response using one of the algorithms
415 curl supports, and automatically decompress the content. Headers
416 are not modified.
417 If this option is used and the server sends an unsupported en‐
419 coding, curl will report an error.
420 -K, --config <file>
422 Specify a text file to read curl arguments from. The command
424 line arguments found in the text file will be used as if they
425 were provided on the command line.
426 Options and their parameters must be specified on the same line
428 in the file, separated by whitespace, colon, or the equals sign.
429 Long option names can optionally be given in the config file
430 without the initial double dashes and if so, the colon or equals
431 characters can be used as separators. If the option is specified
432 with one or two dashes, there can be no colon or equals charac‐
433 ter between the option and its parameter.
434 If the parameter contains whitespace (or starts with : or =),
436 the parameter must be enclosed within quotes. Within double
437 quotes, the following escape sequences are available: \\, \",
438 \t, \n, \r and \v. A backslash preceding any other letter is ig‐
439 nored. If the first column of a config line is a '#' character,
440 the rest of the line will be treated as a comment. Only write
441 one option per physical line in the config file.
442 Specify the filename to -K, --config as '-' to make curl read
444 the file from stdin.
445 Note that to be able to specify a URL in the config file, you
447 need to specify it using the --url option, and not by simply
448 writing the URL on its own line. So, it could look similar to
449 this:
450 url = "https://curl.se/docs/"
452 When curl is invoked, it (unless -q, --disable is used) checks
454 for a default config file and uses it if found. The default con‐
455 fig file is checked for in the following places in this order:
456 1) Use the CURL_HOME environment variable if set
458 2) Use the XDG_CONFIG_HOME environment variable if set (Added in
460 7.73.0)
461 3) Use the HOME environment variable if set
463 4) Non-windows: use getpwuid to find the home directory
465 5) Windows: use APPDATA if set
467 6) Windows: use "USERPROFILE0lication Data" if set
469 7) On windows, if there is no .curlrc file in the home dir, it
471 checks for one in the same dir the curl executable is placed. On
472 Unix-like systems, it will simply try to load .curlrc from the
473 determined home dir.
474 # --- Example file ---
476 # this is a comment
477 url = "example.com"
478 output = "curlhere.html"
479 user-agent = "superagent/1.0"
480 # and fetch another URL too
482 url = "example.com/docs/manpage.html"
483 -O
484 referer = "http://nowhereatall.example.com/"
485 # --- End of example file ---
486 This option can be used multiple times to load multiple config
488 files.
489 --connect-timeout <seconds>
491 Maximum time in seconds that you allow curl's connection to
492 take. This only limits the connection phase, so if curl con‐
493 nects within the given period it will continue - if not it will
494 exit. Since version 7.32.0, this option accepts decimal values.
495 If this option is used several times, the last one will be used.
497 See also -m, --max-time.
499 --connect-to <HOST1:PORT1:HOST2:PORT2>
501 For a request to the given HOST1:PORT1 pair, connect to
503 HOST2:PORT2 instead. This option is suitable to direct requests
504 at a specific server, e.g. at a specific cluster node in a clus‐
505 ter of servers. This option is only used to establish the net‐
506 work connection. It does NOT affect the hostname/port that is
507 used for TLS/SSL (e.g. SNI, certificate verification) or for the
508 application protocols. "HOST1" and "PORT1" may be the empty
509 string, meaning "any host/port". "HOST2" and "PORT2" may also be
510 the empty string, meaning "use the request's original
511 host/port".
512 A "host" specified to this option is compared as a string, so it
514 needs to match the name used in request URL. It can be either
515 numerical such as "127.0.0.1" or the full host name such as "ex‐
516 ample.org".
517 This option can be used many times to add many connect rules.
519 See also --resolve and -H, --header. Added in 7.49.0.
521 -C, --continue-at <offset>
523 Continue/Resume a previous file transfer at the given offset.
524 The given offset is the exact number of bytes that will be
525 skipped, counting from the beginning of the source file before
526 it is transferred to the destination. If used with uploads, the
527 FTP server command SIZE will not be used by curl.
528 Use "-C -" to tell curl to automatically find out where/how to
530 resume the transfer. It then uses the given output/input files
531 to figure that out.
532 If this option is used several times, the last one will be used.
534 See also -r, --range.
536 -c, --cookie-jar <filename>
538 (HTTP) Specify to which file you want curl to write all cookies
539 after a completed operation. Curl writes all cookies from its
540 in-memory cookie storage to the given file at the end of opera‐
541 tions. If no cookies are known, no data will be written. The
542 file will be written using the Netscape cookie file format. If
543 you set the file name to a single dash, "-", the cookies will be
544 written to stdout.
545 This command line option will activate the cookie engine that
547 makes curl record and use cookies. Another way to activate it is
548 to use the -b, --cookie option.
549 If the cookie jar can't be created or written to, the whole curl
551 operation won't fail or even report an error clearly. Using -v,
552 --verbose will get a warning displayed, but that is the only
553 visible feedback you get about this possibly lethal situation.
554 If this option is used several times, the last specified file
556 name will be used.
557 -b, --cookie <data|filename>
559 (HTTP) Pass the data to the HTTP server in the Cookie header. It
560 is supposedly the data previously received from the server in a
561 "Set-Cookie:" line. The data should be in the format
562 "NAME1=VALUE1; NAME2=VALUE2".
563 If no '=' symbol is used in the argument, it is instead treated
565 as a filename to read previously stored cookie from. This option
566 also activates the cookie engine which will make curl record in‐
567 coming cookies, which may be handy if you're using this in com‐
568 bination with the -L, --location option or do multiple URL
569 transfers on the same invoke. If the file name is exactly a mi‐
570 nus ("-"), curl will instead read the contents from stdin.
571 The file format of the file to read cookies from should be plain
573 HTTP headers (Set-Cookie style) or the Netscape/Mozilla cookie
574 file format.
575 The file specified with -b, --cookie is only used as input. No
577 cookies will be written to the file. To store cookies, use the
578 -c, --cookie-jar option.
579 Exercise caution if you are using this option and multiple
581 transfers may occur. If you use the NAME1=VALUE1; format, or in
582 a file use the Set-Cookie format and don't specify a domain,
583 then the cookie is sent for any domain (even after redirects are
584 followed) and cannot be modified by a server-set cookie. If the
585 cookie engine is enabled and a server sets a cookie of the same
586 name then both will be sent on a future transfer to that server,
587 likely not what you intended. To address these issues set a do‐
588 main in Set-Cookie (doing that will include sub domains) or use
589 the Netscape format.
590 This option can be used multiple times.
592 Users very often want to both read cookies from a file and write
594 updated cookies back to a file, so using both -b, --cookie and
595 -c, --cookie-jar in the same command line is common.
596 --create-dirs
598 When used in conjunction with the -o, --output option, curl will
599 create the necessary local directory hierarchy as needed. This
600 option creates the dirs mentioned with the -o, --output option,
601 nothing else. If the --output file name uses no dir or if the
602 dirs it mentions already exist, no dir will be created.
603 Created dirs are made with mode 0750 on unix style file systems.
605 To create remote directories when using FTP or SFTP, try --ftp-
607 create-dirs.
608 --create-file-mode <mode>
610 (SFTP SCP FILE) When curl is used to create files remotely using
611 one of the supported protocols, this option allows the user to
612 set which 'mode' to set on the file at creation time, instead of
613 the default 0644.
614 This option takes an octal number as argument.
616 See also --ftp-create-dirs. Added in 7.75.0.
618 --crlf (FTP SMTP) Convert LF to CRLF in upload. Useful for MVS
620 (OS/390).
621 (SMTP added in 7.40.0)
623 --crlfile <file>
625 (TLS) Provide a file using PEM format with a Certificate Revoca‐
626 tion List that may specify peer certificates that are to be con‐
627 sidered revoked.
628 If this option is used several times, the last one will be used.
630 Added in 7.19.7.
632 --curves <algorithm list>
634 (TLS) Tells curl to request specific curves to use during SSL
635 session establishment according to RFC 8422, 5.1. Multiple al‐
636 gorithms can be provided by separating them with ":" (e.g.
637 "X25519:P-521"). The parameter is available identically in the
638 "openssl s_client/s_server" utilities.
639 --curves allows a OpenSSL powered curl to make SSL-connections
641 with exactly the (EC) curve requested by the client, avoiding
642 intransparent client/server negotiations.
643 If this option is set, the default curves list built into
645 openssl will be ignored.
646 Added in 7.73.0.
648 --data-ascii <data>
650 (HTTP) This is just an alias for -d, --data.
651 --data-binary <data>
653 (HTTP) This posts data exactly as specified with no extra pro‐
654 cessing whatsoever.
655 If you start the data with the letter @, the rest should be a
657 filename. Data is posted in a similar manner as -d, --data
658 does, except that newlines and carriage returns are preserved
659 and conversions are never done.
660 Like -d, --data the default content-type sent to the server is
662 application/x-www-form-urlencoded. If you want the data to be
663 treated as arbitrary binary data by the server then set the con‐
664 tent-type to octet-stream: -H "Content-Type: application/octet-
665 stream".
666 If this option is used several times, the ones following the
668 first will append data as described in -d, --data.
669 --data-raw <data>
671 (HTTP) This posts data similarly to -d, --data but without the
672 special interpretation of the @ character.
673 See also -d, --data. Added in 7.43.0.
675 --data-urlencode <data>
677 (HTTP) This posts data, similar to the other -d, --data options
678 with the exception that this performs URL-encoding.
679 To be CGI-compliant, the <data> part should begin with a name
681 followed by a separator and a content specification. The <data>
682 part can be passed to curl using one of the following syntaxes:
683 content
685 This will make curl URL-encode the content and pass that
686 on. Just be careful so that the content doesn't contain
687 any = or @ symbols, as that will then make the syntax
688 match one of the other cases below!
689 =content
691 This will make curl URL-encode the content and pass that
692 on. The preceding = symbol is not included in the data.
693 name=content
695 This will make curl URL-encode the content part and pass
696 that on. Note that the name part is expected to be URL-
697 encoded already.
698 @filename
700 This will make curl load data from the given file (in‐
701 cluding any newlines), URL-encode that data and pass it
702 on in the POST.
703 name@filename
705 This will make curl load data from the given file (in‐
706 cluding any newlines), URL-encode that data and pass it
707 on in the POST. The name part gets an equal sign ap‐
708 pended, resulting in name=urlencoded-file-content. Note
709 that the name is expected to be URL-encoded already.
710 See also -d, --data and --data-raw. Added in 7.18.0.
712 -d, --data <data>
714 (HTTP MQTT) Sends the specified data in a POST request to the
715 HTTP server, in the same way that a browser does when a user has
716 filled in an HTML form and presses the submit button. This will
717 cause curl to pass the data to the server using the content-type
718 application/x-www-form-urlencoded. Compare to -F, --form.
719 --data-raw is almost the same but does not have a special inter‐
721 pretation of the @ character. To post data purely binary, you
722 should instead use the --data-binary option. To URL-encode the
723 value of a form field you may use --data-urlencode.
724 If any of these options is used more than once on the same com‐
726 mand line, the data pieces specified will be merged together
727 with a separating &-symbol. Thus, using '-d name=daniel -d
728 skill=lousy' would generate a post chunk that looks like
729 'name=daniel&skill=lousy'.
730 If you start the data with the letter @, the rest should be a
732 file name to read the data from, or - if you want curl to read
733 the data from stdin. Posting data from a file named 'foobar'
734 would thus be done with -d, --data @foobar. When -d, --data is
735 told to read from a file like that, carriage returns and new‐
736 lines will be stripped out. If you don't want the @ character to
737 have a special interpretation use --data-raw instead.
738 See also --data-binary, --data-urlencode and --data-raw. This
740 option overrides -F, --form and -I, --head and -T, --upload-
741 file.
742 --delegation <LEVEL>
744 (GSS/kerberos) Set LEVEL to tell the server what it is allowed
745 to delegate when it comes to user credentials.
746 none Don't allow any delegation.
748 policy Delegates if and only if the OK-AS-DELEGATE flag is set
750 in the Kerberos service ticket, which is a matter of
751 realm policy.
752 always Unconditionally allow the server to delegate.
754 --digest
756 (HTTP) Enables HTTP Digest authentication. This is an authenti‐
757 cation scheme that prevents the password from being sent over
758 the wire in clear text. Use this in combination with the normal
759 -u, --user option to set user name and password.
760 If this option is used several times, only the first one is
762 used.
763 See also -u, --user, --proxy-digest and --anyauth. This option
765 overrides --basic and --ntlm and --negotiate.
766 --disable-eprt
768 (FTP) Tell curl to disable the use of the EPRT and LPRT commands
769 when doing active FTP transfers. Curl will normally always first
770 attempt to use EPRT, then LPRT before using PORT, but with this
771 option, it will use PORT right away. EPRT and LPRT are exten‐
772 sions to the original FTP protocol, and may not work on all
773 servers, but they enable more functionality in a better way than
774 the traditional PORT command.
775 --eprt can be used to explicitly enable EPRT again and --no-eprt
777 is an alias for --disable-eprt.
778 If the server is accessed using IPv6, this option will have no
780 effect as EPRT is necessary then.
781 Disabling EPRT only changes the active behavior. If you want to
783 switch to passive mode you need to not use -P, --ftp-port or
784 force it with --ftp-pasv.
785 --disable-epsv
787 (FTP) (FTP) Tell curl to disable the use of the EPSV command
788 when doing passive FTP transfers. Curl will normally always
789 first attempt to use EPSV before PASV, but with this option, it
790 will not try using EPSV.
791 --epsv can be used to explicitly enable EPSV again and --no-epsv
793 is an alias for --disable-epsv.
794 If the server is an IPv6 host, this option will have no effect
796 as EPSV is necessary then.
797 Disabling EPSV only changes the passive behavior. If you want to
799 switch to active mode you need to use -P, --ftp-port.
800 -q, --disable
802 If used as the first parameter on the command line, the curlrc
803 config file will not be read and used. See the -K, --config for
804 details on the default config file search path.
805 --disallow-username-in-url
807 (HTTP) This tells curl to exit if passed a url containing a
808 username.
809 See also --proto. Added in 7.61.0.
811 --dns-interface <interface>
813 (DNS) Tell curl to send outgoing DNS requests through <inter‐
814 face>. This option is a counterpart to --interface (which does
815 not affect DNS). The supplied string must be an interface name
816 (not an address).
817 See also --dns-ipv4-addr and --dns-ipv6-addr. --dns-interface
819 requires that the underlying libcurl was built to support c-
820 ares. Added in 7.33.0.
821 --dns-ipv4-addr <address>
823 (DNS) Tell curl to bind to <ip-address> when making IPv4 DNS re‐
824 quests, so that the DNS requests originate from this address.
825 The argument should be a single IPv4 address.
826 See also --dns-interface and --dns-ipv6-addr. --dns-ipv4-addr
828 requires that the underlying libcurl was built to support c-
829 ares. Added in 7.33.0.
830 --dns-ipv6-addr <address>
832 (DNS) Tell curl to bind to <ip-address> when making IPv6 DNS re‐
833 quests, so that the DNS requests originate from this address.
834 The argument should be a single IPv6 address.
835 See also --dns-interface and --dns-ipv4-addr. --dns-ipv6-addr
837 requires that the underlying libcurl was built to support c-
838 ares. Added in 7.33.0.
839 --dns-servers <addresses>
841 Set the list of DNS servers to be used instead of the system de‐
842 fault. The list of IP addresses should be separated with com‐
843 mas. Port numbers may also optionally be given as :<port-number>
844 after each IP address.
845 --dns-servers requires that the underlying libcurl was built to
847 support c-ares. Added in 7.33.0.
848 --doh-cert-status
850 (all) Same as --cert-status but used for DOH (DNS-over-HTTPS).
851 Added in 7.76.0.
853 --doh-insecure
855 (all) Same as -k, --insecure but used for DOH (DNS-over-HTTPS).
856 Added in 7.76.0.
858 --doh-url <URL>
860 (all) Specifies which DNS-over-HTTPS (DOH) server to use to re‐
861 solve hostnames, instead of using the default name resolver
862 mechanism. The URL must be HTTPS.
863 Some SSL options that you set for your transfer will apply to
865 DOH since the name lookups take place over SSL. However, the
866 certificate verification settings are not inherited and can be
867 controlled separately via --doh-insecure and --doh-cert-status.
868 If this option is used several times, the last one will be used.
870 Added in 7.62.0.
872 -D, --dump-header <filename>
874 (HTTP FTP) Write the received protocol headers to the specified
875 file.
