1curl(1) curl Manual curl(1)
2
3
4
6 curl - transfer a URL
7
9 curl [options / URLs]
10
12 curl is a tool for transferring data from or to a server. It supports
13 these protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS,
14 IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP,
15 SFTP, SMB, SMBS, SMTP, SMTPS, TELNET or TFTP. The command is designed
16 to work without user interaction.
17
18 curl offers a busload of useful tricks like proxy support, user authen‐
19 tication, FTP upload, HTTP post, SSL connections, cookies, file trans‐
20 fer resume and more. As you will see below, the number of features will
21 make your head spin.
22
23 curl is powered by libcurl for all transfer-related features. See
24 libcurl(3) for details.
25
27 The URL syntax is protocol-dependent. You find a detailed description
28 in RFC 3986.
29
30 You can specify multiple URLs or parts of URLs by writing part sets
31 within braces and quoting the URL as in:
32
33 "http://site.{one,two,three}.com"
34
35 or you can get sequences of alphanumeric series by using [] as in:
36
37 "ftp://ftp.example.com/file[1-100].txt"
38
39 "ftp://ftp.example.com/file[001-100].txt" (with leading zeros)
40
41 "ftp://ftp.example.com/file[a-z].txt"
42
43 Nested sequences are not supported, but you can use several ones next
44 to each other:
45
46 "http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html"
47
48 You can specify any amount of URLs on the command line. They will be
49 fetched in a sequential manner in the specified order. You can specify
50 command line options and URLs mixed and in any order on the command
51 line.
52
53 You can specify a step counter for the ranges to get every Nth number
54 or letter:
55
56 "http://example.com/file[1-100:10].txt"
57
58 "http://example.com/file[a-z:2].txt"
59
60 When using [] or {} sequences when invoked from a command line prompt,
61 you probably have to put the full URL within double quotes to avoid the
62 shell from interfering with it. This also goes for other characters
63 treated special, like for example '&', '?' and '*'.
64
65 Provide the IPv6 zone index in the URL with an escaped percentage sign
66 and the interface name. Like in
67
68 "http://[fe80::3%25eth0]/"
69
70 If you specify URL without protocol:// prefix, curl will attempt to
71 guess what protocol you might want. It will then default to HTTP but
72 try other protocols based on often-used host name prefixes. For exam‐
73 ple, for host names starting with "ftp." curl will assume you want to
74 speak FTP.
75
76 curl will do its best to use what you pass to it as a URL. It is not
77 trying to validate it as a syntactically correct URL by any means but
78 is fairly liberal with what it accepts.
79
80 curl will attempt to re-use connections for multiple file transfers, so
81 that getting many files from the same server will not do multiple con‐
82 nects / handshakes. This improves speed. Of course this is only done on
83 files specified on a single command line and cannot be used between
84 separate curl invocations.
85
87 If not told otherwise, curl writes the received data to stdout. It can
88 be instructed to instead save that data into a local file, using the
89 --output or --remote-name options. If curl is given multiple URLs to
90 transfer on the command line, it similarly needs multiple options for
91 where to save them.
92
93 curl does not parse or otherwise "understand" the content it gets or
94 writes as output. It does no encoding or decoding, unless explicitly
95 asked to with dedicated command line options.
96
98 curl supports numerous protocols, or put in URL terms: schemes. Your
99 particular build may not support them all.
100
101 DICT Lets you lookup words using online dictionaries.
102
103 FILE Read or write local files. curl does not support accessing
104 file:// URL remotely, but when running on Microsoft Windows us‐
105 ing the native UNC approach will work.
106
107 FTP(S) curl supports the File Transfer Protocol with a lot of tweaks
108 and levers. With or without using TLS.
109
110 GOPHER(S)
111 Retrieve files.
112
113 HTTP(S)
114 curl supports HTTP with numerous options and variations. It can
115 speak HTTP version 0.9, 1.0, 1.1, 2 and 3 depending on build op‐
116 tions and the correct command line options.
117
118 IMAP(S)
119 Using the mail reading protocol, curl can "download" emails for
120 you. With or without using TLS.
121
122 LDAP(S)
123 curl can do directory lookups for you, with or without TLS.
124
125 MQTT curl supports MQTT version 3. Downloading over MQTT equals "sub‐
126 scribe" to a topic while uploading/posting equals "publish" on a
127 topic. MQTT over TLS is not supported (yet).
128
129 POP3(S)
130 Downloading from a pop3 server means getting a mail. With or
131 without using TLS.
132
133 RTMP(S)
134 The Realtime Messaging Protocol is primarily used to server
135 streaming media and curl can download it.
136
137 RTSP curl supports RTSP 1.0 downloads.
138
139 SCP curl supports SSH version 2 scp transfers.
140
141 SFTP curl supports SFTP (draft 5) done over SSH version 2.
142
143 SMB(S) curl supports SMB version 1 for upload and download.
144
145 SMTP(S)
146 Uploading contents to an SMTP server means sending an email.
147 With or without TLS.
148
149 TELNET Telling curl to fetch a telnet URL starts an interactive session
150 where it sends what it reads on stdin and outputs what the
151 server sends it.
152
153 TFTP curl can do TFTP downloads and uploads.
154
156 curl normally displays a progress meter during operations, indicating
157 the amount of transferred data, transfer speeds and estimated time
158 left, etc. The progress meter displays number of bytes and the speeds
159 are in bytes per second. The suffixes (k, M, G, T, P) are 1024 based.
160 For example 1k is 1024 bytes. 1M is 1048576 bytes.
161
162 curl displays this data to the terminal by default, so if you invoke
163 curl to do an operation and it is about to write data to the terminal,
164 it disables the progress meter as otherwise it would mess up the output
165 mixing progress meter and response data.
166
167 If you want a progress meter for HTTP POST or PUT requests, you need to
168 redirect the response output to a file, using shell redirect (>),
169 --output or similar.
170
171 This does not apply to FTP upload as that operation does not spit out
172 any response data to the terminal.
173
174 If you prefer a progress "bar" instead of the regular meter,
175 --progress-bar is your friend. You can also disable the progress meter
176 completely with the --silent option.
177
179 Options start with one or two dashes. Many of the options require an
180 additional value next to them.
181
182 The short "single-dash" form of the options, -d for example, may be
183 used with or without a space between it and its value, although a space
184 is a recommended separator. The long "double-dash" form, --data for ex‐
185 ample, requires a space between it and its value.
186
187 Short version options that do not need any additional values can be
188 used immediately next to each other, like for example you can specify
189 all the options -O, -L and -v at once as -OLv.
190
191 In general, all boolean options are enabled with --option and yet again
192 disabled with --no-option. That is, you use the same option name but
193 prefix it with "no-". However, in this list we mostly only list and
194 show the --option version of them.
195
196 --abstract-unix-socket <path>
197 (HTTP) Connect through an abstract Unix domain socket, instead
198 of using the network. Note: netstat shows the path of an ab‐
199 stract socket prefixed with '@', however the <path> argument
200 should not have this leading character.
201
202 Example:
203 curl --abstract-unix-socket socketpath https://example.com
204
205 See also --unix-socket. Added in 7.53.0.
206
207 --alt-svc <file name>
208 (HTTPS) This option enables the alt-svc parser in curl. If the
209 file name points to an existing alt-svc cache file, that will be
210 used. After a completed transfer, the cache will be saved to the
211 file name again if it has been modified.
212
213 Specify a "" file name (zero length) to avoid loading/saving and
214 make curl just handle the cache in memory.
215
216 If this option is used several times, curl will load contents
217 from all the files but the last one will be used for saving.
218
219 Example:
220 curl --alt-svc svc.txt https://example.com
221
222 See also --resolve and --connect-to. Added in 7.64.1.
223
224 --anyauth
225 (HTTP) Tells curl to figure out authentication method by itself,
226 and use the most secure one the remote site claims to support.
227 This is done by first doing a request and checking the response-
228 headers, thus possibly inducing an extra network round-trip.
229 This is used instead of setting a specific authentication
230 method, which you can do with --basic, --digest, --ntlm, and
231 --negotiate.
232
233 Using --anyauth is not recommended if you do uploads from stdin,
234 since it may require data to be sent twice and then the client
235 must be able to rewind. If the need should arise when uploading
236 from stdin, the upload operation will fail.
237
238 Used together with -u, --user.
239
240 Example:
241 curl --anyauth --user me:pwd https://example.com
242
243 See also --proxy-anyauth, --basic and --digest.
244
245 -a, --append
246 (FTP SFTP) When used in an upload, this makes curl append to the
247 target file instead of overwriting it. If the remote file does
248 not exist, it will be created. Note that this flag is ignored by
249 some SFTP servers (including OpenSSH).
250
251 Example:
252 curl --upload-file local --append ftp://example.com/
253
254 See also -r, --range and -C, --continue-at.
255
256 --aws-sigv4 <provider1[:provider2[:region[:service]]]>
257 Use AWS V4 signature authentication in the transfer.
258
259 The provider argument is a string that is used by the algorithm
260 when creating outgoing authentication headers.
261
262 The region argument is a string that points to a geographic area
263 of a resources collection (region-code) when the region name is
264 omitted from the endpoint.
265
266 The service argument is a string that points to a function pro‐
267 vided by a cloud (service-code) when the service name is omitted
268 from the endpoint.
269
270 Example:
271 curl --aws-sigv4 "aws:amz:east-2:es" --user "key:secret" https://example.com
272
273 See also --basic and -u, --user. Added in 7.75.0.
274
275 --basic
276 (HTTP) Tells curl to use HTTP Basic authentication with the re‐
277 mote host. This is the default and this option is usually point‐
278 less, unless you use it to override a previously set option that
279 sets a different authentication method (such as --ntlm, --di‐
280 gest, or --negotiate).
281
282 Used together with -u, --user.
283
284 Example:
285 curl -u name:password --basic https://example.com
286
287 See also --proxy-basic.
288
289 --cacert <file>
290 (TLS) Tells curl to use the specified certificate file to verify
291 the peer. The file may contain multiple CA certificates. The
292 certificate(s) must be in PEM format. Normally curl is built to
293 use a default file for this, so this option is typically used to
294 alter that default file.
295
296 curl recognizes the environment variable named 'CURL_CA_BUNDLE'
297 if it is set, and uses the given path as a path to a CA cert
298 bundle. This option overrides that variable.
299
300 The windows version of curl will automatically look for a CA
301 certs file named 'curl-ca-bundle.crt', either in the same direc‐
302 tory as curl.exe, or in the Current Working Directory, or in any
303 folder along your PATH.
304
305 If curl is built against the NSS SSL library, the NSS PEM
306 PKCS#11 module (libnsspem.so) needs to be available for this op‐
307 tion to work properly.
308
309 (iOS and macOS only) If curl is built against Secure Transport,
310 then this option is supported for backward compatibility with
311 other SSL engines, but it should not be set. If the option is
312 not set, then curl will use the certificates in the system and
313 user Keychain to verify the peer, which is the preferred method
314 of verifying the peer's certificate chain.
315
316 (Schannel only) This option is supported for Schannel in Windows
317 7 or later with libcurl 7.60 or later. This option is supported
318 for backward compatibility with other SSL engines; instead it is
319 recommended to use Windows' store of root certificates (the de‐
320 fault for Schannel).
321
322 If this option is used several times, the last one will be used.
323
324 Example:
325 curl --cacert CA-file.txt https://example.com
326
327 See also --capath and -k, --insecure.
328
329 --capath <dir>
330 (TLS) Tells curl to use the specified certificate directory to
331 verify the peer. Multiple paths can be provided by separating
332 them with ":" (e.g. "path1:path2:path3"). The certificates must
333 be in PEM format, and if curl is built against OpenSSL, the di‐
334 rectory must have been processed using the c_rehash utility sup‐
335 plied with OpenSSL. Using --capath can allow OpenSSL-powered
336 curl to make SSL-connections much more efficiently than using
337 --cacert if the --cacert file contains many CA certificates.
338
339 If this option is set, the default capath value will be ignored,
340 and if it is used several times, the last one will be used.
341
342 Example:
343 curl --capath /local/directory https://example.com
344
345 See also --cacert and -k, --insecure.
346
347 --cert-status
348 (TLS) Tells curl to verify the status of the server certificate
349 by using the Certificate Status Request (aka. OCSP stapling) TLS
350 extension.
351
352 If this option is enabled and the server sends an invalid (e.g.
353 expired) response, if the response suggests that the server cer‐
354 tificate has been revoked, or no response at all is received,
355 the verification fails.
356
357 This is currently only implemented in the OpenSSL, GnuTLS and
358 NSS backends.
359
360 Example:
361 curl --cert-status https://example.com
362
363 See also --pinnedpubkey. Added in 7.41.0.
364
365 --cert-type <type>
366 (TLS) Tells curl what type the provided client certificate is
367 using. PEM, DER, ENG and P12 are recognized types. If not speci‐
368 fied, PEM is assumed.
369
370 If this option is used several times, the last one will be used.
371
372 Example:
373 curl --cert-type PEM --cert file https://example.com
374
375 See also -E, --cert, --key and --key-type.
376
377 -E, --cert <certificate[:password]>
378 (TLS) Tells curl to use the specified client certificate file
379 when getting a file with HTTPS, FTPS or another SSL-based proto‐
380 col. The certificate must be in PKCS#12 format if using Secure
381 Transport, or PEM format if using any other engine. If the op‐
382 tional password is not specified, it will be queried for on the
383 terminal. Note that this option assumes a "certificate" file
384 that is the private key and the client certificate concatenated!