876 This option is handy to use when you want to store the headers
878 that an HTTP site sends to you. Cookies from the headers could
879 then be read in a second curl invocation by using the -b,
880 --cookie option! The -c, --cookie-jar option is a better way to
881 store cookies.
882 If no headers are received, the use of this option will create
884 an empty file.
885 When used in FTP, the FTP server response lines are considered
887 being "headers" and thus are saved there.
888 If this option is used several times, the last one will be used.
890 See also -o, --output.
892 --egd-file <file>
894 (TLS) Specify the path name to the Entropy Gathering Daemon
895 socket. The socket is used to seed the random engine for SSL
896 connections.
897 See also --random-file.
899 --engine <name>
901 (TLS) Select the OpenSSL crypto engine to use for cipher opera‐
902 tions. Use --engine list to print a list of build-time supported
903 engines. Note that not all (or none) of the engines may be
904 available at run-time.
905 --etag-compare <file>
907 (HTTP) This option makes a conditional HTTP request for the spe‐
908 cific ETag read from the given file by sending a custom If-None-
909 Match header using the extracted ETag.
910 For correct results, make sure that specified file contains only
912 a single line with a desired ETag. An empty file is parsed as an
913 empty ETag.
914 Use the option --etag-save to first save the ETag from a re‐
916 sponse, and then use this option to compare using the saved ETag
917 in a subsequent request.
918 COMPARISON: There are 2 types of comparison or ETags: Weak and
920 Strong. This option expects, and uses a strong comparison.
921 Added in 7.68.0.
923 --etag-save <file>
925 (HTTP) This option saves an HTTP ETag to the specified file.
926 Etag is usually part of headers returned by a request. When
927 server sends an ETag, it must be enveloped by a double quote.
928 This option extracts the ETag without the double quotes and
929 saves it into the <file>.
930 A server can send a weak ETag which is prefixed by "W/". This
932 identifier is not considered, and only relevant ETag between
933 quotation marks is parsed.
934 It an ETag wasn't sent by the server or it cannot be parsed, an
936 empty file is created.
937 Added in 7.68.0.
939 --expect100-timeout <seconds>
941 (HTTP) Maximum time in seconds that you allow curl to wait for a
942 100-continue response when curl emits an Expects: 100-continue
943 header in its request. By default curl will wait one second.
944 This option accepts decimal values! When curl stops waiting, it
945 will continue as if the response has been received.
946 See also --connect-timeout. Added in 7.47.0.
948 --fail-early
950 Fail and exit on the first detected transfer error.
951 When curl is used to do multiple transfers on the command line,
953 it will attempt to operate on each given URL, one by one. By de‐
954 fault, it will ignore errors if there are more URLs given and
955 the last URL's success will determine the error code curl re‐
956 turns. So early failures will be "hidden" by subsequent success‐
957 ful transfers.
958 Using this option, curl will instead return an error on the
960 first transfer that fails, independent of the amount of URLs
961 that are given on the command line. This way, no transfer fail‐
962 ures go undetected by scripts and similar.
963 This option is global and does not need to be specified for each
965 use of -:, --next.
966 This option does not imply -f, --fail, which causes transfers to
968 fail due to the server's HTTP status code. You can combine the
969 two options, however note -f, --fail is not global and is there‐
970 fore contained by -:, --next.
971 Added in 7.52.0.
973 --fail-with-body
975 (HTTP) Return an error on server errors where the HTTP response
976 code is 400 or greater). In normal cases when an HTTP server
977 fails to deliver a document, it returns an HTML document stating
978 so (which often also describes why and more). This flag will
979 still allow curl to outputting and save that content but also to
980 return error 22.
981 This is an alternative option to -f, --fail which makes curl
983 fail for the same circumstances but without saving the content.
984 See also -f, --fail. Added in 7.76.0.
986 -f, --fail
988 (HTTP) Fail silently (no output at all) on server errors. This
989 is mostly done to enable scripts etc to better deal with failed
990 attempts. In normal cases when an HTTP server fails to deliver a
991 document, it returns an HTML document stating so (which often
992 also describes why and more). This flag will prevent curl from
993 outputting that and return error 22.
994 This method is not fail-safe and there are occasions where non-
996 successful response codes will slip through, especially when au‐
997 thentication is involved (response codes 401 and 407).
998 See also --fail-with-body.
1000 --false-start
1002 (TLS) Tells curl to use false start during the TLS handshake.
1003 False start is a mode where a TLS client will start sending ap‐
1004 plication data before verifying the server's Finished message,
1005 thus saving a round trip when performing a full handshake.
1006 This is currently only implemented in the NSS and Secure Trans‐
1008 port (on iOS 7.0 or later, or OS X 10.9 or later) backends.
1009 Added in 7.42.0.
1011 --form-string <name=string>
1013 (HTTP SMTP IMAP) Similar to -F, --form except that the value
1014 string for the named parameter is used literally. Leading '@'
1015 and '<' characters, and the ';type=' string in the value have no
1016 special meaning. Use this in preference to -F, --form if there's
1017 any possibility that the string value may accidentally trigger
1018 the '@' or '<' features of -F, --form.
1019 See also -F, --form.
1021 -F, --form <name=content>
1023 (HTTP SMTP IMAP) For HTTP protocol family, this lets curl emu‐
1024 late a filled-in form in which a user has pressed the submit
1025 button. This causes curl to POST data using the Content-Type
1026 multipart/form-data according to RFC 2388.
1027 For SMTP and IMAP protocols, this is the mean to compose a mul‐
1029 tipart mail message to transmit.
1030 This enables uploading of binary files etc. To force the 'con‐
1032 tent' part to be a file, prefix the file name with an @ sign. To
1033 just get the content part from a file, prefix the file name with
1034 the symbol <. The difference between @ and < is then that @
1035 makes a file get attached in the post as a file upload, while
1036 the < makes a text field and just get the contents for that text
1037 field from a file.
1038 Tell curl to read content from stdin instead of a file by using
1040 - as filename. This goes for both @ and < constructs. When stdin
1041 is used, the contents is buffered in memory first by curl to de‐
1042 termine its size and allow a possible resend. Defining a part's
1043 data from a named non-regular file (such as a named pipe or sim‐
1044 ilar) is unfortunately not subject to buffering and will be ef‐
1045 fectively read at transmission time; since the full size is un‐
1046 known before the transfer starts, such data is sent as chunks by
1047 HTTP and rejected by IMAP.
1048 Example: send an image to an HTTP server, where 'profile' is the
1050 name of the form-field to which the file portrait.jpg will be
1051 the input:
1052 curl -F profile=@portrait.jpg https://example.com/upload.cgi
1054 Example: send your name and shoe size in two text fields to the
1056 server:
1057 curl -F name=John -F shoesize=11 https://example.com/
1059 Example: send your essay in a text field to the server. Send it
1061 as a plain text field, but get the contents for it from a local
1062 file:
1063 curl -F "story=<hugefile.txt" https://example.com/
1065 You can also tell curl what Content-Type to use by using
1067 'type=', in a manner similar to:
1068 curl -F "web=@index.html;type=text/html" example.com
1070 or
1072 curl -F "name=daniel;type=text/foo" example.com
1074 You can also explicitly change the name field of a file upload
1076 part by setting filename=, like this:
1077 curl -F "file=@localfile;filename=nameinpost" example.com
1079 If filename/path contains ',' or ';', it must be quoted by dou‐
1081 ble-quotes like:
1082 curl -F "file=@\"localfile\";filename=\"nameinpost\"" exam‐
1084 ple.com
1085 or
1087 curl -F 'file=@"localfile";filename="nameinpost"' example.com
1089 Note that if a filename/path is quoted by double-quotes, any
1091 double-quote or backslash within the filename must be escaped by
1092 backslash.
1093 Quoting must also be applied to non-file data if it contains
1095 semicolons, leading/trailing spaces or leading double quotes:
1096 curl -F 'colors="red; green; blue";type=text/x-myapp' exam‐
1098 ple.com
1099 You can add custom headers to the field by setting headers=,
1101 like
1102 curl -F "submit=OK;headers=\"X-submit-type: OK\"" example.com
1104 or
1106 curl -F "submit=OK;headers=@headerfile" example.com
1108 The headers= keyword may appear more that once and above notes
1110 about quoting apply. When headers are read from a file, Empty
1111 lines and lines starting with '#' are comments and ignored; each
1112 header can be folded by splitting between two words and starting
1113 the continuation line with a space; embedded carriage-returns
1114 and trailing spaces are stripped. Here is an example of a
1115 header file contents:
1116 # This file contain two headers.
1118 X-header-1: this is a header
1119 # The following header is folded.
1121 X-header-2: this is
1122 another header
1123 To support sending multipart mail messages, the syntax is ex‐
1126 tended as follows:
1127 - name can be omitted: the equal sign is the first character of
1128 the argument,
1129 - if data starts with '(', this signals to start a new multi‐
1130 part: it can be followed by a content type specification.
1131 - a multipart can be terminated with a '=)' argument.
1132 Example: the following command sends an SMTP mime e-mail con‐
1134 sisting in an inline part in two alternative formats: plain text
1135 and HTML. It attaches a text file:
1136 curl -F '=(;type=multipart/alternative' \
1138 -F '=plain text message' \
1139 -F '= <body>HTML message</body>;type=text/html' \
1140 -F '=)' -F '=@textfile.txt' ... smtp://example.com
1141 Data can be encoded for transfer using encoder=. Available en‐
1143 codings are binary and 8bit that do nothing else than adding the
1144 corresponding Content-Transfer-Encoding header, 7bit that only
1145 rejects 8-bit characters with a transfer error, quoted-printable
1146 and base64 that encodes data according to the corresponding
1147 schemes, limiting lines length to 76 characters.
1148 Example: send multipart mail with a quoted-printable text mes‐
1150 sage and a base64 attached file:
1151 curl -F '=text message;encoder=quoted-printable' \
1153 -F '=@localfile;encoder=base64' ... smtp://example.com
1154 See further examples and details in the MANUAL.
1156 This option can be used multiple times.
1158 This option overrides -d, --data and -I, --head and -T, --up‐
1160 load-file.
1161 --ftp-account <data>
1163 (FTP) When an FTP server asks for "account data" after user name
1164 and password has been provided, this data is sent off using the
1165 ACCT command.
1166 If this option is used several times, the last one will be used.
1168 Added in 7.13.0.
1170 --ftp-alternative-to-user <command>
1172 (FTP) If authenticating with the USER and PASS commands fails,
1173 send this command. When connecting to Tumbleweed's Secure
1174 Transport server over FTPS using a client certificate, using
1175 "SITE AUTH" will tell the server to retrieve the username from
1176 the certificate.
1177 Added in 7.15.5.
1179 --ftp-create-dirs
1181 (FTP SFTP) When an FTP or SFTP URL/operation uses a path that
1182 doesn't currently exist on the server, the standard behavior of
1183 curl is to fail. Using this option, curl will instead attempt to
1184 create missing directories.
1185 See also --create-dirs.
1187 --ftp-method <method>
1189 (FTP) Control what method curl should use to reach a file on an
1190 FTP(S) server. The method argument should be one of the follow‐
1191 ing alternatives:
1192 multicwd
1194 curl does a single CWD operation for each path part in
1195 the given URL. For deep hierarchies this means very many
1196 commands. This is how RFC 1738 says it should be done.
1197 This is the default but the slowest behavior.
1198 nocwd curl does no CWD at all. curl will do SIZE, RETR, STOR
1200 etc and give a full path to the server for all these com‐
1201 mands. This is the fastest behavior.
1202 singlecwd
1204 curl does one CWD with the full target directory and then
1205 operates on the file "normally" (like in the multicwd
1206 case). This is somewhat more standards compliant than
1207 'nocwd' but without the full penalty of 'multicwd'.
1208 Added in 7.15.1.
1210 --ftp-pasv
1212 (FTP) Use passive mode for the data connection. Passive is the
1213 internal default behavior, but using this option can be used to
1214 override a previous -P, --ftp-port option.
1215 If this option is used several times, only the first one is
1217 used. Undoing an enforced passive really isn't doable but you
1218 must then instead enforce the correct -P, --ftp-port again.
1219 Passive mode means that curl will try the EPSV command first and
1221 then PASV, unless --disable-epsv is used.
1222 See also --disable-epsv. Added in 7.11.0.
1224 -P, --ftp-port <address>
1226 (FTP) Reverses the default initiator/listener roles when con‐
1227 necting with FTP. This option makes curl use active mode. curl
1228 then tells the server to connect back to the client's specified
1229 address and port, while passive mode asks the server to setup an
1230 IP address and port for it to connect to. <address> should be
1231 one of:
1232 interface
1234 e.g. "eth0" to specify which interface's IP address you
1235 want to use (Unix only)
1236 IP address
1238 e.g. "192.168.10.1" to specify the exact IP address
1239 host name
1241 e.g. "my.host.domain" to specify the machine
1242 - make curl pick the same IP address that is already used
1244 for the control connection
1245 If this option is used several times, the last one will be used. Dis‐
1247 able the use of PORT with --ftp-pasv. Disable the attempt to use the
1248 EPRT command instead of PORT by using --disable-eprt. EPRT is really
1249 PORT++.
1250 Since 7.19.5, you can append ":[start]-[end]" to the right of the ad‐
1252 dress, to tell curl what TCP port range to use. That means you specify
1253 a port range, from a lower to a higher number. A single number works as
1254 well, but do note that it increases the risk of failure since the port
1255 may not be available.
1256 See also --ftp-pasv and --disable-eprt.
1258 --ftp-pret
1260 (FTP) Tell curl to send a PRET command before PASV (and EPSV).
1261 Certain FTP servers, mainly drftpd, require this non-standard
1262 command for directory listings as well as up and downloads in
1263 PASV mode.
1264 Added in 7.20.0.
1266 --ftp-skip-pasv-ip
1268 (FTP) Tell curl to not use the IP address the server suggests in
1269 its response to curl's PASV command when curl connects the data
1270 connection. Instead curl will re-use the same IP address it al‐
1271 ready uses for the control connection.
1272 Since curl 7.74.0 this option is enabled by default.
1274 This option has no effect if PORT, EPRT or EPSV is used instead
1276 of PASV.
1277 See also --ftp-pasv. Added in 7.14.2.
1279 --ftp-ssl-ccc-mode <active/passive>
1281 (FTP) Sets the CCC mode. The passive mode will not initiate the
1282 shutdown, but instead wait for the server to do it, and will not
1283 reply to the shutdown from the server. The active mode initiates
1284 the shutdown and waits for a reply from the server.
1285 See also --ftp-ssl-ccc. Added in 7.16.2.
1287 --ftp-ssl-ccc
1289 (FTP) Use CCC (Clear Command Channel) Shuts down the SSL/TLS
1290 layer after authenticating. The rest of the control channel com‐
1291 munication will be unencrypted. This allows NAT routers to fol‐
1292 low the FTP transaction. The default mode is passive.
1293 See also --ssl and --ftp-ssl-ccc-mode. Added in 7.16.1.
1295 --ftp-ssl-control
1297 (FTP) Require SSL/TLS for the FTP login, clear for transfer.
1298 Allows secure authentication, but non-encrypted data transfers
1299 for efficiency. Fails the transfer if the server doesn't sup‐
1300 port SSL/TLS.
1301 Added in 7.16.0.
1303 -G, --get
1305 When used, this option will make all data specified with -d,
1306 --data, --data-binary or --data-urlencode to be used in an HTTP
1307 GET request instead of the POST request that otherwise would be
1308 used. The data will be appended to the URL with a '?' separator.
1309 If used in combination with -I, --head, the POST data will in‐
1311 stead be appended to the URL with a HEAD request.
1312 If this option is used several times, only the first one is
1314 used. This is because undoing a GET doesn't make sense, but you
1315 should then instead enforce the alternative method you prefer.
1316 -g, --globoff
1318 This option switches off the "URL globbing parser". When you set
1319 this option, you can specify URLs that contain the letters {}[]
1320 without having them being interpreted by curl itself. Note that
1321 these letters are not normal legal URL contents but they should
1322 be encoded according to the URI standard.
1323 --happy-eyeballs-timeout-ms <milliseconds>
1325 Happy eyeballs is an algorithm that attempts to connect to both
1326 IPv4 and IPv6 addresses for dual-stack hosts, preferring IPv6
1327 first for the number of milliseconds. If the IPv6 address cannot
1328 be connected to within that time then a connection attempt is
1329 made to the IPv4 address in parallel. The first connection to be
1330 established is the one that is used.