385 See --cert and --key to specify them independently.
386
387 If curl is built against the NSS SSL library then this option
388 can tell curl the nickname of the certificate to use within the
389 NSS database defined by the environment variable SSL_DIR (or by
390 default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (lib‐
391 nsspem.so) is available then PEM files may be loaded. If you
392 want to use a file from the current directory, please precede it
393 with "./" prefix, in order to avoid confusion with a nickname.
394 If the nickname contains ":", it needs to be preceded by "\" so
395 that it is not recognized as password delimiter. If the nickname
396 contains "\", it needs to be escaped as "\\" so that it is not
397 recognized as an escape character.
398
399 If curl is built against OpenSSL library, and the engine pkcs11
400 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
401 ify a certificate located in a PKCS#11 device. A string begin‐
402 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
403 PKCS#11 URI is provided, then the --engine option will be set as
404 "pkcs11" if none was provided and the --cert-type option will be
405 set as "ENG" if none was provided.
406
407 (iOS and macOS only) If curl is built against Secure Transport,
408 then the certificate string can either be the name of a certifi‐
409 cate/private key in the system or user keychain, or the path to
410 a PKCS#12-encoded certificate and private key. If you want to
411 use a file from the current directory, please precede it with
412 "./" prefix, in order to avoid confusion with a nickname.
413
414 (Schannel only) Client certificates must be specified by a path
415 expression to a certificate store. (Loading PFX is not sup‐
416 ported; you can import it to a store first). You can use "<store
417 location>\<store name>\<thumbprint>" to refer to a certificate
418 in the system certificates store, for example, "Curren‐
419 tUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint
420 is usually a SHA-1 hex string which you can see in certificate
421 details. Following store locations are supported: CurrentUser,
422 LocalMachine, CurrentService, Services, CurrentUserGroupPolicy,
423 LocalMachineGroupPolicy, LocalMachineEnterprise.
424
425 If this option is used several times, the last one will be used.
426
427 Example:
428 curl --cert certfile --key keyfile https://example.com
429
430 See also --cert-type, --key and --key-type.
431
432 --ciphers <list of ciphers>
433 (TLS) Specifies which ciphers to use in the connection. The list
434 of ciphers must specify valid ciphers. Read up on SSL cipher
435 list details on this URL:
436
437 https://curl.se/docs/ssl-ciphers.html
438
439 If this option is used several times, the last one will be used.
440
441 Example:
442 curl --ciphers ECDHE-ECDSA-AES256-CCM8 https://example.com
443
444 See also --tlsv1.3.
445
446 --compressed-ssh
447 (SCP SFTP) Enables built-in SSH compression. This is a request,
448 not an order; the server may or may not do it.
449
450 Example:
451 curl --compressed-ssh sftp://example.com/
452
453 See also --compressed. Added in 7.56.0.
454
455 --compressed
456 (HTTP) Request a compressed response using one of the algorithms
457 curl supports, and automatically decompress the content. Headers
458 are not modified.
459
460 If this option is used and the server sends an unsupported en‐
461 coding, curl will report an error. This is a request, not an or‐
462 der; the server may or may not deliver data compressed.
463
464 Example:
465 curl --compressed https://example.com
466
467 See also --compressed-ssh.
468
469 -K, --config <file>
470 Specify a text file to read curl arguments from. The command
471 line arguments found in the text file will be used as if they
472 were provided on the command line.
473
474 Options and their parameters must be specified on the same line
475 in the file, separated by whitespace, colon, or the equals sign.
476 Long option names can optionally be given in the config file
477 without the initial double dashes and if so, the colon or equals
478 characters can be used as separators. If the option is specified
479 with one or two dashes, there can be no colon or equals charac‐
480 ter between the option and its parameter.
481
482 If the parameter contains whitespace (or starts with : or =),
483 the parameter must be enclosed within quotes. Within double
484 quotes, the following escape sequences are available: \\, \",
485 \t, \n, \r and \v. A backslash preceding any other letter is ig‐
486 nored.
487
488 If the first column of a config line is a '#' character, the
489 rest of the line will be treated as a comment.
490
491 Only write one option per physical line in the config file.
492
493 Specify the filename to --config as '-' to make curl read the
494 file from stdin.
495
496 Note that to be able to specify a URL in the config file, you
497 need to specify it using the --url option, and not by simply
498 writing the URL on its own line. So, it could look similar to
499 this:
500
501 url = "https://curl.se/docs/"
502
503 # --- Example file ---
504 # this is a comment
505 url = "example.com"
506 output = "curlhere.html"
507 user-agent = "superagent/1.0"
508
509 # and fetch another URL too
510 url = "example.com/docs/manpage.html"
511 -O
512 referer = "http://nowhereatall.example.com/"
513 # --- End of example file ---
514
515 When curl is invoked, it (unless --disable is used) checks for a
516 default config file and uses it if found, even when --config is
517 used. The default config file is checked for in the following
518 places in this order:
519
520 1) "$CURL_HOME/.curlrc"
521
522 2) "$XDG_CONFIG_HOME/.curlrc" (Added in 7.73.0)
523
524 3) "$HOME/.curlrc"
525
526 4) Windows: "%USERPROFILE%\.curlrc"
527
528 5) Windows: "%APPDATA%\.curlrc"
529
530 6) Windows: "%USERPROFILE%\Application Data\.curlrc"
531
532 7) Non-Windows: use getpwuid to find the home directory
533
534 8) On Windows, if it finds no .curlrc file in the sequence de‐
535 scribed above, it checks for one in the same dir the curl exe‐
536 cutable is placed.
537
538 On Windows two filenames are checked per location: .curlrc and
539 _curlrc, preferring the former. Older versions on Windows
540 checked for _curlrc only.
541
542 This option can be used multiple times to load multiple config
543 files.
544
545 Example:
546 curl --config file.txt https://example.com
547
548 See also -q, --disable.
549
550 --connect-timeout <fractional seconds>
551 Maximum time in seconds that you allow curl's connection to
552 take. This only limits the connection phase, so if curl con‐
553 nects within the given period it will continue - if not it will
554 exit. Since version 7.32.0, this option accepts decimal values.
555
556 If this option is used several times, the last one will be used.
557
558 Examples:
559 curl --connect-timeout 20 https://example.com
560 curl --connect-timeout 3.14 https://example.com
561
562 See also -m, --max-time.
563
564 --connect-to <HOST1:PORT1:HOST2:PORT2>
565
566 For a request to the given HOST1:PORT1 pair, connect to
567 HOST2:PORT2 instead. This option is suitable to direct requests
568 at a specific server, e.g. at a specific cluster node in a clus‐
569 ter of servers. This option is only used to establish the net‐
570 work connection. It does NOT affect the hostname/port that is
571 used for TLS/SSL (e.g. SNI, certificate verification) or for the
572 application protocols. "HOST1" and "PORT1" may be the empty
573 string, meaning "any host/port". "HOST2" and "PORT2" may also be
574 the empty string, meaning "use the request's original
575 host/port".
576
577 A "host" specified to this option is compared as a string, so it
578 needs to match the name used in request URL. It can be either
579 numerical such as "127.0.0.1" or the full host name such as "ex‐
580 ample.org".
581
582 This option can be used many times to add many connect rules.
583
584 Example:
585 curl --connect-to example.com:443:example.net:8443 https://example.com
586
587 See also --resolve and -H, --header. Added in 7.49.0.
588
589 -C, --continue-at <offset>
590 Continue/Resume a previous file transfer at the given offset.
591 The given offset is the exact number of bytes that will be
592 skipped, counting from the beginning of the source file before
593 it is transferred to the destination. If used with uploads, the
594 FTP server command SIZE will not be used by curl.
595
596 Use "-C -" to tell curl to automatically find out where/how to
597 resume the transfer. It then uses the given output/input files
598 to figure that out.
599
600 If this option is used several times, the last one will be used.
601
602 Examples:
603 curl -C - https://example.com
604 curl -C 400 https://example.com
605
606 See also -r, --range.
607
608 -c, --cookie-jar <filename>
609 (HTTP) Specify to which file you want curl to write all cookies
610 after a completed operation. Curl writes all cookies from its
611 in-memory cookie storage to the given file at the end of opera‐
612 tions. If no cookies are known, no data will be written. The
613 file will be written using the Netscape cookie file format. If
614 you set the file name to a single dash, "-", the cookies will be
615 written to stdout.
616
617 This command line option will activate the cookie engine that
618 makes curl record and use cookies. Another way to activate it is
619 to use the --cookie option.
620
621 If the cookie jar cannot be created or written to, the whole
622 curl operation will not fail or even report an error clearly.
623 Using --verbose will get a warning displayed, but that is the
624 only visible feedback you get about this possibly lethal situa‐
625 tion.
626
627 If this option is used several times, the last specified file
628 name will be used.
629
630 Examples:
631 curl -c store-here.txt https://example.com
632 curl -c store-here.txt -b read-these https://example.com
633
634 See also -b, --cookie.
635
636 -b, --cookie <data|filename>
637 (HTTP) Pass the data to the HTTP server in the Cookie header. It
638 is supposedly the data previously received from the server in a
639 "Set-Cookie:" line. The data should be in the format
640 "NAME1=VALUE1; NAME2=VALUE2".
641
642 If no '=' symbol is used in the argument, it is instead treated
643 as a filename to read previously stored cookie from. This option
644 also activates the cookie engine which will make curl record in‐
645 coming cookies, which may be handy if you are using this in com‐
646 bination with the --location option or do multiple URL transfers
647 on the same invoke. If the file name is exactly a minus ("-"),
648 curl will instead read the contents from stdin.
649
650 The file format of the file to read cookies from should be plain
651 HTTP headers (Set-Cookie style) or the Netscape/Mozilla cookie
652 file format.
653
654 The file specified with --cookie is only used as input. No cook‐
655 ies will be written to the file. To store cookies, use the
656 --cookie-jar option.
657
658 If you use the Set-Cookie file format and do not specify a do‐
659 main then the cookie is not sent since the domain will never
660 match. To address this, set a domain in Set-Cookie line (doing
661 that will include sub-domains) or preferably: use the Netscape
662 format.
663
664 This option can be used multiple times.
665
666 Users often want to both read cookies from a file and write up‐
667 dated cookies back to a file, so using both --cookie and
668 --cookie-jar in the same command line is common.
669
670 Examples:
671 curl -b cookiefile https://example.com
672 curl -b cookiefile -c cookiefile https://example.com
673
674 See also -c, --cookie-jar and -j, --junk-session-cookies.
675
676 --create-dirs
677 When used in conjunction with the --output option, curl will
678 create the necessary local directory hierarchy as needed. This
679 option creates the directories mentioned with the --output op‐
680 tion, nothing else. If the --output file name uses no directory,
681 or if the directories it mentions already exist, no directories
682 will be created.
683
684 Created dirs are made with mode 0750 on unix style file systems.
685
686 To create remote directories when using FTP or SFTP, try --ftp-
687 create-dirs.
688
689 Example:
690 curl --create-dirs --output local/dir/file https://example.com
691
692 See also --ftp-create-dirs and --output-dir.
693
694 --create-file-mode <mode>
695 (SFTP SCP FILE) When curl is used to create files remotely using
696 one of the supported protocols, this option allows the user to
697 set which 'mode' to set on the file at creation time, instead of
698 the default 0644.
699
700 This option takes an octal number as argument.
701
702 If this option is used several times, the last one will be used.
703
704 Example:
705 curl --create-file-mode 0777 -T localfile sftp://example.com/new
706
707 See also --ftp-create-dirs. Added in 7.75.0.
708
709 --crlf (FTP SMTP) Convert LF to CRLF in upload. Useful for MVS
710 (OS/390).
711
712 (SMTP added in 7.40.0)
713
714 Example:
715 curl --crlf -T file ftp://example.com/
716
717 See also -B, --use-ascii.
718
719 --crlfile <file>
720 (TLS) Provide a file using PEM format with a Certificate Revoca‐
721 tion List that may specify peer certificates that are to be con‐
722 sidered revoked.
723
724 If this option is used several times, the last one will be used.
725
726 Example:
727 curl --crlfile rejects.txt https://example.com
728
729 See also --cacert and --capath.
730
731 --curves <algorithm list>
732 (TLS) Tells curl to request specific curves to use during SSL
733 session establishment according to RFC 8422, 5.1. Multiple al‐
734 gorithms can be provided by separating them with ":" (e.g.
735 "X25519:P-521"). The parameter is available identically in the
736 "openssl s_client/s_server" utilities.
737
738 --curves allows a OpenSSL powered curl to make SSL-connections
739 with exactly the (EC) curve requested by the client, avoiding
740 nontransparent client/server negotiations.
741
742 If this option is set, the default curves list built into
743 openssl will be ignored.
744
745 Example:
746 curl --curves X25519 https://example.com
747
748 See also --ciphers. Added in 7.73.0.
749
750 --data-ascii <data>
751 (HTTP) This is just an alias for -d, --data.
752
753 Example:
754 curl --data-ascii @file https://example.com
755
756 See also --data-binary, --data-raw and --data-urlencode.
757
758 --data-binary <data>
759 (HTTP) This posts data exactly as specified with no extra pro‐
760 cessing whatsoever.
761
762 If you start the data with the letter @, the rest should be a
763 filename. Data is posted in a similar manner as --data does, ex‐
764 cept that newlines and carriage returns are preserved and con‐
765 versions are never done.
766
767 Like --data the default content-type sent to the server is ap‐
768 plication/x-www-form-urlencoded. If you want the data to be
769 treated as arbitrary binary data by the server then set the con‐
770 tent-type to octet-stream: -H "Content-Type: application/octet-
771 stream".
772
773 If this option is used several times, the ones following the
774 first will append data as described in -d, --data.
775
776 Example:
777 curl --data-binary @filename https://example.com
778
779 See also --data-ascii.
780
781 --data-raw <data>
782 (HTTP) This posts data similarly to --data but without the spe‐
783 cial interpretation of the @ character.
784
785 Examples:
786 curl --data-raw "hello" https://example.com
787 curl --data-raw "@at@at@" https://example.com
788
789 See also -d, --data. Added in 7.43.0.
790
791 --data-urlencode <data>
792 (HTTP) This posts data, similar to the other --data options with
793 the exception that this performs URL-encoding.
794
795 To be CGI-compliant, the <data> part should begin with a name
796 followed by a separator and a content specification. The <data>
797 part can be passed to curl using one of the following syntaxes:
798
799 content
800 This will make curl URL-encode the content and pass that
801 on. Just be careful so that the content does not contain
802 any = or @ symbols, as that will then make the syntax
803 match one of the other cases below!
804
805 =content
806 This will make curl URL-encode the content and pass that
807 on. The preceding = symbol is not included in the data.
808
809 name=content
810 This will make curl URL-encode the content part and pass
811 that on. Note that the name part is expected to be URL-
812 encoded already.
813
814 @filename
815 This will make curl load data from the given file (in‐
816 cluding any newlines), URL-encode that data and pass it
817 on in the POST.
818
819 name@filename
820 This will make curl load data from the given file (in‐
821 cluding any newlines), URL-encode that data and pass it
822 on in the POST. The name part gets an equal sign ap‐
823 pended, resulting in name=urlencoded-file-content. Note
824 that the name is expected to be URL-encoded already.
825
826 Examples:
827 curl --data-urlencode name=val https://example.com
828 curl --data-urlencode =encodethis https://example.com
829 curl --data-urlencode name@file https://example.com
830 curl --data-urlencode @fileonly https://example.com
831
832 See also -d, --data and --data-raw.
833
834 -d, --data <data>
835 (HTTP MQTT) Sends the specified data in a POST request to the
836 HTTP server, in the same way that a browser does when a user has
837 filled in an HTML form and presses the submit button. This will
838 cause curl to pass the data to the server using the content-type
839 application/x-www-form-urlencoded. Compare to -F, --form.
840
841 --data-raw is almost the same but does not have a special inter‐
842 pretation of the @ character. To post data purely binary, you
843 should instead use the --data-binary option. To URL-encode the
844 value of a form field you may use --data-urlencode.
845
846 If any of these options is used more than once on the same com‐
847 mand line, the data pieces specified will be merged with a sepa‐
848 rating &-symbol. Thus, using '-d name=daniel -d skill=lousy'
849 would generate a post chunk that looks like
850 'name=daniel&skill=lousy'.
851
852 If you start the data with the letter @, the rest should be a
853 file name to read the data from, or - if you want curl to read
854 the data from stdin. Posting data from a file named 'foobar'
855 would thus be done with -d, --data @foobar. When --data is told
856 to read from a file like that, carriage returns and newlines
857 will be stripped out. If you do not want the @ character to have
858 a special interpretation use --data-raw instead.
859
860 Examples:
861 curl -d "name=curl" https://example.com
862 curl -d "name=curl" -d "tool=cmdline" https://example.com
863 curl -d @filename https://example.com
864
865 See also --data-binary, --data-urlencode and --data-raw. This
866 option overrides -F, --form and -I, --head and -T, --upload-
867 file.
868
869 --delegation <LEVEL>
870 (GSS/kerberos) Set LEVEL to tell the server what it is allowed
871 to delegate when it comes to user credentials.
872
873 none Do not allow any delegation.
874
875 policy Delegates if and only if the OK-AS-DELEGATE flag is set
876 in the Kerberos service ticket, which is a matter of
877 realm policy.
878
879 always Unconditionally allow the server to delegate.
880
881 If this option is used several times, the last one will be used.
882
883 Example:
884 curl --delegation "none" https://example.com
885
886 See also -k, --insecure and --ssl.
887
888 --digest
889 (HTTP) Enables HTTP Digest authentication. This is an authenti‐
890 cation scheme that prevents the password from being sent over
891 the wire in clear text. Use this in combination with the normal
892 --user option to set user name and password.
893
894 If this option is used several times, only the first one is
895 used.
896
897 Example:
898 curl -u name:password --digest https://example.com
899
900 See also -u, --user, --proxy-digest and --anyauth. This option
901 overrides --basic and --ntlm and --negotiate.
902
903 --disable-eprt
904 (FTP) Tell curl to disable the use of the EPRT and LPRT commands
905 when doing active FTP transfers. Curl will normally always first
906 attempt to use EPRT, then LPRT before using PORT, but with this
907 option, it will use PORT right away. EPRT and LPRT are exten‐
908 sions to the original FTP protocol, and may not work on all
909 servers, but they enable more functionality in a better way than
910 the traditional PORT command.
911
912 --eprt can be used to explicitly enable EPRT again and --no-eprt
913 is an alias for --disable-eprt.
914
915 If the server is accessed using IPv6, this option will have no
916 effect as EPRT is necessary then.
917
918 Disabling EPRT only changes the active behavior. If you want to
919 switch to passive mode you need to not use --ftp-port or force
920 it with --ftp-pasv.
921
922 Example:
923 curl --disable-eprt ftp://example.com/
924
925 See also --disable-epsv and -P, --ftp-port.
926
927 --disable-epsv
928 (FTP) Tell curl to disable the use of the EPSV command when do‐
929 ing passive FTP transfers. Curl will normally always first at‐
930 tempt to use EPSV before PASV, but with this option, it will not
931 try using EPSV.
932
933 --epsv can be used to explicitly enable EPSV again and --no-epsv
934 is an alias for --disable-epsv.
935
936 If the server is an IPv6 host, this option will have no effect
937 as EPSV is necessary then.
938
939 Disabling EPSV only changes the passive behavior. If you want to
940 switch to active mode you need to use -P, --ftp-port.
941
942 Example:
943 curl --disable-epsv ftp://example.com/
944
945 See also --disable-eprt and -P, --ftp-port.
946
947 -q, --disable
948 If used as the first parameter on the command line, the curlrc
949 config file will not be read and used. See the --config for de‐
950 tails on the default config file search path.
951
952 Example:
953 curl -q https://example.com
954
955 See also -K, --config.
956
957 --disallow-username-in-url
958 (HTTP) This tells curl to exit if passed a url containing a
959 username. This is probably most useful when the URL is being
960 provided at run-time or similar.
961
962 Example:
963 curl --disallow-username-in-url https://example.com
964
965 See also --proto. Added in 7.61.0.
966
967 --dns-interface <interface>
968 (DNS) Tell curl to send outgoing DNS requests through <inter‐
969 face>. This option is a counterpart to --interface (which does
970 not affect DNS). The supplied string must be an interface name
971 (not an address).
972
973 Example:
974 curl --dns-interface eth0 https://example.com
975
976 See also --dns-ipv4-addr and --dns-ipv6-addr. --dns-interface
977 requires that the underlying libcurl was built to support c-
978 ares. Added in 7.33.0.
979
980 --dns-ipv4-addr <address>
981 (DNS) Tell curl to bind to <ip-address> when making IPv4 DNS re‐
982 quests, so that the DNS requests originate from this address.
983 The argument should be a single IPv4 address.
984
985 If this option is used several times, the last one will be used.
986
987 Example:
988 curl --dns-ipv4-addr 10.1.2.3 https://example.com
989
990 See also --dns-interface and --dns-ipv6-addr. --dns-ipv4-addr
991 requires that the underlying libcurl was built to support c-
992 ares. Added in 7.33.0.
993
994 --dns-ipv6-addr <address>
995 (DNS) Tell curl to bind to <ip-address> when making IPv6 DNS re‐
996 quests, so that the DNS requests originate from this address.
997 The argument should be a single IPv6 address.
998
999 If this option is used several times, the last one will be used.
1000
1001 Example:
1002 curl --dns-ipv6-addr 2a04:4e42::561 https://example.com
1003
1004 See also --dns-interface and --dns-ipv4-addr. --dns-ipv6-addr
1005 requires that the underlying libcurl was built to support c-
1006 ares. Added in 7.33.0.
1007
1008 --dns-servers <addresses>
1009 Set the list of DNS servers to be used instead of the system de‐
1010 fault. The list of IP addresses should be separated with com‐
1011 mas. Port numbers may also optionally be given as :<port-number>
1012 after each IP address.
1013
1014 If this option is used several times, the last one will be used.
1015
1016 Example:
1017 curl --dns-servers 192.168.0.1,192.168.0.2 https://example.com
1018
1019 See also --dns-interface and --dns-ipv4-addr. --dns-servers re‐
1020 quires that the underlying libcurl was built to support c-ares.
1021 Added in 7.33.0.
1022
1023 --doh-cert-status
1024 Same as --cert-status but used for DoH (DNS-over-HTTPS).
1025
1026 Example:
1027 curl --doh-cert-status --doh-url https://doh.example https://example.com
1028
1029 See also --doh-insecure. Added in 7.76.0.
1030
1031 --doh-insecure
1032 Same as --insecure but used for DoH (DNS-over-HTTPS).
1033
1034 Example:
1035 curl --doh-insecure --doh-url https://doh.example https://example.com
1036
1037 See also --doh-url. Added in 7.76.0.
1038
1039 --doh-url <URL>
1040 Specifies which DNS-over-HTTPS (DoH) server to use to resolve
1041 hostnames, instead of using the default name resolver mechanism.
1042 The URL must be HTTPS.
1043
1044 Some SSL options that you set for your transfer will apply to
1045 DoH since the name lookups take place over SSL. However, the
1046 certificate verification settings are not inherited and can be
1047 controlled separately via --doh-insecure and --doh-cert-status.
1048
1049 If this option is used several times, the last one will be used.
1050
1051 Example:
1052 curl --doh-url https://doh.example https://example.com
1053
1054 See also --doh-insecure. Added in 7.62.0.
1055
1056 -D, --dump-header <filename>
1057 (HTTP FTP) Write the received protocol headers to the specified
1058 file. If no headers are received, the use of this option will
1059 create an empty file.
1060
1061 When used in FTP, the FTP server response lines are considered
1062 being "headers" and thus are saved there.
1063
1064 If this option is used several times, the last one will be used.
1065
1066 Example:
1067 curl --dump-header store.txt https://example.com
1068
1069 See also -o, --output.
1070
1071 --egd-file <file>
1072 (TLS) Specify the path name to the Entropy Gathering Daemon
1073 socket. The socket is used to seed the random engine for SSL
1074 connections.
1075
1076 Example:
1077 curl --egd-file /random/here https://example.com
1078
1079 See also --random-file.
1080
1081 --engine <name>
1082 (TLS) Select the OpenSSL crypto engine to use for cipher opera‐
1083 tions. Use --engine list to print a list of build-time supported
1084 engines. Note that not all (and possibly none) of the engines
1085 may be available at run-time.
1086
1087 Example:
1088 curl --engine flavor https://example.com
1089
1090 See also --ciphers and --curves.
1091
1092 --etag-compare <file>
1093 (HTTP) This option makes a conditional HTTP request for the spe‐
1094 cific ETag read from the given file by sending a custom If-None-
1095 Match header using the stored ETag.
1096
1097 For correct results, make sure that the specified file contains
1098 only a single line with the desired ETag. An empty file is
1099 parsed as an empty ETag.
1100
1101 Use the option --etag-save to first save the ETag from a re‐
1102 sponse, and then use this option to compare against the saved
1103 ETag in a subsequent request.
1104
1105 Example:
1106 curl --etag-compare etag.txt https://example.com
1107
1108 See also --etag-save and -z, --time-cond. Added in 7.68.0.
1109
1110 --etag-save <file>
1111 (HTTP) This option saves an HTTP ETag to the specified file. An
1112 ETag is a caching related header, usually returned in a re‐
1113 sponse.
1114
1115 If no ETag is sent by the server, an empty file is created.
1116
1117 Example:
1118 curl --etag-save storetag.txt https://example.com
1119
1120 See also --etag-compare. Added in 7.68.0.
1121
1122 --expect100-timeout <seconds>
1123 (HTTP) Maximum time in seconds that you allow curl to wait for a
1124 100-continue response when curl emits an Expects: 100-continue
1125 header in its request. By default curl will wait one second.
1126 This option accepts decimal values! When curl stops waiting, it
1127 will continue as if the response has been received.