1331 The range of suggested useful values is limited. Happy Eyeballs
1333 RFC 6555 says "It is RECOMMENDED that connection attempts be
1334 paced 150-250 ms apart to balance human factors against network
1335 load." libcurl currently defaults to 200 ms. Firefox and Chrome
1336 currently default to 300 ms.
1337 If this option is used several times, the last one will be used.
1339 Added in 7.59.0.
1341 --haproxy-protocol
1343 (HTTP) Send a HAProxy PROXY protocol v1 header at the beginning
1344 of the connection. This is used by some load balancers and re‐
1345 verse proxies to indicate the client's true IP address and port.
1346 This option is primarily useful when sending test requests to a
1348 service that expects this header.
1349 Added in 7.60.0.
1351 -I, --head
1353 (HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the
1354 command HEAD which this uses to get nothing but the header of a
1355 document. When used on an FTP or FILE file, curl displays the
1356 file size and last modification time only.
1357 -H, --header <header/@file>
1359 (HTTP) Extra header to include in the request when sending HTTP
1360 to a server. You may specify any number of extra headers. Note
1361 that if you should add a custom header that has the same name as
1362 one of the internal ones curl would use, your externally set
1363 header will be used instead of the internal one. This allows you
1364 to make even trickier stuff than curl would normally do. You
1365 should not replace internally set headers without knowing per‐
1366 fectly well what you're doing. Remove an internal header by giv‐
1367 ing a replacement without content on the right side of the
1368 colon, as in: -H "Host:". If you send the custom header with no-
1369 value then its header must be terminated with a semicolon, such
1370 as -H "X-Custom-Header;" to send "X-Custom-Header:".
1371 curl will make sure that each header you add/replace is sent
1373 with the proper end-of-line marker, you should thus not add that
1374 as a part of the header content: do not add newlines or carriage
1375 returns, they will only mess things up for you.
1376 This option can take an argument in @filename style, which then
1378 adds a header for each line in the input file. Using @- will
1379 make curl read the header file from stdin. Added in 7.55.0.
1380 You need --proxy-header to send custom headers intended for a
1382 HTTP proxy. Added in 7.37.0.
1383 Passing on a "Transfer-Encoding: chunked" header when doing a
1385 HTTP request with a request body, will make curl send the data
1386 using chunked encoding.
1387 Example:
1389 curl -H "X-First-Name: Joe" http://example.com/
1391 WARNING: headers set with this option will be set in all re‐
1393 quests - even after redirects are followed, like when told with
1394 -L, --location. This can lead to the header being sent to other
1395 hosts than the original host, so sensitive headers should be
1396 used with caution combined with following redirects.
1397 This option can be used multiple times to add/replace/remove
1399 multiple headers.
1400 See also -A, --user-agent and -e, --referer.
1402 -h, --help <category>
1404 Usage help. This lists all commands of the <category>. If no
1405 arg was provided, curl will display the most important command
1406 line arguments. If the argument "all" was provided, curl will
1407 display all options available. If the argument "category" was
1408 provided, curl will display all categories and their meanings.
1409 --hostpubmd5 <md5>
1411 (SFTP SCP) Pass a string containing 32 hexadecimal digits. The
1412 string should be the 128 bit MD5 checksum of the remote host's
1413 public key, curl will refuse the connection with the host unless
1414 the md5sums match.
1415 Added in 7.17.1.
1417 --hsts <file name>
1419 (HTTPS) WARNING: this option is experimental. Do not use in pro‐
1420 duction.
1421 This option enables HSTS for the transfer. If the file name
1423 points to an existing HSTS cache file, that will be used. After
1424 a completed transfer, the cache will be saved to the file name
1425 again if it has been modified.
1426 Specify a "" file name (zero length) to avoid loading/saving and
1428 make curl just handle HSTS in memory.
1429 If this option is used several times, curl will load contents
1431 from all the files but the last one will be used for saving.
1432 Added in 7.74.0.
1434 --http0.9
1436 (HTTP) Tells curl to be fine with HTTP version 0.9 response.
1437 HTTP/0.9 is a completely headerless response and therefore you
1439 can also connect with this to non-HTTP servers and still get a
1440 response since curl will simply transparently downgrade - if al‐
1441 lowed.
1442 Since curl 7.66.0, HTTP/0.9 is disabled by default.
1444 -0, --http1.0
1446 (HTTP) Tells curl to use HTTP version 1.0 instead of using its
1447 internally preferred HTTP version.
1448 This option overrides --http1.1 and --http2.
1450 --http1.1
1452 (HTTP) Tells curl to use HTTP version 1.1.
1453 This option overrides -0, --http1.0 and --http2. Added in
1455 7.33.0.
1456 --http2-prior-knowledge
1458 (HTTP) Tells curl to issue its non-TLS HTTP requests using
1459 HTTP/2 without HTTP/1.1 Upgrade. It requires prior knowledge
1460 that the server supports HTTP/2 straight away. HTTPS requests
1461 will still do HTTP/2 the standard way with negotiated protocol
1462 version in the TLS handshake.
1463 --http2-prior-knowledge requires that the underlying libcurl was
1465 built to support HTTP/2. This option overrides --http1.1 and -0,
1466 --http1.0 and --http2. Added in 7.49.0.
1467 --http2
1469 (HTTP) Tells curl to use HTTP version 2.
1470 See also --http1.1 and --http3. --http2 requires that the under‐
1472 lying libcurl was built to support HTTP/2. This option overrides
1473 --http1.1 and -0, --http1.0 and --http2-prior-knowledge. Added
1474 in 7.33.0.
1475 --http3
1477 (HTTP) WARNING: this option is experimental. Do not use in pro‐
1478 duction.
1479 Tells curl to use HTTP version 3 directly to the host and port
1481 number used in the URL. A normal HTTP/3 transaction will be done
1482 to a host and then get redirected via Alt-SVc, but this option
1483 allows a user to circumvent that when you know that the target
1484 speaks HTTP/3 on the given host and port.
1485 This option will make curl fail if a QUIC connection cannot be
1487 established, it cannot fall back to a lower HTTP version on its
1488 own.
1489 See also --http1.1 and --http2. --http3 requires that the under‐
1491 lying libcurl was built to support HTTP/3. This option overrides
1492 --http1.1 and -0, --http1.0 and --http2 and --http2-prior-knowl‐
1493 edge. Added in 7.66.0.
1494 --ignore-content-length
1496 (FTP HTTP) For HTTP, Ignore the Content-Length header. This is
1497 particularly useful for servers running Apache 1.x, which will
1498 report incorrect Content-Length for files larger than 2 giga‐
1499 bytes.
1500 For FTP (since 7.46.0), skip the RETR command to figure out the
1502 size before downloading a file.
1503 -i, --include
1505 Include the HTTP response headers in the output. The HTTP re‐
1506 sponse headers can include things like server name, cookies,
1507 date of the document, HTTP version and more...
1508 To view the request headers, consider the -v, --verbose option.
1510 See also -v, --verbose.
1512 -k, --insecure
1514 (TLS) By default, every SSL connection curl makes is verified to
1515 be secure. This option allows curl to proceed and operate even
1516 for server connections otherwise considered insecure.
1517 The server connection is verified by making sure the server's
1519 certificate contains the right name and verifies successfully
1520 using the cert store.
1521 See this online resource for further details:
1523 https://curl.se/docs/sslcerts.html
1524 See also --proxy-insecure and --cacert.
1526 --interface <name>
1528 Perform an operation using a specified interface. You can enter
1530 interface name, IP address or host name. An example could look
1531 like:
1532 curl --interface eth0:1 https://www.example.com/
1534 If this option is used several times, the last one will be used.
1536 On Linux it can be used to specify a VRF, but the binary needs
1538 to either have CAP_NET_RAW or to be run as root. More informa‐
1539 tion about Linux VRF: https://www.kernel.org/doc/Documenta‐
1540 tion/networking/vrf.txt
1541 See also --dns-interface.
1543 -4, --ipv4
1545 This option tells curl to resolve names to IPv4 addresses only,
1546 and not for example try IPv6.
1547 See also --http1.1 and --http2. This option overrides -6,
1549 --ipv6.
1550 -6, --ipv6
1552 This option tells curl to resolve names to IPv6 addresses only,
1553 and not for example try IPv4.
1554 See also --http1.1 and --http2. This option overrides -4,
1556 --ipv4.
1557 -j, --junk-session-cookies
1559 (HTTP) When curl is told to read cookies from a given file, this
1560 option will make it discard all "session cookies". This will ba‐
1561 sically have the same effect as if a new session is started.
1562 Typical browsers always discard session cookies when they're
1563 closed down.
1564 See also -b, --cookie and -c, --cookie-jar.
1566 --keepalive-time <seconds>
1568 This option sets the time a connection needs to remain idle be‐
1569 fore sending keepalive probes and the time between individual
1570 keepalive probes. It is currently effective on operating systems
1571 offering the TCP_KEEPIDLE and TCP_KEEPINTVL socket options
1572 (meaning Linux, recent AIX, HP-UX and more). This option has no
1573 effect if --no-keepalive is used.
1574 If this option is used several times, the last one will be used.
1576 If unspecified, the option defaults to 60 seconds.
1577 Added in 7.18.0.
1579 --key-type <type>
1581 (TLS) Private key file type. Specify which type your --key pro‐
1582 vided private key is. DER, PEM, and ENG are supported. If not
1583 specified, PEM is assumed.
1584 If this option is used several times, the last one will be used.
1586 --key <key>
1588 (TLS SSH) Private key file name. Allows you to provide your pri‐
1589 vate key in this separate file. For SSH, if not specified, curl
1590 tries the following candidates in order: '~/.ssh/id_rsa',
1591 '~/.ssh/id_dsa', './id_rsa', './id_dsa'.
1592 If curl is built against OpenSSL library, and the engine pkcs11
1594 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
1595 ify a private key located in a PKCS#11 device. A string begin‐
1596 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
1597 PKCS#11 URI is provided, then the --engine option will be set as
1598 "pkcs11" if none was provided and the --key-type option will be
1599 set as "ENG" if none was provided.
1600 If this option is used several times, the last one will be used.
1602 --krb <level>
1604 (FTP) Enable Kerberos authentication and use. The level must be
1605 entered and should be one of 'clear', 'safe', 'confidential', or
1606 'private'. Should you use a level that is not one of these,
1607 'private' will instead be used.
1608 If this option is used several times, the last one will be used.
1610 --krb requires that the underlying libcurl was built to support
1612 Kerberos.
1613 --libcurl <file>
1615 Append this option to any ordinary curl command line, and you
1616 will get a libcurl-using C source code written to the file that
1617 does the equivalent of what your command-line operation does!
1618 If this option is used several times, the last given file name
1620 will be used.
1621 Added in 7.16.1.
1623 --limit-rate <speed>
1625 Specify the maximum transfer rate you want curl to use - for
1626 both downloads and uploads. This feature is useful if you have a
1627 limited pipe and you'd like your transfer not to use your entire
1628 bandwidth. To make it slower than it otherwise would be.
1629 The given speed is measured in bytes/second, unless a suffix is
1631 appended. Appending 'k' or 'K' will count the number as kilo‐
1632 bytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it
1633 gigabytes. Examples: 200K, 3m and 1G.
1634 If you also use the -Y, --speed-limit option, that option will
1636 take precedence and might cripple the rate-limiting slightly, to
1637 help keeping the speed-limit logic working.
1638 If this option is used several times, the last one will be used.
1640 -l, --list-only
1642 (FTP POP3) (FTP) When listing an FTP directory, this switch
1643 forces a name-only view. This is especially useful if the user
1644 wants to machine-parse the contents of an FTP directory since
1645 the normal directory view doesn't use a standard look or format.
1646 When used like this, the option causes a NLST command to be sent
1647 to the server instead of LIST.
1648 Note: Some FTP servers list only files in their response to
1650 NLST; they do not include sub-directories and symbolic links.
1651 (POP3) When retrieving a specific email from POP3, this switch
1653 forces a LIST command to be performed instead of RETR. This is
1654 particularly useful if the user wants to see if a specific mes‐
1655 sage id exists on the server and what size it is.
1656 Note: When combined with -X, --request, this option can be used
1658 to send an UIDL command instead, so the user may use the email's
1659 unique identifier rather than it's message id to make the re‐
1660 quest.
1661 Added in 4.0.
1663 --local-port <num/range>
1665 Set a preferred single number or range (FROM-TO) of local port
1666 numbers to use for the connection(s). Note that port numbers by
1667 nature are a scarce resource that will be busy at times so set‐
1668 ting this range to something too narrow might cause unnecessary
1669 connection setup failures.
1670 Added in 7.15.2.
1672 --location-trusted
1674 (HTTP) Like -L, --location, but will allow sending the name +
1675 password to all hosts that the site may redirect to. This may or
1676 may not introduce a security breach if the site redirects you to
1677 a site to which you'll send your authentication info (which is
1678 plaintext in the case of HTTP Basic authentication).
1679 See also -u, --user.
1681 -L, --location
1683 (HTTP) If the server reports that the requested page has moved
1684 to a different location (indicated with a Location: header and a
1685 3XX response code), this option will make curl redo the request
1686 on the new place. If used together with -i, --include or -I,
1687 --head, headers from all requested pages will be shown. When au‐
1688 thentication is used, curl only sends its credentials to the
1689 initial host. If a redirect takes curl to a different host, it
1690 won't be able to intercept the user+password. See also --loca‐
1691 tion-trusted on how to change this. You can limit the amount of
1692 redirects to follow by using the --max-redirs option.
1693 When curl follows a redirect and if the request is a POST, it
1695 will do the following request with a GET if the HTTP response
1696 was 301, 302, or 303. If the response code was any other 3xx
1697 code, curl will re-send the following request using the same un‐
1698 modified method.
1699 You can tell curl to not change POST requests to GET after a 30x
1701 response by using the dedicated options for that: --post301,
1702 --post302 and --post303.
1703 The method set with -X, --request overrides the method curl
1705 would otherwise select to use.
1706 --login-options <options>
1708 (IMAP POP3 SMTP) Specify the login options to use during server
1709 authentication.
1710 You can use the login options to specify protocol specific op‐
1712 tions that may be used during authentication. At present only
1713 IMAP, POP3 and SMTP support login options. For more information
1714 about the login options please see RFC 2384, RFC 5092 and IETF
1715 draft draft-earhart-url-smtp-00.txt
1716 If this option is used several times, the last one will be used.
1718 Added in 7.34.0.
1720 --mail-auth <address>
1722 (SMTP) Specify a single address. This will be used to specify
1723 the authentication address (identity) of a submitted message
1724 that is being relayed to another server.
1725 See also --mail-rcpt and --mail-from. Added in 7.25.0.
1727 --mail-from <address>
1729 (SMTP) Specify a single address that the given mail should get
1730 sent from.
1731 See also --mail-rcpt and --mail-auth. Added in 7.20.0.
1733 --mail-rcpt-allowfails
1735 (SMTP) When sending data to multiple recipients, by default curl
1736 will abort SMTP conversation if at least one of the recipients
1737 causes RCPT TO command to return an error.
1738 The default behavior can be changed by passing --mail-rcpt-al‐
1740 lowfails command-line option which will make curl ignore errors
1741 and proceed with the remaining valid recipients.
1742 In case when all recipients cause RCPT TO command to fail, curl
1744 will abort SMTP conversation and return the error received from
1745 to the last RCPT TO command. Added in 7.69.0.
1746 --mail-rcpt <address>
1748 (SMTP) Specify a single address, user name or mailing list name.
1749 Repeat this option several times to send to multiple recipients.
1750 When performing a mail transfer, the recipient should specify a
1752 valid email address to send the mail to.
1753 When performing an address verification (VRFY command), the re‐
1755 cipient should be specified as the user name or user name and
1756 domain (as per Section 3.5 of RFC5321). (Added in 7.34.0)
1757 When performing a mailing list expand (EXPN command), the recip‐
1759 ient should be specified using the mailing list name, such as
1760 "Friends" or "London-Office". (Added in 7.34.0)
1761 Added in 7.20.0.
1763 -M, --manual
1765 Manual. Display the huge help text.
1766 --max-filesize <bytes>
1768 Specify the maximum size (in bytes) of a file to download. If
1769 the file requested is larger than this value, the transfer will
1770 not start and curl will return with exit code 63.