1128
1129 Example:
1130 curl --expect100-timeout 2.5 -T file https://example.com
1131
1132 See also --connect-timeout. Added in 7.47.0.
1133
1134 --fail-early
1135 Fail and exit on the first detected transfer error.
1136
1137 When curl is used to do multiple transfers on the command line,
1138 it will attempt to operate on each given URL, one by one. By de‐
1139 fault, it will ignore errors if there are more URLs given and
1140 the last URL's success will determine the error code curl re‐
1141 turns. So early failures will be "hidden" by subsequent success‐
1142 ful transfers.
1143
1144 Using this option, curl will instead return an error on the
1145 first transfer that fails, independent of the amount of URLs
1146 that are given on the command line. This way, no transfer fail‐
1147 ures go undetected by scripts and similar.
1148
1149 This option is global and does not need to be specified for each
1150 use of -:, --next.
1151
1152 This option does not imply -f, --fail, which causes transfers to
1153 fail due to the server's HTTP status code. You can combine the
1154 two options, however note --fail is not global and is therefore
1155 contained by -:, --next.
1156
1157 Example:
1158 curl --fail-early https://example.com https://two.example
1159
1160 See also -f, --fail and --fail-with-body. Added in 7.52.0.
1161
1162 --fail-with-body
1163 (HTTP) Return an error on server errors where the HTTP response
1164 code is 400 or greater). In normal cases when an HTTP server
1165 fails to deliver a document, it returns an HTML document stating
1166 so (which often also describes why and more). This flag will
1167 still allow curl to output and save that content but also to re‐
1168 turn error 22.
1169
1170 This is an alternative option to --fail which makes curl fail
1171 for the same circumstances but without saving the content.
1172
1173 Example:
1174 curl --fail-with-body https://example.com
1175
1176 See also -f, --fail. Added in 7.76.0.
1177
1178 -f, --fail
1179 (HTTP) Fail silently (no output at all) on server errors. This
1180 is mostly done to enable scripts etc to better deal with failed
1181 attempts. In normal cases when an HTTP server fails to deliver a
1182 document, it returns an HTML document stating so (which often
1183 also describes why and more). This flag will prevent curl from
1184 outputting that and return error 22.
1185
1186 This method is not fail-safe and there are occasions where non-
1187 successful response codes will slip through, especially when au‐
1188 thentication is involved (response codes 401 and 407).
1189
1190 Example:
1191 curl --fail https://example.com
1192
1193 See also --fail-with-body.
1194
1195 --false-start
1196 (TLS) Tells curl to use false start during the TLS handshake.
1197 False start is a mode where a TLS client will start sending ap‐
1198 plication data before verifying the server's Finished message,
1199 thus saving a round trip when performing a full handshake.
1200
1201 This is currently only implemented in the NSS and Secure Trans‐
1202 port (on iOS 7.0 or later, or OS X 10.9 or later) backends.
1203
1204 Example:
1205 curl --false-start https://example.com
1206
1207 See also --tcp-fastopen. Added in 7.42.0.
1208
1209 --form-escape
1210 (HTTP) Tells curl to pass on names of multipart form fields and
1211 files using backslash-escaping instead of percent-encoding.
1212
1213 Example:
1214 curl --form-escape --form 'field\name=curl' 'file=@load"this' https://example.com
1215
1216 See also -F, --form. Added in 7.81.0.
1217
1218 --form-string <name=string>
1219 (HTTP SMTP IMAP) Similar to --form except that the value string
1220 for the named parameter is used literally. Leading '@' and '<'
1221 characters, and the ';type=' string in the value have no special
1222 meaning. Use this in preference to --form if there's any possi‐
1223 bility that the string value may accidentally trigger the '@' or
1224 '<' features of -F, --form.
1225
1226 Example:
1227 curl --form-string "data" https://example.com
1228
1229 See also -F, --form.
1230
1231 -F, --form <name=content>
1232 (HTTP SMTP IMAP) For HTTP protocol family, this lets curl emu‐
1233 late a filled-in form in which a user has pressed the submit
1234 button. This causes curl to POST data using the Content-Type
1235 multipart/form-data according to RFC 2388.
1236
1237 For SMTP and IMAP protocols, this is the means to compose a mul‐
1238 tipart mail message to transmit.
1239
1240 This enables uploading of binary files etc. To force the 'con‐
1241 tent' part to be a file, prefix the file name with an @ sign. To
1242 just get the content part from a file, prefix the file name with
1243 the symbol <. The difference between @ and < is then that @
1244 makes a file get attached in the post as a file upload, while
1245 the < makes a text field and just get the contents for that text
1246 field from a file.
1247
1248 Tell curl to read content from stdin instead of a file by using
1249 - as filename. This goes for both @ and < constructs. When stdin
1250 is used, the contents is buffered in memory first by curl to de‐
1251 termine its size and allow a possible resend. Defining a part's
1252 data from a named non-regular file (such as a named pipe or sim‐
1253 ilar) is unfortunately not subject to buffering and will be ef‐
1254 fectively read at transmission time; since the full size is un‐
1255 known before the transfer starts, such data is sent as chunks by
1256 HTTP and rejected by IMAP.
1257
1258 Example: send an image to an HTTP server, where 'profile' is the
1259 name of the form-field to which the file portrait.jpg will be
1260 the input:
1261
1262 curl -F profile=@portrait.jpg https://example.com/upload.cgi
1263
1264 Example: send your name and shoe size in two text fields to the
1265 server:
1266
1267 curl -F name=John -F shoesize=11 https://example.com/
1268
1269 Example: send your essay in a text field to the server. Send it
1270 as a plain text field, but get the contents for it from a local
1271 file:
1272
1273 curl -F "story=<hugefile.txt" https://example.com/
1274
1275 You can also tell curl what Content-Type to use by using
1276 'type=', in a manner similar to:
1277
1278 curl -F "web=@index.html;type=text/html" example.com
1279
1280 or
1281
1282 curl -F "name=daniel;type=text/foo" example.com
1283
1284 You can also explicitly change the name field of a file upload
1285 part by setting filename=, like this:
1286
1287 curl -F "file=@localfile;filename=nameinpost" example.com
1288
1289 If filename/path contains ',' or ';', it must be quoted by dou‐
1290 ble-quotes like:
1291
1292 curl -F "file=@\"local,file\";filename=\"name;in;post\"" example.com
1293
1294 or
1295
1296 curl -F 'file=@"local,file";filename="name;in;post"' example.com
1297
1298 Note that if a filename/path is quoted by double-quotes, any
1299 double-quote or backslash within the filename must be escaped by
1300 backslash.
1301
1302 Quoting must also be applied to non-file data if it contains
1303 semicolons, leading/trailing spaces or leading double quotes:
1304
1305 curl -F 'colors="red; green; blue";type=text/x-myapp' example.com
1306
1307 You can add custom headers to the field by setting headers=,
1308 like
1309
1310 curl -F "submit=OK;headers=\"X-submit-type: OK\"" example.com
1311
1312 or
1313
1314 curl -F "submit=OK;headers=@headerfile" example.com
1315
1316 The headers= keyword may appear more that once and above notes
1317 about quoting apply. When headers are read from a file, Empty
1318 lines and lines starting with '#' are comments and ignored; each
1319 header can be folded by splitting between two words and starting
1320 the continuation line with a space; embedded carriage-returns
1321 and trailing spaces are stripped. Here is an example of a
1322 header file contents:
1323
1324 # This file contain two headers.
1325 X-header-1: this is a header
1326
1327 # The following header is folded.
1328 X-header-2: this is
1329 another header
1330
1331 To support sending multipart mail messages, the syntax is ex‐
1332 tended as follows:
1333 - name can be omitted: the equal sign is the first character of
1334 the argument,
1335 - if data starts with '(', this signals to start a new multi‐
1336 part: it can be followed by a content type specification.
1337 - a multipart can be terminated with a '=)' argument.
1338
1339 Example: the following command sends an SMTP mime email consist‐
1340 ing in an inline part in two alternative formats: plain text and
1341 HTML. It attaches a text file:
1342
1343 curl -F '=(;type=multipart/alternative' \
1344 -F '=plain text message' \
1345 -F '= <body>HTML message</body>;type=text/html' \
1346 -F '=)' -F '=@textfile.txt' ... smtp://example.com
1347
1348 Data can be encoded for transfer using encoder=. Available en‐
1349 codings are binary and 8bit that do nothing else than adding the
1350 corresponding Content-Transfer-Encoding header, 7bit that only
1351 rejects 8-bit characters with a transfer error, quoted-printable
1352 and base64 that encodes data according to the corresponding
1353 schemes, limiting lines length to 76 characters.
1354
1355 Example: send multipart mail with a quoted-printable text mes‐
1356 sage and a base64 attached file:
1357
1358 curl -F '=text message;encoder=quoted-printable' \
1359 -F '=@localfile;encoder=base64' ... smtp://example.com
1360
1361 See further examples and details in the MANUAL.
1362
1363 This option can be used multiple times.
1364
1365 Example:
1366 curl --form "name=curl" --form "file=@loadthis" https://example.com
1367
1368 See also -d, --data, --form-string and --form-escape. This op‐
1369 tion overrides -d, --data and -I, --head and -T, --upload-file.
1370
1371 --ftp-account <data>
1372 (FTP) When an FTP server asks for "account data" after user name
1373 and password has been provided, this data is sent off using the
1374 ACCT command.
1375
1376 If this option is used several times, the last one will be used.
1377
1378 Example:
1379 curl --ftp-account "mr.robot" ftp://example.com/
1380
1381 See also -u, --user.
1382
1383 --ftp-alternative-to-user <command>
1384 (FTP) If authenticating with the USER and PASS commands fails,
1385 send this command. When connecting to Tumbleweed's Secure
1386 Transport server over FTPS using a client certificate, using
1387 "SITE AUTH" will tell the server to retrieve the username from
1388 the certificate.
1389
1390 Example:
1391 curl --ftp-alternative-to-user "U53r" ftp://example.com
1392
1393 See also --ftp-account and -u, --user.
1394
1395 --ftp-create-dirs
1396 (FTP SFTP) When an FTP or SFTP URL/operation uses a path that
1397 does not currently exist on the server, the standard behavior of
1398 curl is to fail. Using this option, curl will instead attempt to
1399 create missing directories.
1400
1401 Example:
1402 curl --ftp-create-dirs -T file ftp://example.com/remote/path/file
1403
1404 See also --create-dirs.
1405
1406 --ftp-method <method>
1407 (FTP) Control what method curl should use to reach a file on an
1408 FTP(S) server. The method argument should be one of the follow‐
1409 ing alternatives:
1410
1411 multicwd
1412 curl does a single CWD operation for each path part in
1413 the given URL. For deep hierarchies this means many com‐
1414 mands. This is how RFC 1738 says it should be done. This
1415 is the default but the slowest behavior.
1416
1417 nocwd curl does no CWD at all. curl will do SIZE, RETR, STOR
1418 etc and give a full path to the server for all these com‐
1419 mands. This is the fastest behavior.
1420
1421 singlecwd
1422 curl does one CWD with the full target directory and then
1423 operates on the file "normally" (like in the multicwd
1424 case). This is somewhat more standards compliant than
1425 'nocwd' but without the full penalty of 'multicwd'.
1426
1427 Examples:
1428 curl --ftp-method multicwd ftp://example.com/dir1/dir2/file
1429 curl --ftp-method nocwd ftp://example.com/dir1/dir2/file
1430 curl --ftp-method singlecwd ftp://example.com/dir1/dir2/file
1431
1432 See also -l, --list-only.
1433
1434 --ftp-pasv
1435 (FTP) Use passive mode for the data connection. Passive is the
1436 internal default behavior, but using this option can be used to
1437 override a previous --ftp-port option.
1438
1439 If this option is used several times, only the first one is
1440 used. Undoing an enforced passive really is not doable but you
1441 must then instead enforce the correct --ftp-port again.
1442
1443 Passive mode means that curl will try the EPSV command first and
1444 then PASV, unless --disable-epsv is used.
1445
1446 Example:
1447 curl --ftp-pasv ftp://example.com/
1448
1449 See also --disable-epsv.
1450
1451 -P, --ftp-port <address>
1452 (FTP) Reverses the default initiator/listener roles when con‐
1453 necting with FTP. This option makes curl use active mode. curl
1454 then tells the server to connect back to the client's specified
1455 address and port, while passive mode asks the server to setup an
1456 IP address and port for it to connect to. <address> should be
1457 one of:
1458
1459 interface
1460 e.g. "eth0" to specify which interface's IP address you
1461 want to use (Unix only)
1462
1463 IP address
1464 e.g. "192.168.10.1" to specify the exact IP address
1465
1466 host name
1467 e.g. "my.host.domain" to specify the machine
1468
1469 - make curl pick the same IP address that is already used
1470 for the control connection
1471
1472 If this option is used several times, the last one will be used. Dis‐
1473 able the use of PORT with --ftp-pasv. Disable the attempt to use the
1474 EPRT command instead of PORT by using --disable-eprt. EPRT is really
1475 PORT++.
1476
1477 You can also append ":[start]-[end]" to the right of the address, to
1478 tell curl what TCP port range to use. That means you specify a port
1479 range, from a lower to a higher number. A single number works as well,
1480 but do note that it increases the risk of failure since the port may
1481 not be available.