1771 A size modifier may be used. For example, Appending 'k' or 'K'
1773 will count the number as kilobytes, 'm' or 'M' makes it
1774 megabytes, while 'g' or 'G' makes it gigabytes. Examples: 200K,
1775 3m and 1G. (Added in 7.58.0)
1776 NOTE: The file size is not always known prior to download, and
1778 for such files this option has no effect even if the file trans‐
1779 fer ends up being larger than this given limit. This concerns
1780 both FTP and HTTP transfers.
1781 See also --limit-rate.
1783 --max-redirs <num>
1785 (HTTP) Set maximum number of redirection-followings allowed.
1786 When -L, --location is used, is used to prevent curl from fol‐
1787 lowing redirections too much. By default, the limit is set to 50
1788 redirections. Set this option to -1 to make it unlimited.
1789 If this option is used several times, the last one will be used.
1791 -m, --max-time <seconds>
1793 Maximum time in seconds that you allow the whole operation to
1794 take. This is useful for preventing your batch jobs from hang‐
1795 ing for hours due to slow networks or links going down. Since
1796 7.32.0, this option accepts decimal values, but the actual time‐
1797 out will decrease in accuracy as the specified timeout increases
1798 in decimal precision.
1799 If this option is used several times, the last one will be used.
1801 See also --connect-timeout.
1803 --metalink
1805 This option can tell curl to parse and process a given URI as
1806 Metalink file (both version 3 and 4 (RFC 5854) are supported)
1807 and make use of the mirrors listed within for failover if there
1808 are errors (such as the file or server not being available). It
1809 will also verify the hash of the file after the download com‐
1810 pletes. The Metalink file itself is downloaded and processed in
1811 memory and not stored in the local file system.
1812 Example to use a remote Metalink file:
1814 curl --metalink http://www.example.com/example.metalink
1816 To use a Metalink file in the local file system, use FILE proto‐
1818 col (file://):
1819 curl --metalink file:///example.metalink
1821 Please note that if FILE protocol is disabled, there is no way
1823 to use a local Metalink file at the time of this writing. Also
1824 note that if --metalink and -i, --include are used together,
1825 --include will be ignored. This is because including headers in
1826 the response will break Metalink parser and if the headers are
1827 included in the file described in Metalink file, hash check will
1828 fail.
1829 --metalink requires that the underlying libcurl was built to
1831 support metalink. Added in 7.27.0.
1832 --negotiate
1834 (HTTP) Enables Negotiate (SPNEGO) authentication.
1835 This option requires a library built with GSS-API or SSPI sup‐
1837 port. Use -V, --version to see if your curl supports GSS-
1838 API/SSPI or SPNEGO.
1839 When using this option, you must also provide a fake -u, --user
1841 option to activate the authentication code properly. Sending a
1842 '-u :' is enough as the user name and password from the -u,
1843 --user option aren't actually used.
1844 If this option is used several times, only the first one is
1846 used.
1847 See also --basic, --ntlm, --anyauth and --proxy-negotiate.
1849 --netrc-file <filename>
1851 This option is similar to -n, --netrc, except that you provide
1852 the path (absolute or relative) to the netrc file that curl
1853 should use. You can only specify one netrc file per invocation.
1854 If several --netrc-file options are provided, the last one will
1855 be used.
1856 It will abide by --netrc-optional if specified.
1858 This option overrides -n, --netrc. Added in 7.21.5.
1860 --netrc-optional
1862 Very similar to -n, --netrc, but this option makes the .netrc
1863 usage optional and not mandatory as the -n, --netrc option does.
1864 See also --netrc-file. This option overrides -n, --netrc.
1866 -n, --netrc
1868 Makes curl scan the .netrc (_netrc on Windows) file in the
1869 user's home directory for login name and password. This is typi‐
1870 cally used for FTP on Unix. If used with HTTP, curl will enable
1871 user authentication. See netrc(5) ftp(1) for details on the file
1872 format. Curl will not complain if that file doesn't have the
1873 right permissions (it should not be either world- or group-read‐
1874 able). The environment variable "HOME" is used to find the home
1875 directory.
1876 A quick and very simple example of how to setup a .netrc to al‐
1878 low curl to FTP to the machine host.domain.com with user name
1879 'myself' and password 'secret' should look similar to:
1880 machine host.domain.com login myself password secret
1882 -:, --next
1884 Tells curl to use a separate operation for the following URL and
1885 associated options. This allows you to send several URL re‐
1886 quests, each with their own specific options, for example, such
1887 as different user names or custom requests for each.
1888 -:, --next will reset all local options and only global ones
1890 will have their values survive over to the operation following
1891 the -:, --next instruction. Global options include -v, --ver‐
1892 bose, --trace, --trace-ascii and --fail-early.
1893 For example, you can do both a GET and a POST in a single com‐
1895 mand line:
1896 curl www1.example.com --next -d postthis www2.example.com
1898 Added in 7.36.0.
1900 --no-alpn
1902 (HTTPS) Disable the ALPN TLS extension. ALPN is enabled by de‐
1903 fault if libcurl was built with an SSL library that supports
1904 ALPN. ALPN is used by a libcurl that supports HTTP/2 to negoti‐
1905 ate HTTP/2 support with the server during https sessions.
1906 See also --no-npn and --http2. --no-alpn requires that the un‐
1908 derlying libcurl was built to support TLS. Added in 7.36.0.
1909 -N, --no-buffer
1911 Disables the buffering of the output stream. In normal work sit‐
1912 uations, curl will use a standard buffered output stream that
1913 will have the effect that it will output the data in chunks, not
1914 necessarily exactly when the data arrives. Using this option
1915 will disable that buffering.
1916 Note that this is the negated option name documented. You can
1918 thus use --buffer to enforce the buffering.
1919 --no-keepalive
1921 Disables the use of keepalive messages on the TCP connection.
1922 curl otherwise enables them by default.
1923 Note that this is the negated option name documented. You can
1925 thus use --keepalive to enforce keepalive.
1926 --no-npn
1928 (HTTPS) Disable the NPN TLS extension. NPN is enabled by default
1929 if libcurl was built with an SSL library that supports NPN. NPN
1930 is used by a libcurl that supports HTTP/2 to negotiate HTTP/2
1931 support with the server during https sessions.
1932 See also --no-alpn and --http2. --no-npn requires that the un‐
1934 derlying libcurl was built to support TLS. Added in 7.36.0.
1935 --no-progress-meter
1937 Option to switch off the progress meter output without muting or
1938 otherwise affecting warning and informational messages like -s,
1939 --silent does.
1940 Note that this is the negated option name documented. You can
1942 thus use --progress-meter to enable the progress meter again.
1943 See also -v, --verbose and -s, --silent. Added in 7.67.0.
1945 --no-sessionid
1947 (TLS) Disable curl's use of SSL session-ID caching. By default
1948 all transfers are done using the cache. Note that while nothing
1949 should ever get hurt by attempting to reuse SSL session-IDs,
1950 there seem to be broken SSL implementations in the wild that may
1951 require you to disable this in order for you to succeed.
1952 Note that this is the negated option name documented. You can
1954 thus use --sessionid to enforce session-ID caching.
1955 Added in 7.16.0.
1957 --noproxy <no-proxy-list>
1959 Comma-separated list of hosts which do not use a proxy, if one
1960 is specified. The only wildcard is a single * character, which
1961 matches all hosts, and effectively disables the proxy. Each name
1962 in this list is matched as either a domain which contains the
1963 hostname, or the hostname itself. For example, local.com would
1964 match local.com, local.com:80, and www.local.com, but not
1965 www.notlocal.com.
1966 Since 7.53.0, This option overrides the environment variables
1968 that disable the proxy. If there's an environment variable dis‐
1969 abling a proxy, you can set noproxy list to "" to override it.
1970 Added in 7.19.4.
1972 --ntlm-wb
1974 (HTTP) Enables NTLM much in the style --ntlm does, but hand over
1975 the authentication to the separate binary ntlmauth application
1976 that is executed when needed.
1977 See also --ntlm and --proxy-ntlm.
1979 --ntlm (HTTP) Enables NTLM authentication. The NTLM authentication
1981 method was designed by Microsoft and is used by IIS web servers.
1982 It is a proprietary protocol, reverse-engineered by clever peo‐
1983 ple and implemented in curl based on their efforts. This kind of
1984 behavior should not be endorsed, you should encourage everyone
1985 who uses NTLM to switch to a public and documented authentica‐
1986 tion method instead, such as Digest.
1987 If you want to enable NTLM for your proxy authentication, then
1989 use --proxy-ntlm.
1990 If this option is used several times, only the first one is
1992 used.
1993 See also --proxy-ntlm. --ntlm requires that the underlying
1995 libcurl was built to support TLS. This option overrides --basic
1996 and --negotiate and --digest and --anyauth.
1997 --oauth2-bearer <token>
1999 (IMAP POP3 SMTP HTTP) Specify the Bearer Token for OAUTH 2.0
2000 server authentication. The Bearer Token is used in conjunction
2001 with the user name which can be specified as part of the --url
2002 or -u, --user options.
2003 The Bearer Token and user name are formatted according to RFC
2005 6750.
2006 If this option is used several times, the last one will be used.
2008 --output-dir <dir>
2010 This option specifies the directory in which files should be
2012 stored, when -O, --remote-name or -o, --output are used.
2013 The given output directory is used for all URLs and output op‐
2015 tions on the command line, up until the first -:, --next.
2016 If the specified target directory doesn't exist, the operation
2018 will fail unless --create-dirs is also used.
2019 If this option is used multiple times, the last specified direc‐
2021 tory will be used.
2022 See also -O, --remote-name and -J, --remote-header-name. Added
2024 in 7.73.0.
2025 -o, --output <file>
2027 Write output to <file> instead of stdout. If you are using {} or
2028 [] to fetch multiple documents, you should quote the URL and you
2029 can use '#' followed by a number in the <file> specifier. That
2030 variable will be replaced with the current string for the URL
2031 being fetched. Like in:
2032 curl "http://{one,two}.example.com" -o "file_#1.txt"
2034 or use several variables like:
2036 curl "http://{site,host}.host[1-5].com" -o "#1_#2"
2038 You may use this option as many times as the number of URLs you
2040 have. For example, if you specify two URLs on the same command
2041 line, you can use it like this:
2042 curl -o aa example.com -o bb example.net
2044 and the order of the -o options and the URLs doesn't matter,
2046 just that the first -o is for the first URL and so on, so the
2047 above command line can also be written as
2048 curl example.com example.net -o aa -o bb
2050 See also the --create-dirs option to create the local directo‐
2052 ries dynamically. Specifying the output as '-' (a single dash)
2053 will force the output to be done to stdout.
2054 See also -O, --remote-name, --remote-name-all and -J, --remote-
2056 header-name.
2057 --parallel-immediate
2059 When doing parallel transfers, this option will instruct curl
2060 that it should rather prefer opening up more connections in par‐
2061 allel at once rather than waiting to see if new transfers can be
2062 added as multiplexed streams on another connection.
2063 See also -Z, --parallel and --parallel-max. Added in 7.68.0.
2065 --parallel-max
2067 When asked to do parallel transfers, using -Z, --parallel, this
2068 option controls the maximum amount of transfers to do simultane‐
2069 ously.
2070 The default is 50.
2072 See also -Z, --parallel. Added in 7.66.0.
2074 -Z, --parallel
2076 Makes curl perform its transfers in parallel as compared to the
2077 regular serial manner.
2078 Added in 7.66.0.
2080 --pass <phrase>
2082 (SSH TLS) Passphrase for the private key
2083 If this option is used several times, the last one will be used.
2085 --path-as-is
2087 Tell curl to not handle sequences of /../ or /./ in the given
2088 URL path. Normally curl will squash or merge them according to
2089 standards but with this option set you tell it not to do that.
2090 Added in 7.42.0.
2092 --pinnedpubkey <hashes>
2094 (TLS) Tells curl to use the specified public key file (or
2095 hashes) to verify the peer. This can be a path to a file which
2096 contains a single public key in PEM or DER format, or any number
2097 of base64 encoded sha256 hashes preceded by ´sha256//´ and sepa‐
2098 rated by ´;´
2099 When negotiating a TLS or SSL connection, the server sends a
2101 certificate indicating its identity. A public key is extracted
2102 from this certificate and if it does not exactly match the pub‐
2103 lic key provided to this option, curl will abort the connection
2104 before sending or receiving any data.
2105 PEM/DER support:
2107 7.39.0: OpenSSL, GnuTLS and GSKit
2108 7.43.0: NSS and wolfSSL
2109 7.47.0: mbedtls sha256 support:
2110 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL
2111 7.47.0: mbedtls Other SSL backends not supported.
2112 If this option is used several times, the last one will be used.
2114 --post301
2116 (HTTP) Tells curl to respect RFC 7231/6.4.2 and not convert POST
2117 requests into GET requests when following a 301 redirection. The
2118 non-RFC behavior is ubiquitous in web browsers, so curl does the
2119 conversion by default to maintain consistency. However, a server
2120 may require a POST to remain a POST after such a redirection.
2121 This option is meaningful only when using -L, --location.
2122 See also --post302, --post303 and -L, --location. Added in
2124 7.17.1.
2125 --post302
2127 (HTTP) Tells curl to respect RFC 7231/6.4.3 and not convert POST
2128 requests into GET requests when following a 302 redirection. The
2129 non-RFC behavior is ubiquitous in web browsers, so curl does the
2130 conversion by default to maintain consistency. However, a server
2131 may require a POST to remain a POST after such a redirection.
2132 This option is meaningful only when using -L, --location.
2133 See also --post301, --post303 and -L, --location. Added in
2135 7.19.1.
2136 --post303
2138 (HTTP) Tells curl to violate RFC 7231/6.4.4 and not convert POST
2139 requests into GET requests when following 303 redirections. A
2140 server may require a POST to remain a POST after a 303 redirect‐
2141 ion. This option is meaningful only when using -L, --location.
2142 See also --post302, --post301 and -L, --location. Added in
2144 7.26.0.
2145 --preproxy [protocol://]host[:port]
2147 Use the specified SOCKS proxy before connecting to an HTTP or
2148 HTTPS -x, --proxy. In such a case curl first connects to the
2149 SOCKS proxy and then connects (through SOCKS) to the HTTP or
2150 HTTPS proxy. Hence pre proxy.
2151 The pre proxy string should be specified with a protocol:// pre‐
2153 fix to specify alternative proxy protocols. Use socks4://,
2154 socks4a://, socks5:// or socks5h:// to request the specific
2155 SOCKS version to be used. No protocol specified will make curl
2156 default to SOCKS4.
2157 If the port number is not specified in the proxy string, it is
2159 assumed to be 1080.
2160 User and password that might be provided in the proxy string are
2162 URL decoded by curl. This allows you to pass in special charac‐
2163 ters such as @ by using %40 or pass in a colon with %3a.
2164 If this option is used several times, the last one will be used.
2166 Added in 7.52.0.
2168 -#, --progress-bar
2170 Make curl display transfer progress as a simple progress bar in‐
2171 stead of the standard, more informational, meter.
2172 This progress bar draws a single line of '#' characters across
2174 the screen and shows a percentage if the transfer size is known.
2175 For transfers without a known size, there will be space ship
2176 (-=o=-) that moves back and forth but only while data is being
2177 transferred, with a set of flying hash sign symbols on top.
2178 --proto-default <protocol>
2180 Tells curl to use protocol for any URL missing a scheme name.
2181 Example:
2183 curl --proto-default https ftp.mozilla.org
2185 An unknown or unsupported protocol causes error CURLE_UNSUP‐
2187 PORTED_PROTOCOL (1).
2188 This option does not change the default proxy protocol (http).
2190 Without this option curl would make a guess based on the host,
2192 see --url for details.
2193 Added in 7.45.0.
2195 --proto-redir <protocols>
2197 Tells curl to limit what protocols it may use on redirect. Pro‐
2198 tocols denied by --proto are not overridden by this option. See
2199 --proto for how protocols are represented.
2200 Example, allow only HTTP and HTTPS on redirect:
2202 curl --proto-redir -all,http,https http://example.com
2204 By default curl will allow HTTP, HTTPS, FTP and FTPS on redirect
2206 (7.65.2). Older versions of curl allowed all protocols on redi‐
2207 rect except several disabled for security reasons: Since 7.19.4
2208 FILE and SCP are disabled, and since 7.40.0 SMB and SMBS are
2209 also disabled. Specifying all or +all enables all protocols on
2210 redirect, including those disabled for security.