1482
1483
1484 Examples:
1485 curl -P - ftp:/example.com
1486 curl -P eth0 ftp:/example.com
1487 curl -P 192.168.0.2 ftp:/example.com
1488
1489 See also --ftp-pasv and --disable-eprt.
1490
1491 --ftp-pret
1492 (FTP) Tell curl to send a PRET command before PASV (and EPSV).
1493 Certain FTP servers, mainly drftpd, require this non-standard
1494 command for directory listings as well as up and downloads in
1495 PASV mode.
1496
1497 Example:
1498 curl --ftp-pret ftp://example.com/
1499
1500 See also -P, --ftp-port and --ftp-pasv.
1501
1502 --ftp-skip-pasv-ip
1503 (FTP) Tell curl to not use the IP address the server suggests in
1504 its response to curl's PASV command when curl connects the data
1505 connection. Instead curl will re-use the same IP address it al‐
1506 ready uses for the control connection.
1507
1508 Since curl 7.74.0 this option is enabled by default.
1509
1510 This option has no effect if PORT, EPRT or EPSV is used instead
1511 of PASV.
1512
1513 Example:
1514 curl --ftp-skip-pasv-ip ftp://example.com/
1515
1516 See also --ftp-pasv.
1517
1518 --ftp-ssl-ccc-mode <active/passive>
1519 (FTP) Sets the CCC mode. The passive mode will not initiate the
1520 shutdown, but instead wait for the server to do it, and will not
1521 reply to the shutdown from the server. The active mode initiates
1522 the shutdown and waits for a reply from the server.
1523
1524 Example:
1525 curl --ftp-ssl-ccc-mode active --ftp-ssl-ccc ftps://example.com/
1526
1527 See also --ftp-ssl-ccc.
1528
1529 --ftp-ssl-ccc
1530 (FTP) Use CCC (Clear Command Channel) Shuts down the SSL/TLS
1531 layer after authenticating. The rest of the control channel com‐
1532 munication will be unencrypted. This allows NAT routers to fol‐
1533 low the FTP transaction. The default mode is passive.
1534
1535 Example:
1536 curl --ftp-ssl-ccc ftps://example.com/
1537
1538 See also --ssl and --ftp-ssl-ccc-mode.
1539
1540 --ftp-ssl-control
1541 (FTP) Require SSL/TLS for the FTP login, clear for transfer.
1542 Allows secure authentication, but non-encrypted data transfers
1543 for efficiency. Fails the transfer if the server does not sup‐
1544 port SSL/TLS.
1545
1546 Example:
1547 curl --ftp-ssl-control ftp://example.com
1548
1549 See also --ssl.
1550
1551 -G, --get
1552 When used, this option will make all data specified with -d,
1553 --data, --data-binary or --data-urlencode to be used in an HTTP
1554 GET request instead of the POST request that otherwise would be
1555 used. The data will be appended to the URL with a '?' separator.
1556
1557 If used in combination with -I, --head, the POST data will in‐
1558 stead be appended to the URL with a HEAD request.
1559
1560 If this option is used several times, only the first one is
1561 used. This is because undoing a GET does not make sense, but you
1562 should then instead enforce the alternative method you prefer.
1563
1564 Examples:
1565 curl --get https://example.com
1566 curl --get -d "tool=curl" -d "age=old" https://example.com
1567 curl --get -I -d "tool=curl" https://example.com
1568
1569 See also -d, --data and -X, --request.
1570
1571 -g, --globoff
1572 This option switches off the "URL globbing parser". When you set
1573 this option, you can specify URLs that contain the letters {}[]
1574 without having curl itself interpret them. Note that these let‐
1575 ters are not normal legal URL contents but they should be en‐
1576 coded according to the URI standard.
1577
1578 Example:
1579 curl -g "https://example.com/{[]}}}}"
1580
1581 See also -K, --config and -q, --disable.
1582
1583 --happy-eyeballs-timeout-ms <milliseconds>
1584 Happy Eyeballs is an algorithm that attempts to connect to both
1585 IPv4 and IPv6 addresses for dual-stack hosts, giving IPv6 a
1586 head-start of the specified number of milliseconds. If the IPv6
1587 address cannot be connected to within that time, then a connec‐
1588 tion attempt is made to the IPv4 address in parallel. The first
1589 connection to be established is the one that is used.
1590
1591 The range of suggested useful values is limited. Happy Eyeballs
1592 RFC 6555 says "It is RECOMMENDED that connection attempts be
1593 paced 150-250 ms apart to balance human factors against network
1594 load." libcurl currently defaults to 200 ms. Firefox and Chrome
1595 currently default to 300 ms.
1596
1597 If this option is used several times, the last one will be used.
1598
1599 Example:
1600 curl --happy-eyeballs-timeout-ms 500 https://example.com
1601
1602 See also -m, --max-time and --connect-timeout. Added in 7.59.0.
1603
1604 --haproxy-protocol
1605 (HTTP) Send a HAProxy PROXY protocol v1 header at the beginning
1606 of the connection. This is used by some load balancers and re‐
1607 verse proxies to indicate the client's true IP address and port.
1608
1609 This option is primarily useful when sending test requests to a
1610 service that expects this header.
1611
1612 Example:
1613 curl --haproxy-protocol https://example.com
1614
1615 See also -x, --proxy. Added in 7.60.0.
1616
1617 -I, --head
1618 (HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the
1619 command HEAD which this uses to get nothing but the header of a
1620 document. When used on an FTP or FILE file, curl displays the
1621 file size and last modification time only.
1622
1623 Example:
1624 curl -I https://example.com
1625
1626 See also -G, --get, -v, --verbose and --trace-ascii.
1627
1628 -H, --header <header/@file>
1629 (HTTP) Extra header to include in the request when sending HTTP
1630 to a server. You may specify any number of extra headers. Note
1631 that if you should add a custom header that has the same name as
1632 one of the internal ones curl would use, your externally set
1633 header will be used instead of the internal one. This allows you
1634 to make even trickier stuff than curl would normally do. You
1635 should not replace internally set headers without knowing per‐
1636 fectly well what you are doing. Remove an internal header by
1637 giving a replacement without content on the right side of the
1638 colon, as in: -H "Host:". If you send the custom header with no-
1639 value then its header must be terminated with a semicolon, such
1640 as -H "X-Custom-Header;" to send "X-Custom-Header:".
1641
1642 curl will make sure that each header you add/replace is sent
1643 with the proper end-of-line marker, you should thus not add that
1644 as a part of the header content: do not add newlines or carriage
1645 returns, they will only mess things up for you.
1646
1647 This option can take an argument in @filename style, which then
1648 adds a header for each line in the input file. Using @- will
1649 make curl read the header file from stdin. Added in 7.55.0.
1650
1651 You need --proxy-header to send custom headers intended for a
1652 HTTP proxy. Added in 7.37.0.
1653
1654 Passing on a "Transfer-Encoding: chunked" header when doing a
1655 HTTP request with a request body, will make curl send the data
1656 using chunked encoding.
1657
1658 WARNING: headers set with this option will be set in all re‐
1659 quests - even after redirects are followed, like when told with
1660 -L, --location. This can lead to the header being sent to other
1661 hosts than the original host, so sensitive headers should be
1662 used with caution combined with following redirects.
1663
1664 This option can be used multiple times to add/replace/remove
1665 multiple headers.
1666
1667 Examples:
1668 curl -H "X-First-Name: Joe" https://example.com
1669 curl -H "User-Agent: yes-please/2000" https://example.com
1670 curl -H "Host:" https://example.com
1671
1672 See also -A, --user-agent and -e, --referer.
1673
1674 -h, --help <category>
1675 Usage help. This lists all commands of the <category>. If no
1676 arg was provided, curl will display the most important command
1677 line arguments. If the argument "all" was provided, curl will
1678 display all options available. If the argument "category" was
1679 provided, curl will display all categories and their meanings.
1680
1681 Example:
1682 curl --help all
1683
1684 See also -v, --verbose.
1685
1686 --hostpubmd5 <md5>
1687 (SFTP SCP) Pass a string containing 32 hexadecimal digits. The
1688 string should be the 128 bit MD5 checksum of the remote host's
1689 public key, curl will refuse the connection with the host unless
1690 the md5sums match.
1691
1692 Example:
1693 curl --hostpubmd5 e5c1c49020640a5ab0f2034854c321a8 sftp://example.com/
1694
1695 See also --hostpubsha256.
1696
1697 --hostpubsha256 <sha256>
1698 (SFTP SCP) Pass a string containing a Base64-encoded SHA256 hash
1699 of the remote host's public key. Curl will refuse the connection
1700 with the host unless the hashes match.
1701
1702 Example:
1703 curl --hostpubsha256 NDVkMTQxMGQ1ODdmMjQ3MjczYjAyOTY5MmRkMjVmNDQ= sftp://example.com/
1704
1705 See also --hostpubmd5. Added in 7.80.0.
1706
1707 --hsts <file name>
1708 (HTTPS) This option enables HSTS for the transfer. If the file
1709 name points to an existing HSTS cache file, that will be used.
1710 After a completed transfer, the cache will be saved to the file
1711 name again if it has been modified.
1712
1713 Specify a "" file name (zero length) to avoid loading/saving and
1714 make curl just handle HSTS in memory.
1715
1716 If this option is used several times, curl will load contents
1717 from all the files but the last one will be used for saving.
1718
1719 Example:
1720 curl --hsts cache.txt https://example.com
1721
1722 See also --proto. Added in 7.74.0.
1723
1724 --http0.9
1725 (HTTP) Tells curl to be fine with HTTP version 0.9 response.
1726
1727 HTTP/0.9 is a completely headerless response and therefore you
1728 can also connect with this to non-HTTP servers and still get a
1729 response since curl will simply transparently downgrade - if al‐
1730 lowed.
1731
1732 Since curl 7.66.0, HTTP/0.9 is disabled by default.
1733
1734 Example:
1735 curl --http0.9 https://example.com
1736
1737 See also --http1.1, --http2 and --http3. Added in 7.64.0.
1738
1739 -0, --http1.0
1740 (HTTP) Tells curl to use HTTP version 1.0 instead of using its
1741 internally preferred HTTP version.
1742
1743 Example:
1744 curl --http1.0 https://example.com
1745
1746 See also --http0.9 and --http1.1. This option overrides
1747 --http1.1 and --http2 and --http2-prior-knowledge and --http3.
1748
1749 --http1.1
1750 (HTTP) Tells curl to use HTTP version 1.1.
1751
1752 Example:
1753 curl --http1.1 https://example.com
1754
1755 See also -0, --http1.0 and --http0.9. This option overrides -0,
1756 --http1.0 and --http2 and --http2-prior-knowledge and --http3.
1757 Added in 7.33.0.
1758
1759 --http2-prior-knowledge
1760 (HTTP) Tells curl to issue its non-TLS HTTP requests using
1761 HTTP/2 without HTTP/1.1 Upgrade. It requires prior knowledge
1762 that the server supports HTTP/2 straight away. HTTPS requests
1763 will still do HTTP/2 the standard way with negotiated protocol
1764 version in the TLS handshake.
1765
1766 Example:
1767 curl --http2-prior-knowledge https://example.com
1768
1769 See also --http2 and --http3. --http2-prior-knowledge requires
1770 that the underlying libcurl was built to support HTTP/2. This
1771 option overrides --http1.1 and -0, --http1.0 and --http2 and
1772 --http3. Added in 7.49.0.
1773
1774 --http2
1775 (HTTP) Tells curl to use HTTP version 2.
1776
1777 For HTTPS, this means curl will attempt to negotiate HTTP/2 in
1778 the TLS handshake. curl does this by default.
1779
1780 For HTTP, this means curl will attempt to upgrade the request to
1781 HTTP/2 using the Upgrade: request header.
1782
1783 When curl uses HTTP/2 over HTTPS, it does not itself insist on
1784 TLS 1.2 or higher even though that is required by the specifica‐
1785 tion. A user can add this version requirement with --tlsv1.2.
1786
1787 Example:
1788 curl --http2 https://example.com
1789
1790 See also --http1.1 and --http3. --http2 requires that the under‐
1791 lying libcurl was built to support HTTP/2. This option overrides
1792 --http1.1 and -0, --http1.0 and --http2-prior-knowledge and
1793 --http3. Added in 7.33.0.
1794
1795 --http3
1796 (HTTP) WARNING: this option is experimental. Do not use in pro‐
1797 duction.
1798
1799 Tells curl to use HTTP version 3 directly to the host and port
1800 number used in the URL. A normal HTTP/3 transaction will be done
1801 to a host and then get redirected via Alt-Svc, but this option
1802 allows a user to circumvent that when you know that the target
1803 speaks HTTP/3 on the given host and port.
1804
1805 This option will make curl fail if a QUIC connection cannot be
1806 established, it cannot fall back to a lower HTTP version on its
1807 own.
1808
1809 Example:
1810 curl --http3 https://example.com
1811
1812 See also --http1.1 and --http2. --http3 requires that the under‐
1813 lying libcurl was built to support HTTP/3. This option overrides
1814 --http1.1 and -0, --http1.0 and --http2 and --http2-prior-knowl‐
1815 edge. Added in 7.66.0.
1816
1817 --ignore-content-length
1818 (FTP HTTP) For HTTP, Ignore the Content-Length header. This is
1819 particularly useful for servers running Apache 1.x, which will
1820 report incorrect Content-Length for files larger than 2 giga‐
1821 bytes.
1822
1823 For FTP (since 7.46.0), skip the RETR command to figure out the
1824 size before downloading a file.
1825
1826 This option does not work for HTTP if libcurl was built to use
1827 hyper.
1828
1829 Example:
1830 curl --ignore-content-length https://example.com
1831
1832 See also --ftp-skip-pasv-ip.
1833
1834 -i, --include
1835 Include the HTTP response headers in the output. The HTTP re‐
1836 sponse headers can include things like server name, cookies,
1837 date of the document, HTTP version and more...
1838
1839 To view the request headers, consider the --verbose option.
1840
1841 Example:
1842 curl -i https://example.com
1843
1844 See also -v, --verbose.
1845
1846 -k, --insecure
1847 (TLS SFTP SCP) By default, every secure connection curl makes is
1848 verified to be secure before the transfer takes place. This op‐
1849 tion makes curl skip the verification step and proceed without
1850 checking.
1851
1852 When this option is not used for protocols using TLS, curl veri‐
1853 fies the server's TLS certificate before it continues: that the
1854 certificate contains the right name which matches the host name
1855 used in the URL and that the certificate has been signed by a CA
1856 certificate present in the cert store. See this online resource
1857 for further details:
1858 https://curl.se/docs/sslcerts.html
1859
1860 For SFTP and SCP, this option makes curl skip the known_hosts
1861 verification. known_hosts is a file normally stored in the
1862 user's home directory in the .ssh subdirectory, which contains
1863 host names and their public keys.
1864
1865 WARNING: using this option makes the transfer insecure.
1866
1867 Example:
1868 curl --insecure https://example.com
1869
1870 See also --proxy-insecure, --cacert and --capath.
1871
1872 --interface <name>
1873 Perform an operation using a specified interface. You can enter
1874 interface name, IP address or host name. An example could look
1875 like:
1876
1877 curl --interface eth0:1 https://www.example.com/
1878
1879 If this option is used several times, the last one will be used.
1880
1881 On Linux it can be used to specify a VRF, but the binary needs
1882 to either have CAP_NET_RAW or to be run as root. More informa‐
1883 tion about Linux VRF: https://www.kernel.org/doc/Documenta‐
1884 tion/networking/vrf.txt
1885
1886 Example:
1887 curl --interface eth0 https://example.com
1888
1889 See also --dns-interface.
1890
1891 -4, --ipv4
1892 This option tells curl to resolve names to IPv4 addresses only,
1893 and not for example try IPv6.
1894
1895 Example:
1896 curl --ipv4 https://example.com
1897
1898 See also --http1.1 and --http2. This option overrides -6,
1899 --ipv6.
1900
1901 -6, --ipv6
1902 This option tells curl to resolve names to IPv6 addresses only,
1903 and not for example try IPv4.
1904
1905 Example:
1906 curl --ipv6 https://example.com
1907
1908 See also --http1.1 and --http2. This option overrides -4,
1909 --ipv4.
1910
1911 --json <data>
1912 (HTTP) Sends the specified JSON data in a POST request to the
1913 HTTP server. --json works as a shortcut for passing on these
1914 three options:
1915
1916 --data [arg]
1917 --header "Content-Type: application/json"
1918 --header "Accept: application/json"
1919
1920 There is no verification that the passed in data is actual JSON
1921 or that the syntax is correct.
1922
1923 If you start the data with the letter @, the rest should be a
1924 file name to read the data from, or a single dash (-) if you
1925 want curl to read the data from stdin. Posting data from a file
1926 named 'foobar' would thus be done with --json @foobar and to in‐
1927 stead read the data from stdin, use --json @-.
1928
1929 If this option is used more than once on the same command line,
1930 the additional data pieces will be concatenated to the previous
1931 before sending.
1932
1933 The headers this option sets can be overriden with --header as
1934 usual.
1935
1936 Examples:
1937 curl --json '{ "drink": "coffe" }' https://example.com
1938 curl --json '{ "drink":' --json ' "coffe" }' https://example.com
1939 curl --json @prepared https://example.com
1940 curl --json @- https://example.com < json.txt
1941
1942 See also --data-binary and --data-raw. This option overrides -F,
1943 --form and -I, --head and -T, --upload-file. Added in 7.82.0.
1944
1945 -j, --junk-session-cookies
1946 (HTTP) When curl is told to read cookies from a given file, this
1947 option will make it discard all "session cookies". This will ba‐
1948 sically have the same effect as if a new session is started.
1949 Typical browsers always discard session cookies when they are
1950 closed down.
1951
1952 Example:
1953 curl --junk-session-cookies -b cookies.txt https://example.com
1954
1955 See also -b, --cookie and -c, --cookie-jar.
1956
1957 --keepalive-time <seconds>
1958 This option sets the time a connection needs to remain idle be‐
1959 fore sending keepalive probes and the time between individual
1960 keepalive probes. It is currently effective on operating systems
1961 offering the TCP_KEEPIDLE and TCP_KEEPINTVL socket options
1962 (meaning Linux, recent AIX, HP-UX and more). This option has no
1963 effect if --no-keepalive is used.
1964
1965 If this option is used several times, the last one will be used.
1966 If unspecified, the option defaults to 60 seconds.
1967
1968 Example:
1969 curl --keepalive-time 20 https://example.com
1970
1971 See also --no-keepalive and -m, --max-time.
1972
1973 --key-type <type>
1974 (TLS) Private key file type. Specify which type your --key pro‐
1975 vided private key is. DER, PEM, and ENG are supported. If not
1976 specified, PEM is assumed.
1977
1978 If this option is used several times, the last one will be used.
1979
1980 Example:
1981 curl --key-type DER --key here https://example.com
1982
1983 See also --key.
1984
1985 --key <key>
1986 (TLS SSH) Private key file name. Allows you to provide your pri‐
1987 vate key in this separate file. For SSH, if not specified, curl
1988 tries the following candidates in order: '~/.ssh/id_rsa',
1989 '~/.ssh/id_dsa', './id_rsa', './id_dsa'.
1990
1991 If curl is built against OpenSSL library, and the engine pkcs11
1992 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
1993 ify a private key located in a PKCS#11 device. A string begin‐
1994 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
1995 PKCS#11 URI is provided, then the --engine option will be set as
1996 "pkcs11" if none was provided and the --key-type option will be
1997 set as "ENG" if none was provided.
1998
1999 If this option is used several times, the last one will be used.
2000
2001 Example:
2002 curl --cert certificate --key here https://example.com
2003
2004 See also --key-type and -E, --cert.
2005
2006 --krb <level>
2007 (FTP) Enable Kerberos authentication and use. The level must be
2008 entered and should be one of 'clear', 'safe', 'confidential', or
2009 'private'. Should you use a level that is not one of these,
2010 'private' will instead be used.
2011
2012 If this option is used several times, the last one will be used.
2013
2014 Example:
2015 curl --krb clear ftp://example.com/
2016
2017 See also --delegation and --ssl. --krb requires that the under‐
2018 lying libcurl was built to support Kerberos.
2019
2020 --libcurl <file>
2021 Append this option to any ordinary curl command line, and you
2022 will get libcurl-using C source code written to the file that
2023 does the equivalent of what your command-line operation does!
2024
2025 This option is global and does not need to be specified for each
2026 use of -:, --next.
2027
2028 If this option is used several times, the last given file name
2029 will be used.
2030
2031 Example:
2032 curl --libcurl client.c https://example.com
2033
2034 See also -v, --verbose.
2035
2036 --limit-rate <speed>
2037 Specify the maximum transfer rate you want curl to use - for
2038 both downloads and uploads. This feature is useful if you have a
2039 limited pipe and you would like your transfer not to use your
2040 entire bandwidth. To make it slower than it otherwise would be.
2041
2042 The given speed is measured in bytes/second, unless a suffix is
2043 appended. Appending 'k' or 'K' will count the number as kilo‐
2044 bytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it
2045 gigabytes. The suffixes (k, M, G, T, P) are 1024 based. For ex‐
2046 ample 1k is 1024. Examples: 200K, 3m and 1G.
2047
2048 The rate limiting logic works on averaging the transfer speed to
2049 no more than the set threshold over a period of multiple sec‐
2050 onds.
2051
2052 If you also use the --speed-limit option, that option will take
2053 precedence and might cripple the rate-limiting slightly, to help
2054 keeping the speed-limit logic working.
2055
2056 If this option is used several times, the last one will be used.
2057
2058 Examples:
2059 curl --limit-rate 100K https://example.com
2060 curl --limit-rate 1000 https://example.com
2061 curl --limit-rate 10M https://example.com
2062
2063 See also -Y, --speed-limit and -y, --speed-time.
2064
2065 -l, --list-only
2066 (FTP POP3) (FTP) When listing an FTP directory, this switch
2067 forces a name-only view. This is especially useful if the user
2068 wants to machine-parse the contents of an FTP directory since
2069 the normal directory view does not use a standard look or for‐
2070 mat. When used like this, the option causes an NLST command to
2071 be sent to the server instead of LIST.
2072
2073 Note: Some FTP servers list only files in their response to
2074 NLST; they do not include sub-directories and symbolic links.
2075
2076 (POP3) When retrieving a specific email from POP3, this switch
2077 forces a LIST command to be performed instead of RETR. This is
2078 particularly useful if the user wants to see if a specific mes‐
2079 sage-id exists on the server and what size it is.
2080
2081 Note: When combined with -X, --request, this option can be used
2082 to send a UIDL command instead, so the user may use the email's
2083 unique identifier rather than its message-id to make the re‐
2084 quest.
2085
2086 Example:
2087 curl --list-only ftp://example.com/dir/
2088
2089 See also -Q, --quote and -X, --request.
2090
2091 --local-port <num/range>
2092 Set a preferred single number or range (FROM-TO) of local port
2093 numbers to use for the connection(s). Note that port numbers by
2094 nature are a scarce resource that will be busy at times so set‐
2095 ting this range to something too narrow might cause unnecessary
2096 connection setup failures.
2097
2098 Example:
2099 curl --local-port 1000-3000 https://example.com
2100
2101 See also -g, --globoff.
2102
2103 --location-trusted
2104 (HTTP) Like -L, --location, but will allow sending the name +
2105 password to all hosts that the site may redirect to. This may or
2106 may not introduce a security breach if the site redirects you to
2107 a site to which you will send your authentication info (which is
2108 plaintext in the case of HTTP Basic authentication).
2109
2110 Example:
2111 curl --location-trusted -u user:password https://example.com
2112
2113 See also -u, --user.
2114
2115 -L, --location
2116 (HTTP) If the server reports that the requested page has moved
2117 to a different location (indicated with a Location: header and a
2118 3XX response code), this option will make curl redo the request
2119 on the new place. If used together with --include or -I, --head,
2120 headers from all requested pages will be shown. When authentica‐
2121 tion is used, curl only sends its credentials to the initial
2122 host. If a redirect takes curl to a different host, it will not
2123 be able to intercept the user+password. See also --location-
2124 trusted on how to change this. You can limit the amount of redi‐
2125 rects to follow by using the --max-redirs option.
2126
2127 When curl follows a redirect and if the request is a POST, it
2128 will send the following request with a GET if the HTTP response
2129 was 301, 302, or 303. If the response code was any other 3xx
2130 code, curl will re-send the following request using the same un‐
2131 modified method.
2132
2133 You can tell curl to not change POST requests to GET after a 30x
2134 response by using the dedicated options for that: --post301,
2135 --post302 and --post303.
2136
2137 The method set with --request overrides the method curl would
2138 otherwise select to use.
2139
2140 Example:
2141 curl -L https://example.com
2142
2143 See also --resolve and --alt-svc.
2144
2145 --login-options <options>
2146 (IMAP LDAP POP3 SMTP) Specify the login options to use during
2147 server authentication.
2148
2149 You can use login options to specify protocol specific options
2150 that may be used during authentication. At present only IMAP,
2151 POP3 and SMTP support login options. For more information about
2152 login options please see RFC 2384, RFC 5092 and IETF draft
2153 draft-earhart-url-smtp-00.txt
2154
2155 If this option is used several times, the last one will be used.
2156
2157 Example:
2158 curl --login-options 'AUTH=*' imap://example.com
2159
2160 See also -u, --user. Added in 7.34.0.
2161
2162 --mail-auth <address>
2163 (SMTP) Specify a single address. This will be used to specify
2164 the authentication address (identity) of a submitted message
2165 that is being relayed to another server.
2166
2167 Example:
2168 curl --mail-auth user@example.come -T mail smtp://example.com/
2169
2170 See also --mail-rcpt and --mail-from.
2171
2172 --mail-from <address>
2173 (SMTP) Specify a single address that the given mail should get
2174 sent from.
2175
2176 Example:
2177 curl --mail-from user@example.com -T mail smtp://example.com/
2178
2179 See also --mail-rcpt and --mail-auth.
2180
2181 --mail-rcpt-allowfails
2182 (SMTP) When sending data to multiple recipients, by default curl
2183 will abort SMTP conversation if at least one of the recipients
2184 causes RCPT TO command to return an error.