2211 Added in 7.20.2.
2213 --proto <protocols>
2215 Tells curl to limit what protocols it may use in the transfer.
2216 Protocols are evaluated left to right, are comma separated, and
2217 are each a protocol name or 'all', optionally prefixed by zero
2218 or more modifiers. Available modifiers are:
2219 + Permit this protocol in addition to protocols already permit‐
2221 ted (this is the default if no modifier is used).
2222 - Deny this protocol, removing it from the list of protocols
2224 already permitted.
2225 = Permit only this protocol (ignoring the list already permit‐
2227 ted), though subject to later modification by subsequent en‐
2228 tries in the comma separated list.
2229 For example:
2231 --proto -ftps uses the default protocols, but disables ftps
2233 --proto -all,https,+http
2235 only enables http and https
2236 --proto =http,https
2238 also only enables http and https
2239 Unknown protocols produce a warning. This allows scripts to safely rely
2241 on being able to disable potentially dangerous protocols, without rely‐
2242 ing upon support for that protocol being built into curl to avoid an
2243 error.
2244 This option can be used multiple times, in which case the effect is the
2246 same as concatenating the protocols into one instance of the option.
2247 See also --proto-redir and --proto-default. Added in 7.20.2.
2249 --proxy-anyauth
2251 Tells curl to pick a suitable authentication method when commu‐
2252 nicating with the given HTTP proxy. This might cause an extra
2253 request/response round-trip.
2254 See also -x, --proxy, --proxy-basic and --proxy-digest. Added in
2256 7.13.2.
2257 --proxy-basic
2259 Tells curl to use HTTP Basic authentication when communicating
2260 with the given proxy. Use --basic for enabling HTTP Basic with a
2261 remote host. Basic is the default authentication method curl
2262 uses with proxies.
2263 See also -x, --proxy, --proxy-anyauth and --proxy-digest.
2265 --proxy-cacert <file>
2267 Same as --cacert but used in HTTPS proxy context.
2268 See also --proxy-capath, --cacert, --capath and -x, --proxy.
2270 Added in 7.52.0.
2271 --proxy-capath <dir>
2273 Same as --capath but used in HTTPS proxy context.
2274 See also --proxy-cacert, -x, --proxy and --capath. Added in
2276 7.52.0.
2277 --proxy-cert-type <type>
2279 Same as --cert-type but used in HTTPS proxy context.
2280 Added in 7.52.0.
2282 --proxy-cert <cert[:passwd]>
2284 Same as -E, --cert but used in HTTPS proxy context.
2285 Added in 7.52.0.
2287 --proxy-ciphers <list>
2289 Same as --ciphers but used in HTTPS proxy context.
2290 Added in 7.52.0.
2292 --proxy-crlfile <file>
2294 Same as --crlfile but used in HTTPS proxy context.
2295 Added in 7.52.0.
2297 --proxy-digest
2299 Tells curl to use HTTP Digest authentication when communicating
2300 with the given proxy. Use --digest for enabling HTTP Digest with
2301 a remote host.
2302 See also -x, --proxy, --proxy-anyauth and --proxy-basic.
2304 --proxy-header <header/@file>
2306 (HTTP) Extra header to include in the request when sending HTTP
2307 to a proxy. You may specify any number of extra headers. This is
2308 the equivalent option to -H, --header but is for proxy communi‐
2309 cation only like in CONNECT requests when you want a separate
2310 header sent to the proxy to what is sent to the actual remote
2311 host.
2312 curl will make sure that each header you add/replace is sent
2314 with the proper end-of-line marker, you should thus not add that
2315 as a part of the header content: do not add newlines or carriage
2316 returns, they will only mess things up for you.
2317 Headers specified with this option will not be included in re‐
2319 quests that curl knows will not be sent to a proxy.
2320 Starting in 7.55.0, this option can take an argument in @file‐
2322 name style, which then adds a header for each line in the input
2323 file. Using @- will make curl read the header file from stdin.
2324 This option can be used multiple times to add/replace/remove
2326 multiple headers.
2327 Added in 7.37.0.
2329 --proxy-insecure
2331 Same as -k, --insecure but used in HTTPS proxy context.
2332 Added in 7.52.0.
2334 --proxy-key-type <type>
2336 Same as --key-type but used in HTTPS proxy context.
2337 Added in 7.52.0.
2339 --proxy-key <key>
2341 Same as --key but used in HTTPS proxy context.
2342 --proxy-negotiate
2344 Tells curl to use HTTP Negotiate (SPNEGO) authentication when
2345 communicating with the given proxy. Use --negotiate for enabling
2346 HTTP Negotiate (SPNEGO) with a remote host.
2347 See also --proxy-anyauth and --proxy-basic. Added in 7.17.1.
2349 --proxy-ntlm
2351 Tells curl to use HTTP NTLM authentication when communicating
2352 with the given proxy. Use --ntlm for enabling NTLM with a remote
2353 host.
2354 See also --proxy-negotiate and --proxy-anyauth.
2356 --proxy-pass <phrase>
2358 Same as --pass but used in HTTPS proxy context.
2359 Added in 7.52.0.
2361 --proxy-pinnedpubkey <hashes>
2363 (TLS) Tells curl to use the specified public key file (or
2364 hashes) to verify the proxy. This can be a path to a file which
2365 contains a single public key in PEM or DER format, or any number
2366 of base64 encoded sha256 hashes preceded by ´sha256//´ and sepa‐
2367 rated by ´;´
2368 When negotiating a TLS or SSL connection, the server sends a
2370 certificate indicating its identity. A public key is extracted
2371 from this certificate and if it does not exactly match the pub‐
2372 lic key provided to this option, curl will abort the connection
2373 before sending or receiving any data.
2374 If this option is used several times, the last one will be used.
2376 --proxy-service-name <name>
2378 This option allows you to change the service name for proxy ne‐
2379 gotiation.
2380 Added in 7.43.0.
2382 --proxy-ssl-allow-beast
2384 Same as --ssl-allow-beast but used in HTTPS proxy context.
2385 Added in 7.52.0.
2387 --proxy-tls13-ciphers <ciphersuite list>
2389 (TLS) Specifies which cipher suites to use in the connection to
2390 your HTTPS proxy when it negotiates TLS 1.3. The list of ciphers
2391 suites must specify valid ciphers. Read up on TLS 1.3 cipher
2392 suite details on this URL:
2393 https://curl.se/docs/ssl-ciphers.html
2395 This option is currently used only when curl is built to use
2397 OpenSSL 1.1.1 or later. If you are using a different SSL backend
2398 you can try setting TLS 1.3 cipher suites by using the --proxy-
2399 ciphers option.
2400 If this option is used several times, the last one will be used.
2402 --proxy-tlsauthtype <type>
2404 Same as --tlsauthtype but used in HTTPS proxy context.
2405 Added in 7.52.0.
2407 --proxy-tlspassword <string>
2409 Same as --tlspassword but used in HTTPS proxy context.
2410 Added in 7.52.0.
2412 --proxy-tlsuser <name>
2414 Same as --tlsuser but used in HTTPS proxy context.
2415 Added in 7.52.0.
2417 --proxy-tlsv1
2419 Same as -1, --tlsv1 but used in HTTPS proxy context.
2420 Added in 7.52.0.
2422 -U, --proxy-user <user:password>
2424 Specify the user name and password to use for proxy authentica‐
2425 tion.
2426 If you use a Windows SSPI-enabled curl binary and do either Ne‐
2428 gotiate or NTLM authentication then you can tell curl to select
2429 the user name and password from your environment by specifying a
2430 single colon with this option: "-U :".
2431 On systems where it works, curl will hide the given option argu‐
2433 ment from process listings. This is not enough to protect cre‐
2434 dentials from possibly getting seen by other users on the same
2435 system as they will still be visible for a brief moment before
2436 cleared. Such sensitive data should be retrieved from a file in‐
2437 stead or similar and never used in clear text in a command line.
2438 If this option is used several times, the last one will be used.
2440 -x, --proxy [protocol://]host[:port]
2442 Use the specified proxy.
2443 The proxy string can be specified with a protocol:// prefix. No
2445 protocol specified or http:// will be treated as HTTP proxy. Use
2446 socks4://, socks4a://, socks5:// or socks5h:// to request a spe‐
2447 cific SOCKS version to be used. (The protocol support was added
2448 in curl 7.21.7)
2449 HTTPS proxy support via https:// protocol prefix was added in
2451 7.52.0 for OpenSSL, GnuTLS and NSS.
2452 Unrecognized and unsupported proxy protocols cause an error
2454 since 7.52.0. Prior versions may ignore the protocol and use
2455 http:// instead.
2456 If the port number is not specified in the proxy string, it is
2458 assumed to be 1080.
2459 This option overrides existing environment variables that set
2461 the proxy to use. If there's an environment variable setting a
2462 proxy, you can set proxy to "" to override it.
2463 All operations that are performed over an HTTP proxy will trans‐
2465 parently be converted to HTTP. It means that certain protocol
2466 specific operations might not be available. This is not the case
2467 if you can tunnel through the proxy, as one with the -p, --prox‐
2468 ytunnel option.
2469 User and password that might be provided in the proxy string are
2471 URL decoded by curl. This allows you to pass in special charac‐
2472 ters such as @ by using %40 or pass in a colon with %3a.
2473 The proxy host can be specified the exact same way as the proxy
2475 environment variables, including the protocol prefix (http://)
2476 and the embedded user + password.
2477 If this option is used several times, the last one will be used.
2479 --proxy1.0 <host[:port]>
2481 Use the specified HTTP 1.0 proxy. If the port number is not
2482 specified, it is assumed at port 1080.
2483 The only difference between this and the HTTP proxy option -x,
2485 --proxy, is that attempts to use CONNECT through the proxy will
2486 specify an HTTP 1.0 protocol instead of the default HTTP 1.1.
2487 -p, --proxytunnel
2489 When an HTTP proxy is used -x, --proxy, this option will make
2490 curl tunnel through the proxy. The tunnel approach is made with
2491 the HTTP proxy CONNECT request and requires that the proxy al‐
2492 lows direct connect to the remote port number curl wants to tun‐
2493 nel through to.
2494 To suppress proxy CONNECT response headers when curl is set to
2496 output headers use --suppress-connect-headers.
2497 See also -x, --proxy.
2499 --pubkey <key>
2501 (SFTP SCP) Public key file name. Allows you to provide your pub‐
2502 lic key in this separate file.
2503 If this option is used several times, the last one will be used.
2505 (As of 7.39.0, curl attempts to automatically extract the public
2507 key from the private key file, so passing this option is gener‐
2508 ally not required. Note that this public key extraction requires
2509 libcurl to be linked against a copy of libssh2 1.2.8 or higher
2510 that is itself linked against OpenSSL.)
2511 -Q, --quote
2513 (FTP SFTP) Send an arbitrary command to the remote FTP or SFTP
2514 server. Quote commands are sent BEFORE the transfer takes place
2515 (just after the initial PWD command in an FTP transfer, to be
2516 exact). To make commands take place after a successful transfer,
2517 prefix them with a dash '-'. To make commands be sent after
2518 curl has changed the working directory, just before the transfer
2519 command(s), prefix the command with a '+' (this is only sup‐
2520 ported for FTP). You may specify any number of commands.
2521 If the server returns failure for one of the commands, the en‐
2523 tire operation will be aborted. You must send syntactically cor‐
2524 rect FTP commands as RFC 959 defines to FTP servers, or one of
2525 the commands listed below to SFTP servers.
2526 Prefix the command with an asterisk (*) to make curl continue
2528 even if the command fails as by default curl will stop at first
2529 failure.
2530 This option can be used multiple times.
2532 SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP
2534 quote commands itself before sending them to the server. File
2535 names may be quoted shell-style to embed spaces or special char‐
2536 acters. Following is the list of all supported SFTP quote com‐
2537 mands:
2538 atime date file
2540 The atime command sets the last access time of the file
2541 named by the file operand. The <date expression> can be
2542 all sorts of date strings, see the curl_getdate(3) man
2543 page for date expression details. (Added in 7.73.0)
2544 chgrp group file
2546 The chgrp command sets the group ID of the file named by
2547 the file operand to the group ID specified by the group
2548 operand. The group operand is a decimal integer group ID.
2549 chmod mode file
2551 The chmod command modifies the file mode bits of the
2552 specified file. The mode operand is an octal integer mode
2553 number.
2554 chown user file
2556 The chown command sets the owner of the file named by the
2557 file operand to the user ID specified by the user oper‐
2558 and. The user operand is a decimal integer user ID.
2559 ln source_file target_file
2561 The ln and symlink commands create a symbolic link at the
2562 target_file location pointing to the source_file loca‐
2563 tion.
2564 mkdir directory_name
2566 The mkdir command creates the directory named by the di‐
2567 rectory_name operand.
2568 mtime date file
2570 The mtime command sets the last modification time of the
2571 file named by the file operand. The <date expression> can
2572 be all sorts of date strings, see the curl_getdate(3) man
2573 page for date expression details. (Added in 7.73.0)
2574 pwd The pwd command returns the absolute pathname of the cur‐
2576 rent working directory.
2577 rename source target
2579 The rename command renames the file or directory named by
2580 the source operand to the destination path named by the
2581 target operand.
2582 rm file
2584 The rm command removes the file specified by the file op‐
2585 erand.
2586 rmdir directory
2588 The rmdir command removes the directory entry specified
2589 by the directory operand, provided it is empty.
2590 symlink source_file target_file
2592 See ln.
2593 --random-file <file>
2595 Specify the path name to file containing what will be considered
2596 as random data. The data may be used to seed the random engine
2597 for SSL connections. See also the --egd-file option.
2598 -r, --range <range>
2600 (HTTP FTP SFTP FILE) Retrieve a byte range (i.e. a partial docu‐
2601 ment) from an HTTP/1.1, FTP or SFTP server or a local FILE.
2602 Ranges can be specified in a number of ways.
2603 0-499 specifies the first 500 bytes
2605 500-999 specifies the second 500 bytes
2607 -500 specifies the last 500 bytes
2609 9500- specifies the bytes from offset 9500 and forward
2611 0-0,-1 specifies the first and last byte only(*)(HTTP)
2613 100-199,500-599
2615 specifies two separate 100-byte ranges(*) (HTTP)
2616 (*) = NOTE that this will cause the server to reply with a mul‐
2618 tipart response, which will be returned as-is by curl! Parsing
2619 or otherwise transforming this response is the responsibility of
2620 the caller.
2621 Only digit characters (0-9) are valid in the 'start' and 'stop'
2623 fields of the 'start-stop' range syntax. If a non-digit charac‐
2624 ter is given in the range, the server's response will be unspec‐
2625 ified, depending on the server's configuration.
2626 You should also be aware that many HTTP/1.1 servers do not have
2628 this feature enabled, so that when you attempt to get a range,
2629 you'll instead get the whole document.
2630 FTP and SFTP range downloads only support the simple 'start-
2632 stop' syntax (optionally with one of the numbers omitted). FTP
2633 use depends on the extended FTP command SIZE.
2634 If this option is used several times, the last one will be used.
2636 --raw (HTTP) When used, it disables all internal HTTP decoding of con‐
2638 tent or transfer encodings and instead makes them passed on un‐
2639 altered, raw.
2640 Added in 7.16.2.
2642 -e, --referer <URL>
2644 (HTTP) Sends the "Referrer Page" information to the HTTP server.
2645 This can also be set with the -H, --header flag of course. When
2646 used with -L, --location you can append ";auto" to the -e,
2647 --referer URL to make curl automatically set the previous URL
2648 when it follows a Location: header. The ";auto" string can be
2649 used alone, even if you don't set an initial -e, --referer.
2650 If this option is used several times, the last one will be used.
2652 See also -A, --user-agent and -H, --header.
2654 -J, --remote-header-name
2656 (HTTP) This option tells the -O, --remote-name option to use the
2657 server-specified Content-Disposition filename instead of ex‐
2658 tracting a filename from the URL.
2659 If the server specifies a file name and a file with that name
2661 already exists in the current working directory it will not be
2662 overwritten and an error will occur. If the server doesn't spec‐
2663 ify a file name then this option has no effect.
2664 There's no attempt to decode %-sequences (yet) in the provided
2666 file name, so this option may provide you with rather unexpected
2667 file names.
2668 WARNING: Exercise judicious use of this option, especially on
2670 Windows. A rogue server could send you the name of a DLL or
2671 other file that could possibly be loaded automatically by Win‐
2672 dows or some third party software.
2673 --remote-name-all
2675 This option changes the default action for all given URLs to be
2676 dealt with as if -O, --remote-name were used for each one. So if
2677 you want to disable that for a specific URL after --remote-name-
2678 all has been used, you must use "-o -" or --no-remote-name.
2679 Added in 7.19.0.
2681 -O, --remote-name
2683 Write output to a local file named like the remote file we get.
2684 (Only the file part of the remote file is used, the path is cut
2685 off.)
2686 The file will be saved in the current working directory. If you
2688 want the file saved in a different directory, make sure you
2689 change the current working directory before invoking curl with
2690 this option.
2691 The remote file name to use for saving is extracted from the
2693 given URL, nothing else, and if it already exists it will be
2694 overwritten. If you want the server to be able to choose the
2695 file name refer to -J, --remote-header-name which can be used in
2696 addition to this option. If the server chooses a file name and
2697 that name already exists it will not be overwritten.
2698 There is no URL decoding done on the file name. If it has %20 or
2700 other URL encoded parts of the name, they will end up as-is as
2701 file name.
2702 You may use this option as many times as the number of URLs you
2704 have.
2705 -R, --remote-time
2707 When used, this will make curl attempt to figure out the time‐
2708 stamp of the remote file, and if that is available make the lo‐
2709 cal file get that same timestamp.
2710 --request-target
2712 (HTTP) Tells curl to use an alternative "target" (path) instead
2713 of using the path as provided in the URL. Particularly useful
2714 when wanting to issue HTTP requests without leading slash or
2715 other data that doesn't follow the regular URL pattern, like
2716 "OPTIONS *".
2717 Added in 7.55.0.
2719 -X, --request <command>
2721 (HTTP) Specifies a custom request method to use when communicat‐
2722 ing with the HTTP server. The specified request method will be
2723 used instead of the method otherwise used (which defaults to
2724 GET). Read the HTTP 1.1 specification for details and explana‐
2725 tions. Common additional HTTP requests include PUT and DELETE,
2726 but related technologies like WebDAV offers PROPFIND, COPY, MOVE
2727 and more.
2728 Normally you don't need this option. All sorts of GET, HEAD,
2730 POST and PUT requests are rather invoked by using dedicated com‐
2731 mand line options.
2732 This option only changes the actual word used in the HTTP re‐
2734 quest, it does not alter the way curl behaves. So for example if
2735 you want to make a proper HEAD request, using -X HEAD will not
2736 suffice. You need to use the -I, --head option.
2737 The method string you set with -X, --request will be used for
2739 all requests, which if you for example use -L, --location may
2740 cause unintended side-effects when curl doesn't change request
2741 method according to the HTTP 30x response codes - and similar.
2742 (FTP) Specifies a custom FTP command to use instead of LIST when
2744 doing file lists with FTP.
2745 (POP3) Specifies a custom POP3 command to use instead of LIST or
2747 RETR. (Added in 7.26.0)
2748 (IMAP) Specifies a custom IMAP command to use instead of LIST.
2750 (Added in 7.30.0)
2751 (SMTP) Specifies a custom SMTP command to use instead of HELP or
2753 VRFY. (Added in 7.34.0)
2754 If this option is used several times, the last one will be used.
2756 --resolve <[+]host:port:addr[,addr]...>
2758 Provide a custom address for a specific host and port pair. Us‐
2759 ing this, you can make the curl requests(s) use a specified ad‐
2760 dress and prevent the otherwise normally resolved address to be
2761 used. Consider it a sort of /etc/hosts alternative provided on
2762 the command line. The port number should be the number used for
2763 the specific protocol the host will be used for. It means you
2764 need several entries if you want to provide address for the same
2765 host but different ports.
2766 By specifying '*' as host you can tell curl to resolve any host
2768 and specific port pair to the specified address. Wildcard is re‐
2769 solved last so any --resolve with a specific host and port will
2770 be used first.
2771 The provided address set by this option will be used even if -4,
2773 --ipv4 or -6, --ipv6 is set to make curl use another IP version.
2774 By prefixing the host with a '+' you can make the entry time out
2776 after curl's default timeout (1 minute). Note that this will
2777 only make sense for long running parallel transfers with a lot
2778 of files. In such cases, if this option is used curl will try to
2779 resolve the host as it normally would once the timeout has ex‐
2780 pired.
2781 Support for providing the IP address within [brackets] was added
2783 in 7.57.0.
2784 Support for providing multiple IP addresses per entry was added
2786 in 7.59.0.
2787 Support for resolving with wildcard was added in 7.64.0.
2789 Support for the '+' prefix was was added in 7.75.0.
2791 This option can be used many times to add many host names to re‐
2793 solve.
2794 Added in 7.21.3.
2796 --retry-all-errors
2798 Retry on any error. This option is used together with --retry.
2799 This option is the "sledgehammer" of retrying. Do not use this
2801 option by default (eg in curlrc), there may be unintended conse‐
2802 quences such as sending or receiving duplicate data. Do not use
2803 with redirected input or output. You'd be much better off han‐
2804 dling your unique problems in shell script. Please read the ex‐
2805 ample below.
2806 Warning: For server compatibility curl attempts to retry failed
2808 flaky transfers as close as possible to how they were started,
2809 but this is not possible with redirected input or output. For
2810 example, before retrying it removes output data from a failed
2811 partial transfer that was written to an output file. However
2812 this is not true of data redirected to a | pipe or > file, which
2813 are not reset. We strongly suggest don't parse or record output
2814 via redirect in combination with this option, since you may re‐
2815 ceive duplicate data.
2816 By default curl will not error on an HTTP response code that in‐
2818 dicates an HTTP error, if the transfer was successful. For exam‐
2819 ple, if a server replies 404 Not Found and the reply is fully
2820 received then that is not an error. When --retry is used then
2821 curl will retry on some HTTP response codes that indicate tran‐
2822 sient HTTP errors, but that does not include most 4xx response
2823 codes such as 404. If you want to retry on all response codes
2824 that indicate HTTP errors (4xx and 5xx) then combine with -f,
2825 --fail.
2826 Added in 7.71.0.
2828 --retry-connrefused
2830 In addition to the other conditions, consider ECONNREFUSED as a
2831 transient error too for --retry. This option is used together
2832 with --retry.
2833 Added in 7.52.0.
2835 --retry-delay <seconds>
2837 Make curl sleep this amount of time before each retry when a
2838 transfer has failed with a transient error (it changes the de‐
2839 fault backoff time algorithm between retries). This option is
2840 only interesting if --retry is also used. Setting this delay to
2841 zero will make curl use the default backoff time.
2842 If this option is used several times, the last one will be used.
2844 Added in 7.12.3.
2846 --retry-max-time <seconds>
2848 The retry timer is reset before the first transfer attempt. Re‐
2849 tries will be done as usual (see --retry) as long as the timer
2850 hasn't reached this given limit. Notice that if the timer hasn't
2851 reached the limit, the request will be made and while perform‐
2852 ing, it may take longer than this given time period. To limit a
2853 single request´s maximum time, use -m, --max-time. Set this op‐
2854 tion to zero to not timeout retries.
2855 If this option is used several times, the last one will be used.
2857 Added in 7.12.3.
2859 --retry <num>
2861 If a transient error is returned when curl tries to perform a
2862 transfer, it will retry this number of times before giving up.
2863 Setting the number to 0 makes curl do no retries (which is the
2864 default). Transient error means either: a timeout, an FTP 4xx
2865 response code or an HTTP 408, 429, 500, 502, 503 or 504 response
2866 code.
2867 When curl is about to retry a transfer, it will first wait one
2869 second and then for all forthcoming retries it will double the
2870 waiting time until it reaches 10 minutes which then will be the
2871 delay between the rest of the retries. By using --retry-delay
2872 you disable this exponential backoff algorithm. See also
2873 --retry-max-time to limit the total time allowed for retries.
2874 Since curl 7.66.0, curl will comply with the Retry-After: re‐
2876 sponse header if one was present to know when to issue the next
2877 retry.
2878 If this option is used several times, the last one will be used.
2880 Added in 7.12.3.
2882 --sasl-authzid <identity>
2884 Use this authorisation identity (authzid), during SASL PLAIN au‐
2885 thentication, in addition to the authentication identity (auth‐
2886 cid) as specified by -u, --user.
2887 If the option isn't specified, the server will derive the au‐
2889 thzid from the authcid, but if specified, and depending on the
2890 server implementation, it may be used to access another user's
2891 inbox, that the user has been granted access to, or a shared
2892 mailbox for example.
2893 Added in 7.66.0.
2895 --sasl-ir
2897 Enable initial response in SASL authentication.
2898 Added in 7.31.0.
2900 --service-name <name>
2902 This option allows you to change the service name for SPNEGO.
2903 Examples: --negotiate --service-name sockd would use
2905 sockd/server-name.
2906 Added in 7.43.0.
2908 -S, --show-error
2910 When used with -s, --silent, it makes curl show an error message
2911 if it fails.
2912 See also --no-progress-meter.
2914 -s, --silent
2916 Silent or quiet mode. Don't show progress meter or error mes‐
2917 sages. Makes Curl mute. It will still output the data you ask
2918 for, potentially even to the terminal/stdout unless you redirect
2919 it.
2920 Use -S, --show-error in addition to this option to disable
2922 progress meter but still show error messages.
2923 See also -v, --verbose, --stderr and --no-progress-meter.
2925 --socks4 <host[:port]>
2927 Use the specified SOCKS4 proxy. If the port number is not speci‐
2928 fied, it is assumed at port 1080.
2929 This option overrides any previous use of -x, --proxy, as they
2931 are mutually exclusive.
2932 Since 7.21.7, this option is superfluous since you can specify a
2934 socks4 proxy with -x, --proxy using a socks4:// protocol prefix.
2935 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2937 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2938 such a case curl first connects to the SOCKS proxy and then con‐
2939 nects (through SOCKS) to the HTTP or HTTPS proxy.
2940 If this option is used several times, the last one will be used.
2942 Added in 7.15.2.
2944 --socks4a <host[:port]>
2946 Use the specified SOCKS4a proxy. If the port number is not spec‐
2947 ified, it is assumed at port 1080.
2948 This option overrides any previous use of -x, --proxy, as they
2950 are mutually exclusive.
2951 Since 7.21.7, this option is superfluous since you can specify a
2953 socks4a proxy with -x, --proxy using a socks4a:// protocol pre‐
2954 fix.
2955 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2957 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2958 such a case curl first connects to the SOCKS proxy and then con‐
2959 nects (through SOCKS) to the HTTP or HTTPS proxy.
2960 If this option is used several times, the last one will be used.
2962 Added in 7.18.0.
2964 --socks5-basic
2966 Tells curl to use username/password authentication when connect‐
2967 ing to a SOCKS5 proxy. The username/password authentication is
2968 enabled by default. Use --socks5-gssapi to force GSS-API au‐
2969 thentication to SOCKS5 proxies.
2970 Added in 7.55.0.
2972 --socks5-gssapi-nec
2974 As part of the GSS-API negotiation a protection mode is negoti‐
2975 ated. RFC 1961 says in section 4.3/4.4 it should be protected,
2976 but the NEC reference implementation does not. The option
2977 --socks5-gssapi-nec allows the unprotected exchange of the pro‐
2978 tection mode negotiation.
2979 Added in 7.19.4.
2981 --socks5-gssapi-service <name>
2983 The default service name for a socks server is rcmd/server-fqdn.
2984 This option allows you to change it.
2985 Examples: --socks5 proxy-name --socks5-gssapi-service sockd
2987 would use sockd/proxy-name --socks5 proxy-name --socks5-gssapi-
2988 service sockd/real-name would use sockd/real-name for cases
2989 where the proxy-name does not match the principal name.
2990 Added in 7.19.4.
2992 --socks5-gssapi
2994 Tells curl to use GSS-API authentication when connecting to a
2995 SOCKS5 proxy. The GSS-API authentication is enabled by default
2996 (if curl is compiled with GSS-API support). Use --socks5-basic
2997 to force username/password authentication to SOCKS5 proxies.
2998 Added in 7.55.0.
3000 --socks5-hostname <host[:port]>
3002 Use the specified SOCKS5 proxy (and let the proxy resolve the
3003 host name). If the port number is not specified, it is assumed
3004 at port 1080.
3005 This option overrides any previous use of -x, --proxy, as they
3007 are mutually exclusive.
3008 Since 7.21.7, this option is superfluous since you can specify a
3010 socks5 hostname proxy with -x, --proxy using a socks5h:// proto‐
3011 col prefix.
3012 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
3014 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
3015 such a case curl first connects to the SOCKS proxy and then con‐
3016 nects (through SOCKS) to the HTTP or HTTPS proxy.
3017 If this option is used several times, the last one will be used.
3019 Added in 7.18.0.
3021 --socks5 <host[:port]>
3023 Use the specified SOCKS5 proxy - but resolve the host name lo‐
3024 cally. If the port number is not specified, it is assumed at
3025 port 1080.
3026 This option overrides any previous use of -x, --proxy, as they
3028 are mutually exclusive.
3029 Since 7.21.7, this option is superfluous since you can specify a
3031 socks5 proxy with -x, --proxy using a socks5:// protocol prefix.
3032 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
3034 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
3035 such a case curl first connects to the SOCKS proxy and then con‐
3036 nects (through SOCKS) to the HTTP or HTTPS proxy.
3037 If this option is used several times, the last one will be used.
3039 This option (as well as --socks4) does not work with IPV6, FTPS
3041 or LDAP.
3042 Added in 7.18.0.
3044 -Y, --speed-limit <speed>
3046 If a download is slower than this given speed (in bytes per sec‐
3047 ond) for speed-time seconds it gets aborted. speed-time is set
3048 with -y, --speed-time and is 30 if not set.
3049 If this option is used several times, the last one will be used.
3051 -y, --speed-time <seconds>
3053 If a download is slower than speed-limit bytes per second during
3054 a speed-time period, the download gets aborted. If speed-time is
3055 used, the default speed-limit will be 1 unless set with -Y,
3056 --speed-limit.
3057 This option controls transfers and thus will not affect slow
3059 connects etc. If this is a concern for you, try the --connect-
3060 timeout option.
3061 If this option is used several times, the last one will be used.
3063 --ssl-allow-beast
3065 This option tells curl to not work around a security flaw in the
3066 SSL3 and TLS1.0 protocols known as BEAST. If this option isn't
3067 used, the SSL layer may use workarounds known to cause interop‐
3068 erability problems with some older SSL implementations. WARNING:
3069 this option loosens the SSL security, and by using this flag you
3070 ask for exactly that.
3071 Added in 7.25.0.
3073 --ssl-no-revoke
3075 (Schannel) This option tells curl to disable certificate revoca‐
3076 tion checks. WARNING: this option loosens the SSL security, and
3077 by using this flag you ask for exactly that.
3078 Added in 7.44.0.
3080 --ssl-reqd
3082 (FTP IMAP POP3 SMTP) Require SSL/TLS for the connection. Termi‐
3083 nates the connection if the server doesn't support SSL/TLS.
3084 This option was formerly known as --ftp-ssl-reqd.
3086 Added in 7.20.0.
3088 --ssl-revoke-best-effort
3090 (Schannel) This option tells curl to ignore certificate revoca‐
3091 tion checks when they failed due to missing/offline distribution
3092 points for the revocation check lists.
3093 Added in 7.70.0.
3095 --ssl (FTP IMAP POP3 SMTP) Try to use SSL/TLS for the connection. Re‐
3097 verts to a non-secure connection if the server doesn't support
3098 SSL/TLS. See also --ftp-ssl-control and --ssl-reqd for differ‐
3099 ent levels of encryption required.
3100 This option was formerly known as --ftp-ssl (Added in 7.11.0).
3102 That option name can still be used but will be removed in a fu‐
3103 ture version.
3104 Added in 7.20.0.
3106 -2, --sslv2
3108 (SSL) Forces curl to use SSL version 2 when negotiating with a
3109 remote SSL server. Sometimes curl is built without SSLv2 sup‐
3110 port. SSLv2 is widely considered insecure (see RFC 6176).
3111 See also --http1.1 and --http2. -2, --sslv2 requires that the
3113 underlying libcurl was built to support TLS. This option over‐
3114 rides -3, --sslv3 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
3115 -3, --sslv3
3117 (SSL) Forces curl to use SSL version 3 when negotiating with a
3118 remote SSL server. Sometimes curl is built without SSLv3 sup‐
3119 port. SSLv3 is widely considered insecure (see RFC 7568).