2185
2186 The default behavior can be changed by passing --mail-rcpt-al‐
2187 lowfails command-line option which will make curl ignore errors
2188 and proceed with the remaining valid recipients.
2189
2190 If all recipients trigger RCPT TO failures and this flag is
2191 specified, curl will still abort the SMTP conversation and re‐
2192 turn the error received from to the last RCPT TO command.
2193
2194 Example:
2195 curl --mail-rcpt-allowfails --mail-rcpt dest@example.com smtp://example.com
2196
2197 See also --mail-rcpt. Added in 7.69.0.
2198
2199 --mail-rcpt <address>
2200 (SMTP) Specify a single email address, user name or mailing list
2201 name. Repeat this option several times to send to multiple re‐
2202 cipients.
2203
2204 When performing an address verification (VRFY command), the re‐
2205 cipient should be specified as the user name or user name and
2206 domain (as per Section 3.5 of RFC5321). (Added in 7.34.0)
2207
2208 When performing a mailing list expand (EXPN command), the recip‐
2209 ient should be specified using the mailing list name, such as
2210 "Friends" or "London-Office". (Added in 7.34.0)
2211
2212 Example:
2213 curl --mail-rcpt user@example.net smtp://example.com
2214
2215 See also --mail-rcpt-allowfails.
2216
2217 -M, --manual
2218 Manual. Display the huge help text.
2219
2220 Example:
2221 curl --manual
2222
2223 See also -v, --verbose, --libcurl and --trace.
2224
2225 --max-filesize <bytes>
2226 (FTP HTTP MQTT) Specify the maximum size (in bytes) of a file to
2227 download. If the file requested is larger than this value, the
2228 transfer will not start and curl will return with exit code 63.
2229
2230 A size modifier may be used. For example, Appending 'k' or 'K'
2231 will count the number as kilobytes, 'm' or 'M' makes it
2232 megabytes, while 'g' or 'G' makes it gigabytes. Examples: 200K,
2233 3m and 1G. (Added in 7.58.0)
2234
2235 NOTE: The file size is not always known prior to download, and
2236 for such files this option has no effect even if the file trans‐
2237 fer ends up being larger than this given limit. Example:
2238 curl --max-filesize 100K https://example.com
2239
2240 See also --limit-rate.
2241
2242 --max-redirs <num>
2243 (HTTP) Set maximum number of redirections to follow. When --lo‐
2244 cation is used, to prevent curl from following too many redi‐
2245 rects, by default, the limit is set to 50 redirects. Set this
2246 option to -1 to make it unlimited.
2247
2248 If this option is used several times, the last one will be used.
2249
2250 Example:
2251 curl --max-redirs 3 --location https://example.com
2252
2253 See also -L, --location.
2254
2255 -m, --max-time <fractional seconds>
2256 Maximum time in seconds that you allow the whole operation to
2257 take. This is useful for preventing your batch jobs from hang‐
2258 ing for hours due to slow networks or links going down. Since
2259 7.32.0, this option accepts decimal values, but the actual time‐
2260 out will decrease in accuracy as the specified timeout increases
2261 in decimal precision.
2262
2263 If this option is used several times, the last one will be used.
2264
2265 Examples:
2266 curl --max-time 10 https://example.com
2267 curl --max-time 2.92 https://example.com
2268
2269 See also --connect-timeout.
2270
2271 --metalink
2272 This option was previously used to specify a metalink resource.
2273 Metalink support has been disabled in curl since 7.78.0 for se‐
2274 curity reasons.
2275
2276 Example:
2277 curl --metalink file https://example.com
2278
2279 See also -Z, --parallel.
2280
2281 --negotiate
2282 (HTTP) Enables Negotiate (SPNEGO) authentication.
2283
2284 This option requires a library built with GSS-API or SSPI sup‐
2285 port. Use --version to see if your curl supports GSS-API/SSPI or
2286 SPNEGO.
2287
2288 When using this option, you must also provide a fake --user op‐
2289 tion to activate the authentication code properly. Sending a '-u
2290 :' is enough as the user name and password from the --user op‐
2291 tion are not actually used.
2292
2293 If this option is used several times, only the first one is
2294 used.
2295
2296 Example:
2297 curl --negotiate -u : https://example.com
2298
2299 See also --basic, --ntlm, --anyauth and --proxy-negotiate.
2300
2301 --netrc-file <filename>
2302 This option is similar to -n, --netrc, except that you provide
2303 the path (absolute or relative) to the netrc file that curl
2304 should use. You can only specify one netrc file per invocation.
2305 If several --netrc-file options are provided, the last one will
2306 be used.
2307
2308 It will abide by --netrc-optional if specified.
2309
2310 Example:
2311 curl --netrc-file netrc https://example.com
2312
2313 See also -n, --netrc, -u, --user and -K, --config. This option
2314 overrides -n, --netrc.
2315
2316 --netrc-optional
2317 Similar to -n, --netrc, but this option makes the .netrc usage
2318 optional and not mandatory as the --netrc option does.
2319
2320 Example:
2321 curl --netrc-optional https://example.com
2322
2323 See also --netrc-file. This option overrides -n, --netrc.
2324
2325 -n, --netrc
2326 Makes curl scan the .netrc (_netrc on Windows) file in the
2327 user's home directory for login name and password. This is typi‐
2328 cally used for FTP on Unix. If used with HTTP, curl will enable
2329 user authentication. See netrc(5) and ftp(1) for details on the
2330 file format. Curl will not complain if that file does not have
2331 the right permissions (it should be neither world- nor group-
2332 readable). The environment variable "HOME" is used to find the
2333 home directory.
2334
2335 A quick and simple example of how to setup a .netrc to allow
2336 curl to FTP to the machine host.domain.com with user name 'my‐
2337 self' and password 'secret' could look similar to:
2338
2339 machine host.domain.com
2340 login myself
2341 password secret"
2342
2343 Example:
2344 curl --netrc https://example.com
2345
2346 See also --netrc-file, -K, --config and -u, --user.
2347
2348 -:, --next
2349 Tells curl to use a separate operation for the following URL and
2350 associated options. This allows you to send several URL re‐
2351 quests, each with their own specific options, for example, such
2352 as different user names or custom requests for each.
2353
2354 --next will reset all local options and only global ones will
2355 have their values survive over to the operation following the
2356 --next instruction. Global options include -v, --verbose,
2357 --trace, --trace-ascii and --fail-early.
2358
2359 For example, you can do both a GET and a POST in a single com‐
2360 mand line:
2361
2362 curl www1.example.com --next -d postthis www2.example.com
2363
2364 Examples:
2365 curl https://example.com --next -d postthis www2.example.com
2366 curl -I https://example.com --next https://example.net/
2367
2368 See also -Z, --parallel and -K, --config. Added in 7.36.0.
2369
2370 --no-alpn
2371 (HTTPS) Disable the ALPN TLS extension. ALPN is enabled by de‐
2372 fault if libcurl was built with an SSL library that supports
2373 ALPN. ALPN is used by a libcurl that supports HTTP/2 to negoti‐
2374 ate HTTP/2 support with the server during https sessions.
2375
2376 Example:
2377 curl --no-alpn https://example.com
2378
2379 See also --no-npn and --http2. --no-alpn requires that the un‐
2380 derlying libcurl was built to support TLS. Added in 7.36.0.
2381
2382 -N, --no-buffer
2383 Disables the buffering of the output stream. In normal work sit‐
2384 uations, curl will use a standard buffered output stream that
2385 will have the effect that it will output the data in chunks, not
2386 necessarily exactly when the data arrives. Using this option
2387 will disable that buffering.
2388
2389 Note that this is the negated option name documented. You can
2390 thus use --buffer to enforce the buffering.
2391
2392 Example:
2393 curl --no-buffer https://example.com
2394
2395 See also -#, --progress-bar.
2396
2397 --no-keepalive
2398 Disables the use of keepalive messages on the TCP connection.
2399 curl otherwise enables them by default.
2400
2401 Note that this is the negated option name documented. You can
2402 thus use --keepalive to enforce keepalive.
2403
2404 Example:
2405 curl --no-keepalive https://example.com
2406
2407 See also --keepalive-time.
2408
2409 --no-npn
2410 (HTTPS) Disable the NPN TLS extension. NPN is enabled by default
2411 if libcurl was built with an SSL library that supports NPN. NPN
2412 is used by a libcurl that supports HTTP/2 to negotiate HTTP/2
2413 support with the server during https sessions.
2414
2415 Example:
2416 curl --no-npn https://example.com
2417
2418 See also --no-alpn and --http2. --no-npn requires that the un‐
2419 derlying libcurl was built to support TLS. Added in 7.36.0.
2420
2421 --no-progress-meter
2422 Option to switch off the progress meter output without muting or
2423 otherwise affecting warning and informational messages like
2424 --silent does.
2425
2426 Note that this is the negated option name documented. You can
2427 thus use --progress-meter to enable the progress meter again.
2428
2429 Example:
2430 curl --no-progress-meter -o store https://example.com
2431
2432 See also -v, --verbose and -s, --silent. Added in 7.67.0.
2433
2434 --no-sessionid
2435 (TLS) Disable curl's use of SSL session-ID caching. By default
2436 all transfers are done using the cache. Note that while nothing
2437 should ever get hurt by attempting to reuse SSL session-IDs,
2438 there seem to be broken SSL implementations in the wild that may
2439 require you to disable this in order for you to succeed.
2440
2441 Note that this is the negated option name documented. You can
2442 thus use --sessionid to enforce session-ID caching.
2443
2444 Example:
2445 curl --no-sessionid https://example.com
2446
2447 See also -k, --insecure.
2448
2449 --noproxy <no-proxy-list>
2450 Comma-separated list of hosts for which not to use a proxy, if
2451 one is specified. The only wildcard is a single * character,
2452 which matches all hosts, and effectively disables the proxy.
2453 Each name in this list is matched as either a domain which con‐
2454 tains the hostname, or the hostname itself. For example, lo‐
2455 cal.com would match local.com, local.com:80, and www.local.com,
2456 but not www.notlocal.com.
2457
2458 Since 7.53.0, This option overrides the environment variables
2459 that disable the proxy ('no_proxy' and 'NO_PROXY'). If there's
2460 an environment variable disabling a proxy, you can set the no‐
2461 proxy list to "" to override it.
2462
2463 Example:
2464 curl --noproxy "www.example" https://example.com
2465
2466 See also -x, --proxy.
2467
2468 --ntlm-wb
2469 (HTTP) Enables NTLM much in the style --ntlm does, but hand over
2470 the authentication to the separate binary ntlmauth application
2471 that is executed when needed.
2472
2473 Example:
2474 curl --ntlm-wb -u user:password https://example.com
2475
2476 See also --ntlm and --proxy-ntlm.
2477
2478 --ntlm (HTTP) Enables NTLM authentication. The NTLM authentication
2479 method was designed by Microsoft and is used by IIS web servers.
2480 It is a proprietary protocol, reverse-engineered by clever peo‐
2481 ple and implemented in curl based on their efforts. This kind of
2482 behavior should not be endorsed, you should encourage everyone
2483 who uses NTLM to switch to a public and documented authentica‐
2484 tion method instead, such as Digest.
2485
2486 If you want to enable NTLM for your proxy authentication, then
2487 use --proxy-ntlm.
2488
2489 If this option is used several times, only the first one is
2490 used.
2491
2492 Example:
2493 curl --ntlm -u user:password https://example.com
2494
2495 See also --proxy-ntlm. --ntlm requires that the underlying
2496 libcurl was built to support TLS. This option overrides --basic
2497 and --negotiate and --digest and --anyauth.
2498
2499 --oauth2-bearer <token>
2500 (IMAP LDAP POP3 SMTP HTTP) Specify the Bearer Token for OAUTH
2501 2.0 server authentication. The Bearer Token is used in conjunc‐
2502 tion with the user name which can be specified as part of the
2503 --url or --user options.
2504
2505 The Bearer Token and user name are formatted according to RFC
2506 6750.
2507
2508 If this option is used several times, the last one will be used.
2509
2510 Example:
2511 curl --oauth2-bearer "mF_9.B5f-4.1JqM" https://example.com
2512
2513 See also --basic, --ntlm and --digest. Added in 7.33.0.
2514
2515 --output-dir <dir>
2516
2517 This option specifies the directory in which files should be
2518 stored, when --remote-name or --output are used.
2519
2520 The given output directory is used for all URLs and output op‐
2521 tions on the command line, up until the first -:, --next.
2522
2523 If the specified target directory does not exist, the operation
2524 will fail unless --create-dirs is also used.
2525
2526 If this option is used multiple times, the last specified direc‐
2527 tory will be used.
2528
2529 Example:
2530 curl --output-dir "tmp" -O https://example.com
2531
2532 See also -O, --remote-name and -J, --remote-header-name. Added
2533 in 7.73.0.