3120 See also --http1.1 and --http2. -3, --sslv3 requires that the
3122 underlying libcurl was built to support TLS. This option over‐
3123 rides -2, --sslv2 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
3124 --stderr <file>
3126 Redirect all writes to stderr to the specified file instead. If
3127 the file name is a plain '-', it is instead written to stdout.
3128 If this option is used several times, the last one will be used.
3130 See also -v, --verbose and -s, --silent.
3132 --styled-output
3134 Enables the automatic use of bold font styles when writing HTTP
3135 headers to the terminal. Use --no-styled-output to switch them
3136 off.
3137 Added in 7.61.0.
3139 --suppress-connect-headers
3141 When -p, --proxytunnel is used and a CONNECT request is made
3142 don't output proxy CONNECT response headers. This option is
3143 meant to be used with -D, --dump-header or -i, --include which
3144 are used to show protocol headers in the output. It has no ef‐
3145 fect on debug options such as -v, --verbose or --trace, or any
3146 statistics.
3147 See also -D, --dump-header, -i, --include and -p, --proxytunnel.
3149 --tcp-fastopen
3151 Enable use of TCP Fast Open (RFC7413).
3152 Added in 7.49.0.
3154 --tcp-nodelay
3156 Turn on the TCP_NODELAY option. See the curl_easy_setopt(3) man
3157 page for details about this option.
3158 Since 7.50.2, curl sets this option by default and you need to
3160 explicitly switch it off if you don't want it on.
3161 Added in 7.11.2.
3163 -t, --telnet-option <opt=val>
3165 Pass options to the telnet protocol. Supported options are:
3166 TTYPE=<term> Sets the terminal type.
3168 XDISPLOC=<X display> Sets the X display location.
3170 NEW_ENV=<var,val> Sets an environment variable.
3172 --tftp-blksize <value>
3174 (TFTP) Set TFTP BLKSIZE option (must be >512). This is the block
3175 size that curl will try to use when transferring data to or from
3176 a TFTP server. By default 512 bytes will be used.
3177 If this option is used several times, the last one will be used.
3179 Added in 7.20.0.
3181 --tftp-no-options
3183 (TFTP) Tells curl not to send TFTP options requests.
3184 This option improves interop with some legacy servers that do
3186 not acknowledge or properly implement TFTP options. When this
3187 option is used --tftp-blksize is ignored.
3188 Added in 7.48.0.
3190 -z, --time-cond <time>
3192 (HTTP FTP) Request a file that has been modified later than the
3193 given time and date, or one that has been modified before that
3194 time. The <date expression> can be all sorts of date strings or
3195 if it doesn't match any internal ones, it is taken as a filename
3196 and tries to get the modification date (mtime) from <file> in‐
3197 stead. See the curl_getdate(3) man pages for date expression de‐
3198 tails.
3199 Start the date expression with a dash (-) to make it request for
3201 a document that is older than the given date/time, default is a
3202 document that is newer than the specified date/time.
3203 If this option is used several times, the last one will be used.
3205 --tls-max <VERSION>
3207 (SSL) VERSION defines maximum supported TLS version. The minimum
3208 acceptable version is set by tlsv1.0, tlsv1.1, tlsv1.2 or
3209 tlsv1.3.
3210 If the connection is done without TLS, this option has no ef‐
3212 fect. This includes QUIC-using (HTTP/3) transfers.
3213 default
3216 Use up to recommended TLS version.
3217 1.0 Use up to TLSv1.0.
3219 1.1 Use up to TLSv1.1.
3221 1.2 Use up to TLSv1.2.
3223 1.3 Use up to TLSv1.3.
3225 See also --tlsv1.0, --tlsv1.1, --tlsv1.2 and --tlsv1.3. --tls-max re‐
3227 quires that the underlying libcurl was built to support TLS. Added in
3228 7.54.0.
3229 --tls13-ciphers <ciphersuite list>
3231 (TLS) Specifies which cipher suites to use in the connection if
3232 it negotiates TLS 1.3. The list of ciphers suites must specify
3233 valid ciphers. Read up on TLS 1.3 cipher suite details on this
3234 URL:
3235 https://curl.se/docs/ssl-ciphers.html
3237 This option is currently used only when curl is built to use
3239 OpenSSL 1.1.1 or later. If you are using a different SSL backend
3240 you can try setting TLS 1.3 cipher suites by using the --ciphers
3241 option.
3242 If this option is used several times, the last one will be used.
3244 --tlsauthtype <type>
3246 Set TLS authentication type. Currently, the only supported op‐
3247 tion is "SRP", for TLS-SRP (RFC 5054). If --tlsuser and
3248 --tlspassword are specified but --tlsauthtype is not, then this
3249 option defaults to "SRP". This option works only if the under‐
3250 lying libcurl is built with TLS-SRP support, which requires
3251 OpenSSL or GnuTLS with TLS-SRP support.
3252 Added in 7.21.4.
3254 --tlspassword
3256 Set password for use with the TLS authentication method speci‐
3257 fied with --tlsauthtype. Requires that --tlsuser also be set.
3258 This doesn't work with TLS 1.3.
3260 Added in 7.21.4.
3262 --tlsuser <name>
3264 Set username for use with the TLS authentication method speci‐
3265 fied with --tlsauthtype. Requires that --tlspassword also is
3266 set.
3267 This doesn't work with TLS 1.3.
3269 Added in 7.21.4.
3271 --tlsv1.0
3273 (TLS) Forces curl to use TLS version 1.0 or later when connect‐
3274 ing to a remote TLS server.
3275 In old versions of curl this option was documented to allow
3277 _only_ TLS 1.0, but behavior was inconsistent depending on the
3278 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
3279 sion.
3280 Added in 7.34.0.
3282 --tlsv1.1
3284 (TLS) Forces curl to use TLS version 1.1 or later when connect‐
3285 ing to a remote TLS server.
3286 In old versions of curl this option was documented to allow
3288 _only_ TLS 1.1, but behavior was inconsistent depending on the
3289 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
3290 sion.
3291 Added in 7.34.0.
3293 --tlsv1.2
3295 (TLS) Forces curl to use TLS version 1.2 or later when connect‐
3296 ing to a remote TLS server.
3297 In old versions of curl this option was documented to allow
3299 _only_ TLS 1.2, but behavior was inconsistent depending on the
3300 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
3301 sion.
3302 Added in 7.34.0.
3304 --tlsv1.3
3306 (TLS) Forces curl to use TLS version 1.3 or later when connect‐
3307 ing to a remote TLS server.
3308 If the connection is done without TLS, this option has no ef‐
3310 fect. This includes QUIC-using (HTTP/3) transfers.
3311 Note that TLS 1.3 is not supported by all TLS backends.
3313 Added in 7.52.0.
3315 -1, --tlsv1
3317 (SSL) Tells curl to use at least TLS version 1.x when negotiat‐
3318 ing with a remote TLS server. That means TLS version 1.0 or
3319 higher
3320 See also --http1.1 and --http2. -1, --tlsv1 requires that the
3322 underlying libcurl was built to support TLS. This option over‐
3323 rides --tlsv1.1 and --tlsv1.2 and --tlsv1.3.
3324 --tr-encoding
3326 (HTTP) Request a compressed Transfer-Encoding response using one
3327 of the algorithms curl supports, and uncompress the data while
3328 receiving it.
3329 Added in 7.21.6.
3331 --trace-ascii <file>
3333 Enables a full trace dump of all incoming and outgoing data, in‐
3334 cluding descriptive information, to the given output file. Use
3335 "-" as filename to have the output sent to stdout.
3336 This is very similar to --trace, but leaves out the hex part and
3338 only shows the ASCII part of the dump. It makes smaller output
3339 that might be easier to read for untrained humans.
3340 If this option is used several times, the last one will be used.
3342 This option overrides --trace and -v, --verbose.
3344 --trace-time
3346 Prepends a time stamp to each trace or verbose line that curl
3347 displays.
3348 Added in 7.14.0.
3350 --trace <file>
3352 Enables a full trace dump of all incoming and outgoing data, in‐
3353 cluding descriptive information, to the given output file. Use
3354 "-" as filename to have the output sent to stdout. Use "%" as
3355 filename to have the output sent to stderr.
3356 If this option is used several times, the last one will be used.
3358 This option overrides -v, --verbose and --trace-ascii.
3360 --unix-socket <path>
3362 (HTTP) Connect through this Unix domain socket, instead of using
3363 the network.
3364 Added in 7.40.0.
3366 -T, --upload-file <file>
3368 This transfers the specified local file to the remote URL. If
3369 there is no file part in the specified URL, curl will append the
3370 local file name. NOTE that you must use a trailing / on the last
3371 directory to really prove to Curl that there is no file name or
3372 curl will think that your last directory name is the remote file
3373 name to use. That will most likely cause the upload operation to
3374 fail. If this is used on an HTTP(S) server, the PUT command will
3375 be used.
3376 Use the file name "-" (a single dash) to use stdin instead of a
3378 given file. Alternately, the file name "." (a single period)
3379 may be specified instead of "-" to use stdin in non-blocking
3380 mode to allow reading server output while stdin is being up‐
3381 loaded.
3382 You can specify one -T, --upload-file for each URL on the com‐
3384 mand line. Each -T, --upload-file + URL pair specifies what to
3385 upload and to where. curl also supports "globbing" of the -T,
3386 --upload-file argument, meaning that you can upload multiple
3387 files to a single URL by using the same URL globbing style sup‐
3388 ported in the URL, like this:
3389 curl --upload-file "{file1,file2}" http://www.example.com
3391 or even
3393 curl -T "img[1-1000].png" ftp://ftp.example.com/upload/
3395 When uploading to an SMTP server: the uploaded data is assumed
3397 to be RFC 5322 formatted. It has to feature the necessary set of
3398 headers and mail body formatted correctly by the user as curl
3399 will not transcode nor encode it further in any way.
3400 --url <url>
3402 Specify a URL to fetch. This option is mostly handy when you
3403 want to specify URL(s) in a config file.
3404 If the given URL is missing a scheme name (such as "http://" or
3406 "ftp://" etc) then curl will make a guess based on the host. If
3407 the outermost sub-domain name matches DICT, FTP, IMAP, LDAP,
3408 POP3 or SMTP then that protocol will be used, otherwise HTTP
3409 will be used. Since 7.45.0 guessing can be disabled by setting a
3410 default protocol, see --proto-default for details.
3411 This option may be used any number of times. To control where
3413 this URL is written, use the -o, --output or the -O, --remote-
3414 name options.
3415 Warning: On Windows, particular file:// accesses can be con‐
3417 verted to network accesses by the operating system. Beware!
3418 -B, --use-ascii
3420 (FTP LDAP) Enable ASCII transfer. For FTP, this can also be en‐
3421 forced by using a URL that ends with ";type=A". This option
3422 causes data sent to stdout to be in text mode for win32 systems.
3423 -A, --user-agent <name>
3425 (HTTP) Specify the User-Agent string to send to the HTTP server.
3426 To encode blanks in the string, surround the string with single
3427 quote marks. This header can also be set with the -H, --header
3428 or the --proxy-header options.
3429 If you give an empty argument to -A, --user-agent (""), it will
3431 remove the header completely from the request. If you prefer a
3432 blank header, you can set it to a single space (" ").
3433 If this option is used several times, the last one will be used.
3435 -u, --user <user:password>
3437 Specify the user name and password to use for server authentica‐
3438 tion. Overrides -n, --netrc and --netrc-optional.
3439 If you simply specify the user name, curl will prompt for a
3441 password.
3442 The user name and passwords are split up on the first colon,
3444 which makes it impossible to use a colon in the user name with
3445 this option. The password can, still.
3446 On systems where it works, curl will hide the given option argu‐
3448 ment from process listings. This is not enough to protect cre‐
3449 dentials from possibly getting seen by other users on the same
3450 system as they will still be visible for a brief moment before
3451 cleared. Such sensitive data should be retrieved from a file in‐
3452 stead or similar and never used in clear text in a command line.
3453 When using Kerberos V5 with a Windows based server you should
3455 include the Windows domain name in the user name, in order for
3456 the server to successfully obtain a Kerberos Ticket. If you
3457 don't then the initial authentication handshake may fail.
3458 When using NTLM, the user name can be specified simply as the
3460 user name, without the domain, if there is a single domain and
3461 forest in your setup for example.
3462 To specify the domain name use either Down-Level Logon Name or
3464 UPN (User Principal Name) formats. For example, EXAMPLE\user and
3465 user@example.com respectively.
3466 If you use a Windows SSPI-enabled curl binary and perform Ker‐
3468 beros V5, Negotiate, NTLM or Digest authentication then you can
3469 tell curl to select the user name and password from your envi‐
3470 ronment by specifying a single colon with this option: "-u :".
3471 If this option is used several times, the last one will be used.
3473 -v, --verbose
3475 Makes curl verbose during the operation. Useful for debugging
3476 and seeing what's going on "under the hood". A line starting
3477 with '>' means "header data" sent by curl, '<' means "header
3478 data" received by curl that is hidden in normal cases, and a
3479 line starting with '*' means additional info provided by curl.
3480 If you only want HTTP headers in the output, -i, --include might
3482 be the option you're looking for.
3483 If you think this option still doesn't give you enough details,
3485 consider using --trace or --trace-ascii instead.
3486 Use -s, --silent to make curl really quiet.
3488 See also -i, --include. This option overrides --trace and
3490 --trace-ascii.
3491 -V, --version
3493 Displays information about curl and the libcurl version it uses.
3494 The first line includes the full version of curl, libcurl and
3496 other 3rd party libraries linked with the executable.
3497 The second line (starts with "Protocols:") shows all protocols
3499 that libcurl reports to support.
3500 The third line (starts with "Features:") shows specific features
3502 libcurl reports to offer. Available features include:
3503 alt-svc
3505 Support for the Alt-Svc: header is provided.
3506 AsynchDNS
3508 This curl uses asynchronous name resolves. Asynchronous
3509 name resolves can be done using either the c-ares or the
3510 threaded resolver backends.
3511 brotli Support for automatic brotli compression over HTTP(S).
3513 CharConv
3515 curl was built with support for character set conversions
3516 (like EBCDIC)
3517 Debug This curl uses a libcurl built with Debug. This enables
3519 more error-tracking and memory debugging etc. For curl-
3520 developers only!
3521 gsasl The built-in SASL authentication includes extensions to
3523 support SCRAM because libcurl was built with libgsasl.
3524 GSS-API
3526 GSS-API is supported.
3527 HSTS HSTS support is present.
3529 HTTP2 HTTP/2 support has been built-in.
3531 HTTP3 HTTP/3 support has been built-in.
3533 HTTPS-proxy
3535 This curl is built to support HTTPS proxy.
3536 IDN This curl supports IDN - international domain names.
3538 IPv6 You can use IPv6 with this.
3540 Kerberos
3542 Kerberos V5 authentication is supported.
3543 Largefile
3545 This curl supports transfers of large files, files larger
3546 than 2GB.
3547 libz Automatic decompression (via gzip, deflate) of compressed
3549 files over HTTP is supported.
3550 Metalink
3552 This curl supports Metalink.
3553 MultiSSL
3555 This curl supports multiple TLS backends.
3556 NTLM NTLM authentication is supported.
3558 NTLM_WB
3560 NTLM delegation to winbind helper is supported.
3561 PSL PSL is short for Public Suffix List and means that this
3563 curl has been built with knowledge about "public suf‐
3564 fixes".
3565 SPNEGO SPNEGO authentication is supported.
3567 SSL SSL versions of various protocols are supported, such as
3569 HTTPS, FTPS, POP3S and so on.
3570 SSPI SSPI is supported.
3572 TLS-SRP
3574 SRP (Secure Remote Password) authentication is supported
3575 for TLS.
3576 TrackMemory
3578 Debug memory tracking is supported.
3579 Unicode
3581 Unicode support on Windows.
3582 UnixSockets
3584 Unix sockets support is provided.
3585 zstd Automatic decompression (via zstd) of compressed files
3587 over HTTP is supported.
3588 -w, --write-out <format>
3590 Make curl display information on stdout after a completed trans‐
3591 fer. The format is a string that may contain plain text mixed
3592 with any number of variables. The format can be specified as a
3593 literal "string", or you can have curl read the format from a
3594 file with "@filename" and to tell curl to read the format from
3595 stdin you write "@-".
3596 The variables present in the output format will be substituted
3598 by the value or text that curl thinks fit, as described below.
3599 All variables are specified as %{variable_name} and to output a
3600 normal % you just write them as %%. You can output a newline by
3601 using \n, a carriage return with \r and a tab space with \t.
3602 The output will be written to standard output, but this can be
3604 switched to standard error by using %{stderr}.
3605 NOTE: The %-symbol is a special symbol in the win32-environment,
3607 where all occurrences of % must be doubled when using this op‐
3608 tion.
3609 The variables available are:
3611 content_type The Content-Type of the requested document, if
3613 there was any.
3614 errormsg The error message. (Added in 7.75.0)
3616 exitcode The numerical exitcode of the transfer. (Added in
3618 7.75.0)
3619 filename_effective
3621 The ultimate filename that curl writes out to.
3622 This is only meaningful if curl is told to write
3623 to a file with the -O, --remote-name or -o,
3624 --output option. It's most useful in combination
3625 with the -J, --remote-header-name option. (Added
3626 in 7.26.0)
3627 ftp_entry_path The initial path curl ended up in when logging on
3629 to the remote FTP server. (Added in 7.15.4)
3630 http_code The numerical response code that was found in the
3632 last retrieved HTTP(S) or FTP(s) transfer. In
3633 7.18.2 the alias response_code was added to show
3634 the same info.
3635 http_connect The numerical code that was found in the last re‐
3637 sponse (from a proxy) to a curl CONNECT request.
3638 (Added in 7.12.4)
3639 http_version The http version that was effectively used.
3641 (Added in 7.50.0)
3642 json A JSON object with all available keys.
3644 local_ip The IP address of the local end of the most re‐
3646 cently done connection - can be either IPv4 or
3647 IPv6 (Added in 7.29.0)
3648 local_port The local port number of the most recently done
3650 connection (Added in 7.29.0)
3651 method The http method used in the most recent HTTP re‐
3653 quest (Added in 7.72.0)
3654 num_connects Number of new connects made in the recent trans‐
3656 fer. (Added in 7.12.3)
3657 num_headers The number of response headers in the most recent
3659 request (restarted at each
3660 redirect). Note that the status line IS NOT a
3661 header. (Added in 7.73.0)
3662 num_redirects Number of redirects that were followed in the re‐
3664 quest. (Added in 7.12.3)
3665 onerror The rest of the output is only shown if the
3667 transfer returned a non-zero error (Added in
3668 7.75.0)
3669 proxy_ssl_verify_result
3671 The result of the HTTPS proxy's SSL peer certifi‐
3672 cate verification that was requested. 0 means the
3673 verification was successful. (Added in 7.52.0)
3674 redirect_url When an HTTP request was made without -L, --loca‐
3676 tion to follow redirects (or when --max-redir is
3677 met), this variable will show the actual URL a
3678 redirect would have gone to. (Added in 7.18.2)
3679 referer The Referer: header, if there was any. (Added in
3681 7.76.0)
3682 remote_ip The remote IP address of the most recently done
3684 connection - can be either IPv4 or IPv6 (Added in
3685 7.29.0)
3686 remote_port The remote port number of the most recently done
3688 connection (Added in 7.29.0)
3689 response_code The numerical response code that was found in the
3691 last transfer (formerly known as "http_code").
3692 (Added in 7.18.2)
3693 scheme The URL scheme (sometimes called protocol) that
3695 was effectively used (Added in 7.52.0)
3696 size_download The total amount of bytes that were downloaded.
3698 size_header The total amount of bytes of the downloaded head‐
3700 ers.
3701 size_request The total amount of bytes that were sent in the
3703 HTTP request.
3704 size_upload The total amount of bytes that were uploaded.
3706 speed_download The average download speed that curl measured for
3708 the complete download. Bytes per second.
3709 speed_upload The average upload speed that curl measured for
3711 the complete upload. Bytes per second.
3712 ssl_verify_result
3714 The result of the SSL peer certificate verifica‐
3715 tion that was requested. 0 means the verification
3716 was successful. (Added in 7.19.0)
3717 stderr From this point on, the -w, --write-out output
3719 will be written to standard error. (Added in
3720 7.63.0)
3721 stdout From this point on, the -w, --write-out output
3723 will be written to standard output. This is the
3724 default, but can be used to switch back after
3725 switching to stderr. (Added in 7.63.0)
3726 time_appconnect
3728 The time, in seconds, it took from the start un‐
3729 til the SSL/SSH/etc connect/handshake to the re‐
3730 mote host was completed. (Added in 7.19.0)
3731 time_connect The time, in seconds, it took from the start un‐
3733 til the TCP connect to the remote host (or proxy)
3734 was completed.
3735 time_namelookup
3737 The time, in seconds, it took from the start un‐
3738 til the name resolving was completed.
3739 time_pretransfer
3741 The time, in seconds, it took from the start un‐
3742 til the file transfer was just about to begin.
3743 This includes all pre-transfer commands and nego‐
3744 tiations that are specific to the particular pro‐
3745 tocol(s) involved.
3746 time_redirect The time, in seconds, it took for all redirection
3748 steps including name lookup, connect, pretransfer
3749 and transfer before the final transaction was
3750 started. time_redirect shows the complete execu‐
3751 tion time for multiple redirections. (Added in
3752 7.12.3)
3753 time_starttransfer
3755 The time, in seconds, it took from the start un‐
3756 til the first byte was just about to be trans‐
3757 ferred. This includes time_pretransfer and also
3758 the time the server needed to calculate the re‐
3759 sult.
3760 time_total The total time, in seconds, that the full opera‐
3762 tion lasted.
3763 url The URL that was fetched. (Added in 7.75.0)
3765 urlnum The URL index number of this transfer, 0-indexed.
3767 (Added in 7.75.0)
3768 url_effective The URL that was fetched last. This is most mean‐
3770 ingful if you've told curl to follow location:
3771 headers.
3772 If this option is used several times, the last one will be used.
3774 --xattr
3776 When saving output to a file, this option tells curl to store
3777 certain file metadata in extended file attributes. Currently,
3778 the URL is stored in the xdg.origin.url attribute and, for HTTP,
3779 the content type is stored in the mime_type attribute. If the
3780 file system does not support extended attributes, a warning is
3781 issued.
3782
3784 ~/.curlrc
3785 Default config file, see -K, --config for details.
3786
3788 The environment variables can be specified in lower case or upper case.
3789 The lower case version has precedence. http_proxy is an exception as it
3790 is only available in lower case.
3791 Using an environment variable to set the proxy has the same effect as
3793 using the -x, --proxy option.
3794 http_proxy [protocol://]<host>[:port]
3797 Sets the proxy server to use for HTTP.
3798 HTTPS_PROXY [protocol://]<host>[:port]
3800 Sets the proxy server to use for HTTPS.
3801 [url-protocol]_PROXY [protocol://]<host>[:port]
3803 Sets the proxy server to use for [url-protocol], where the pro‐
3804 tocol is a protocol that curl supports and as specified in a
3805 URL. FTP, FTPS, POP3, IMAP, SMTP, LDAP etc.
3806 ALL_PROXY [protocol://]<host>[:port]
3808 Sets the proxy server to use if no protocol-specific proxy is
3809 set.
3810 NO_PROXY <comma-separated list of hosts/domains>
3812 list of host names that shouldn't go through any proxy. If set
3813 to an asterisk '*' only, it matches all hosts. Each name in this
3814 list is matched as either a domain name which contains the host‐
3815 name, or the hostname itself.
3816 This environment variable disables use of the proxy even when
3818 specified with the -x, --proxy option. That is NO_PROXY=di‐
3819 rect.example.com curl -x http://proxy.example.com http://di‐
3820 rect.example.com accesses the target URL directly, and
3821 NO_PROXY=direct.example.com curl -x http://proxy.example.com
3822 http://somewhere.example.com accesses the target URL through the
3823 proxy.
3824 The list of host names can also be include numerical IP ad‐
3826 dresses, and IPv6 versions should then be given without enclos‐
3827 ing brackets.
3828 IPv6 numerical addresses are compared as strings, so they will
3830 only match if the representations are the same: "::1" is the
3831 same as "::0:1" but they don't match.
3832 CURL_SSL_BACKEND <TLS backend>
3834 If curl was built with support for "MultiSSL", meaning that it
3835 has built-in support for more than one TLS backend, this envi‐
3836 ronment variable can be set to the case insensitive name of the
3837 particular backend to use when curl is invoked. Setting a name
3838 that isn't a built-in alternative will make curl stay with the
3839 default.
3840 SSL backend names (case-insensitive): bearssl, gnutls, gskit,
3842 mbedtls, mesalink, nss, openssl, rustls, schannel, secure-trans‐
3843 port, wolfssl
3844 QLOGDIR <directory name>
3846 If curl was built with HTTP/3 support, setting this environment
3847 variable to a local directory will make curl produce qlogs in
3848 that directory, using file names named after the destination
3849 connection id (in hex). Do note that these files can become
3850 rather large. Works with both QUIC backends.
3851 SSLKEYLOGFILE <file name>
3853 If you set this environment variable to a file name, curl will
3854 store TLS secrets from its connections in that file when invoked
3855 to enable you to analyze the TLS traffic in real time using net‐
3856 work analyzing tools such as Wireshark. This works with the fol‐
3857 lowing TLS backends: OpenSSL, libressl, BoringSSL, GnuTLS, NSS
3858 and wolfSSL.
3859
3861 Since curl version 7.21.7, the proxy string may be specified with a
3862 protocol:// prefix to specify alternative proxy protocols.
3863 If no protocol is specified in the proxy string or if the string
3865 doesn't match a supported one, the proxy will be treated as an HTTP
3866 proxy.
3867 The supported proxy protocol prefixes are as follows:
3869 http://
3871 Makes it use it as an HTTP proxy. The default if no scheme pre‐
3872 fix is used.
3873 https://
3875 Makes it treated as an HTTPS proxy.
3876 socks4://
3878 Makes it the equivalent of --socks4
3879 socks4a://
3881 Makes it the equivalent of --socks4a
3882 socks5://
3884 Makes it the equivalent of --socks5
3885 socks5h://
3887 Makes it the equivalent of --socks5-hostname
3888
3890 There are a bunch of different error codes and their corresponding er‐
3891 ror messages that may appear during bad conditions. At the time of this
3892 writing, the exit codes are:
3893 1 Unsupported protocol. This build of curl has no support for this
3895 protocol.
3896 2 Failed to initialize.
3898 3 URL malformed. The syntax was not correct.
3900 4 A feature or option that was needed to perform the desired re‐
3902 quest was not enabled or was explicitly disabled at build-time.
3903 To make curl able to do this, you probably need another build of
3904 libcurl!
3905 5 Couldn't resolve proxy. The given proxy host could not be re‐
3907 solved.
3908 6 Couldn't resolve host. The given remote host was not resolved.
3910 7 Failed to connect to host.
3912 8 Weird server reply. The server sent data curl couldn't parse.
3914 9 FTP access denied. The server denied login or denied access to
3916 the particular resource or directory you wanted to reach. Most
3917 often you tried to change to a directory that doesn't exist on
3918 the server.
3919 10 FTP accept failed. While waiting for the server to connect back
3921 when an active FTP session is used, an error code was sent over
3922 the control connection or similar.
3923 11 FTP weird PASS reply. Curl couldn't parse the reply sent to the
3925 PASS request.
3926 12 During an active FTP session while waiting for the server to
3928 connect back to curl, the timeout expired.
3929 13 FTP weird PASV reply, Curl couldn't parse the reply sent to the
3931 PASV request.
3932 14 FTP weird 227 format. Curl couldn't parse the 227-line the
3934 server sent.
3935 15 FTP can't get host. Couldn't resolve the host IP we got in the
3937 227-line.
3938 16 HTTP/2 error. A problem was detected in the HTTP2 framing layer.
3940 This is somewhat generic and can be one out of several problems,
3941 see the error message for details.
3942 17 FTP couldn't set binary. Couldn't change transfer method to bi‐
3944 nary.
3945 18 Partial file. Only a part of the file was transferred.
3947 19 FTP couldn't download/access the given file, the RETR (or simi‐
3949 lar) command failed.
3950 21 FTP quote error. A quote command returned error from the server.
3952 22 HTTP page not retrieved. The requested url was not found or re‐
3954 turned another error with the HTTP error code being 400 or
3955 above. This return code only appears if -f, --fail is used.
3956 23 Write error. Curl couldn't write data to a local filesystem or
3958 similar.
3959 25 FTP couldn't STOR file. The server denied the STOR operation,
3961 used for FTP uploading.
3962 26 Read error. Various reading problems.
3964 27 Out of memory. A memory allocation request failed.
3966 28 Operation timeout. The specified time-out period was reached ac‐
3968 cording to the conditions.
3969 30 FTP PORT failed. The PORT command failed. Not all FTP servers
3971 support the PORT command, try doing a transfer using PASV in‐
3972 stead!
3973 31 FTP couldn't use REST. The REST command failed. This command is
3975 used for resumed FTP transfers.
3976 33 HTTP range error. The range "command" didn't work.
3978 34 HTTP post error. Internal post-request generation error.
3980 35 SSL connect error. The SSL handshaking failed.
3982 36 Bad download resume. Couldn't continue an earlier aborted down‐
3984 load.
3985 37 FILE couldn't read file. Failed to open the file. Permissions?
3987 38 LDAP cannot bind. LDAP bind operation failed.
3989 39 LDAP search failed.
3991 41 Function not found. A required LDAP function was not found.
3993 42 Aborted by callback. An application told curl to abort the oper‐
3995 ation.
3996 43 Internal error. A function was called with a bad parameter.
3998 45 Interface error. A specified outgoing interface could not be
4000 used.
4001 47 Too many redirects. When following redirects, curl hit the maxi‐
4003 mum amount.
4004 48 Unknown option specified to libcurl. This indicates that you
4006 passed a weird option to curl that was passed on to libcurl and
4007 rejected. Read up in the manual!
4008 49 Malformed telnet option.
4010 51 The peer's SSL certificate or SSH MD5 fingerprint was not OK.
4012 52 The server didn't reply anything, which here is considered an
4014 error.
4015 53 SSL crypto engine not found.
4017 54 Cannot set SSL crypto engine as default.
4019 55 Failed sending network data.
4021 56 Failure in receiving network data.
4023 58 Problem with the local certificate.
4025 59 Couldn't use specified SSL cipher.
4027 60 Peer certificate cannot be authenticated with known CA certifi‐
4029 cates.
4030 61 Unrecognized transfer encoding.
4032 62 Invalid LDAP URL.
4034 63 Maximum file size exceeded.
4036 64 Requested FTP SSL level failed.
4038 65 Sending the data requires a rewind that failed.
4040 66 Failed to initialise SSL Engine.
4042 67 The user name, password, or similar was not accepted and curl
4044 failed to log in.
4045 68 File not found on TFTP server.
4047 69 Permission problem on TFTP server.
4049 70 Out of disk space on TFTP server.
4051 71 Illegal TFTP operation.
4053 72 Unknown TFTP transfer ID.
4055 73 File already exists (TFTP).
4057 74 No such user (TFTP).
4059 75 Character conversion failed.
4061 76 Character conversion functions required.
4063 77 Problem with reading the SSL CA cert (path? access rights?).
4065 78 The resource referenced in the URL does not exist.
4067 79 An unspecified error occurred during the SSH session.
4069 80 Failed to shut down the SSL connection.
4071 82 Could not load CRL file, missing or wrong format (added in
4073 7.19.0).
4074 83 Issuer check failed (added in 7.19.0).
4076 84 The FTP PRET command failed
4078 85 RTSP: mismatch of CSeq numbers
4080 86 RTSP: mismatch of Session Identifiers
4082 87 unable to parse FTP file list
4084 88 FTP chunk callback reported error
4086 89 No connection available, the session will be queued
4088 90 SSL public key does not matched pinned public key
4090 91 Invalid SSL certificate status.
4092 92 Stream error in HTTP/2 framing layer.
4094 93 An API function was called from inside a callback.
4096 94 An authentication function returned an error.
4098 95 A problem was detected in the HTTP/3 layer. This is somewhat
4100 generic and can be one out of several problems, see the error
4101 message for details.
4102 96 QUIC connection error. This error may be caused by an SSL li‐
4104 brary error. QUIC is the protocol used for HTTP/3 transfers.
4105 XX More error codes will appear here in future releases. The exist‐
4107 ing ones are meant to never change.
4108
4110 Daniel Stenberg is the main author, but the whole list of contributors
4111 is found in the separate THANKS file.
4112
4114 https://curl.se
4115
4117 ftp(1), wget(1)
4118Curl 7.76.1 November 16, 2016 curl(1)