2534
2535 -o, --output <file>
2536 Write output to <file> instead of stdout. If you are using {} or
2537 [] to fetch multiple documents, you should quote the URL and you
2538 can use '#' followed by a number in the <file> specifier. That
2539 variable will be replaced with the current string for the URL
2540 being fetched. Like in:
2541
2542 curl "http://{one,two}.example.com" -o "file_#1.txt"
2543
2544 or use several variables like:
2545
2546 curl "http://{site,host}.host[1-5].com" -o "#1_#2"
2547
2548 You may use this option as many times as the number of URLs you
2549 have. For example, if you specify two URLs on the same command
2550 line, you can use it like this:
2551
2552 curl -o aa example.com -o bb example.net
2553
2554 and the order of the -o options and the URLs does not matter,
2555 just that the first -o is for the first URL and so on, so the
2556 above command line can also be written as
2557
2558 curl example.com example.net -o aa -o bb
2559
2560 See also the --create-dirs option to create the local directo‐
2561 ries dynamically. Specifying the output as '-' (a single dash)
2562 will force the output to be done to stdout.
2563
2564 To suppress response bodies, you can redirect output to
2565 /dev/null:
2566
2567 curl example.com -o /dev/null
2568
2569 Or for Windows use nul:
2570
2571 curl example.com -o nul
2572
2573 Examples:
2574 curl -o file https://example.com
2575 curl "http://{one,two}.example.com" -o "file_#1.txt"
2576 curl "http://{site,host}.host[1-5].com" -o "#1_#2"
2577 curl -o file https://example.com -o file2 https://example.net
2578
2579 See also -O, --remote-name, --remote-name-all and -J, --remote-
2580 header-name.
2581
2582 --parallel-immediate
2583 When doing parallel transfers, this option will instruct curl
2584 that it should rather prefer opening up more connections in par‐
2585 allel at once rather than waiting to see if new transfers can be
2586 added as multiplexed streams on another connection.
2587
2588 This option is global and does not need to be specified for each
2589 use of -:, --next.
2590
2591 Example:
2592 curl --parallel-immediate -Z https://example.com -o file1 https://example.com -o file2
2593
2594 See also -Z, --parallel and --parallel-max. Added in 7.68.0.
2595
2596 --parallel-max <num>
2597 When asked to do parallel transfers, using -Z, --parallel, this
2598 option controls the maximum amount of transfers to do simultane‐
2599 ously.
2600
2601 This option is global and does not need to be specified for each
2602 use of -:, --next.
2603
2604 The default is 50.
2605
2606 Example:
2607 curl --parallel-max 100 -Z https://example.com ftp://example.com/
2608
2609 See also -Z, --parallel. Added in 7.66.0.
2610
2611 -Z, --parallel
2612 Makes curl perform its transfers in parallel as compared to the
2613 regular serial manner.
2614
2615 This option is global and does not need to be specified for each
2616 use of -:, --next.
2617
2618 Example:
2619 curl --parallel https://example.com -o file1 https://example.com -o file2
2620
2621 See also -:, --next and -v, --verbose. Added in 7.66.0.
2622
2623 --pass <phrase>
2624 (SSH TLS) Passphrase for the private key.
2625
2626 If this option is used several times, the last one will be used.
2627
2628 Example:
2629 curl --pass secret --key file https://example.com
2630
2631 See also --key and -u, --user.
2632
2633 --path-as-is
2634 Tell curl to not handle sequences of /../ or /./ in the given
2635 URL path. Normally curl will squash or merge them according to
2636 standards but with this option set you tell it not to do that.
2637
2638 Example:
2639 curl --path-as-is https://example.com/../../etc/passwd
2640
2641 See also --request-target. Added in 7.42.0.
2642
2643 --pinnedpubkey <hashes>
2644 (TLS) Tells curl to use the specified public key file (or
2645 hashes) to verify the peer. This can be a path to a file which
2646 contains a single public key in PEM or DER format, or any number
2647 of base64 encoded sha256 hashes preceded by 'sha256//' and sepa‐
2648 rated by ';'.
2649
2650 When negotiating a TLS or SSL connection, the server sends a
2651 certificate indicating its identity. A public key is extracted
2652 from this certificate and if it does not exactly match the pub‐
2653 lic key provided to this option, curl will abort the connection
2654 before sending or receiving any data.
2655
2656 PEM/DER support:
2657
2658 7.39.0: OpenSSL, GnuTLS and GSKit
2659
2660 7.43.0: NSS and wolfSSL
2661
2662 7.47.0: mbedtls
2663
2664 sha256 support:
2665
2666 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL
2667
2668 7.47.0: mbedtls
2669
2670 Other SSL backends not supported.
2671
2672 If this option is used several times, the last one will be used.
2673
2674 Examples:
2675 curl --pinnedpubkey keyfile https://example.com
2676 curl --pinnedpubkey 'sha256//ce118b51897f4452dc' https://example.com
2677
2678 See also --hostpubsha256. Added in 7.39.0.
2679
2680 --post301
2681 (HTTP) Tells curl to respect RFC 7231/6.4.2 and not convert POST
2682 requests into GET requests when following a 301 redirection. The
2683 non-RFC behavior is ubiquitous in web browsers, so curl does the
2684 conversion by default to maintain consistency. However, a server
2685 may require a POST to remain a POST after such a redirection.
2686 This option is meaningful only when using -L, --location.
2687
2688 Example:
2689 curl --post301 --location -d "data" https://example.com
2690
2691 See also --post302, --post303 and -L, --location.
2692
2693 --post302
2694 (HTTP) Tells curl to respect RFC 7231/6.4.3 and not convert POST
2695 requests into GET requests when following a 302 redirection. The
2696 non-RFC behavior is ubiquitous in web browsers, so curl does the
2697 conversion by default to maintain consistency. However, a server
2698 may require a POST to remain a POST after such a redirection.
2699 This option is meaningful only when using -L, --location.
2700
2701 Example:
2702 curl --post302 --location -d "data" https://example.com
2703
2704 See also --post301, --post303 and -L, --location.
2705
2706 --post303
2707 (HTTP) Tells curl to violate RFC 7231/6.4.4 and not convert POST
2708 requests into GET requests when following 303 redirections. A
2709 server may require a POST to remain a POST after a 303 redirect‐
2710 ion. This option is meaningful only when using -L, --location.
2711
2712 Example:
2713 curl --post303 --location -d "data" https://example.com
2714
2715 See also --post302, --post301 and -L, --location.
2716
2717 --preproxy [protocol://]host[:port]
2718 Use the specified SOCKS proxy before connecting to an HTTP or
2719 HTTPS -x, --proxy. In such a case curl first connects to the
2720 SOCKS proxy and then connects (through SOCKS) to the HTTP or
2721 HTTPS proxy. Hence pre proxy.
2722
2723 The pre proxy string should be specified with a protocol:// pre‐
2724 fix to specify alternative proxy protocols. Use socks4://,
2725 socks4a://, socks5:// or socks5h:// to request the specific
2726 SOCKS version to be used. No protocol specified will make curl
2727 default to SOCKS4.
2728
2729 If the port number is not specified in the proxy string, it is
2730 assumed to be 1080.
2731
2732 User and password that might be provided in the proxy string are
2733 URL decoded by curl. This allows you to pass in special charac‐
2734 ters such as @ by using %40 or pass in a colon with %3a.
2735
2736 If this option is used several times, the last one will be used.
2737
2738 Example:
2739 curl --preproxy socks5://proxy.example -x http://http.example https://example.com
2740
2741 See also -x, --proxy and --socks5. Added in 7.52.0.
2742
2743 -#, --progress-bar
2744 Make curl display transfer progress as a simple progress bar in‐
2745 stead of the standard, more informational, meter.
2746
2747 This progress bar draws a single line of '#' characters across
2748 the screen and shows a percentage if the transfer size is known.
2749 For transfers without a known size, there will be space ship
2750 (-=o=-) that moves back and forth but only while data is being
2751 transferred, with a set of flying hash sign symbols on top.
2752
2753 This option is global and does not need to be specified for each
2754 use of -:, --next.
2755
2756 Example:
2757 curl -# -O https://example.com
2758
2759 See also --styled-output.
2760
2761 --proto-default <protocol>
2762 Tells curl to use protocol for any URL missing a scheme name.
2763
2764 An unknown or unsupported protocol causes error CURLE_UNSUP‐
2765 PORTED_PROTOCOL (1).
2766
2767 This option does not change the default proxy protocol (http).
2768
2769 Without this option set, curl guesses protocol based on the host
2770 name, see --url for details.
2771
2772 Example:
2773 curl --proto-default https ftp.example.com
2774
2775 See also --proto and --proto-redir. Added in 7.45.0.
2776
2777 --proto-redir <protocols>
2778 Tells curl to limit what protocols it may use on redirect. Pro‐
2779 tocols denied by --proto are not overridden by this option. See
2780 --proto for how protocols are represented.
2781
2782 Example, allow only HTTP and HTTPS on redirect:
2783
2784 curl --proto-redir -all,http,https http://example.com
2785
2786 By default curl will only allow HTTP, HTTPS, FTP and FTPS on re‐
2787 direct (since 7.65.2). Specifying all or +all enables all proto‐
2788 cols on redirects, which is not good for security.
2789
2790 Example:
2791 curl --proto-redir =http,https https://example.com
2792
2793 See also --proto.
2794
2795 --proto <protocols>
2796 Tells curl to limit what protocols it may use for transfers.
2797 Protocols are evaluated left to right, are comma separated, and
2798 are each a protocol name or 'all', optionally prefixed by zero
2799 or more modifiers. Available modifiers are:
2800
2801 + Permit this protocol in addition to protocols already permit‐
2802 ted (this is the default if no modifier is used).
2803
2804 - Deny this protocol, removing it from the list of protocols
2805 already permitted.
2806
2807 = Permit only this protocol (ignoring the list already permit‐
2808 ted), though subject to later modification by subsequent en‐
2809 tries in the comma separated list.
2810
2811 For example:
2812
2813 --proto -ftps uses the default protocols, but disables ftps
2814
2815 --proto -all,https,+http
2816 only enables http and https
2817
2818 --proto =http,https
2819 also only enables http and https
2820
2821 Unknown protocols produce a warning. This allows scripts to
2822 safely rely on being able to disable potentially dangerous pro‐
2823 tocols, without relying upon support for that protocol being
2824 built into curl to avoid an error.
2825
2826 This option can be used multiple times, in which case the effect
2827 is the same as concatenating the protocols into one instance of
2828 the option.
2829
2830 Example:
2831 curl --proto =http,https,sftp https://example.com
2832
2833 See also --proto-redir and --proto-default.
2834
2835 --proxy-anyauth
2836 Tells curl to pick a suitable authentication method when commu‐
2837 nicating with the given HTTP proxy. This might cause an extra
2838 request/response round-trip.
2839
2840 Example:
2841 curl --proxy-anyauth --proxy-user user:passwd -x proxy https://example.com
2842
2843 See also -x, --proxy, --proxy-basic and --proxy-digest.
2844
2845 --proxy-basic
2846 Tells curl to use HTTP Basic authentication when communicating
2847 with the given proxy. Use --basic for enabling HTTP Basic with a
2848 remote host. Basic is the default authentication method curl
2849 uses with proxies.
2850
2851 Example:
2852 curl --proxy-basic --proxy-user user:passwd -x proxy https://example.com
2853
2854 See also -x, --proxy, --proxy-anyauth and --proxy-digest.
2855
2856 --proxy-cacert <file>
2857 Same as --cacert but used in HTTPS proxy context.
2858
2859 Example:
2860 curl --proxy-cacert CA-file.txt -x https://proxy https://example.com
2861
2862 See also --proxy-capath, --cacert, --capath and -x, --proxy.
2863 Added in 7.52.0.
2864
2865 --proxy-capath <dir>
2866 Same as --capath but used in HTTPS proxy context.
2867
2868 Example:
2869 curl --proxy-capath /local/directory -x https://proxy https://example.com
2870
2871 See also --proxy-cacert, -x, --proxy and --capath. Added in
2872 7.52.0.
2873
2874 --proxy-cert-type <type>
2875 Same as --cert-type but used in HTTPS proxy context.
2876
2877 Example:
2878 curl --proxy-cert-type PEM --proxy-cert file -x https://proxy https://example.com
2879
2880 See also --proxy-cert. Added in 7.52.0.
2881
2882 --proxy-cert <cert[:passwd]>
2883 Same as --cert but used in HTTPS proxy context.
2884
2885 Example:
2886 curl --proxy-cert file -x https://proxy https://example.com
2887
2888 See also --proxy-cert-type. Added in 7.52.0.
2889
2890 --proxy-ciphers <list>
2891 Same as --ciphers but used in HTTPS proxy context.
2892
2893 Example:
2894 curl --proxy-ciphers ECDHE-ECDSA-AES256-CCM8 -x https://proxy https://example.com
2895
2896 See also --ciphers, --curves and -x, --proxy. Added in 7.52.0.
2897
2898 --proxy-crlfile <file>
2899 Same as --crlfile but used in HTTPS proxy context.
2900
2901 Example:
2902 curl --proxy-crlfile rejects.txt -x https://proxy https://example.com
2903
2904 See also --crlfile and -x, --proxy. Added in 7.52.0.
2905
2906 --proxy-digest
2907 Tells curl to use HTTP Digest authentication when communicating
2908 with the given proxy. Use --digest for enabling HTTP Digest with
2909 a remote host.
2910
2911 Example:
2912 curl --proxy-digest --proxy-user user:passwd -x proxy https://example.com
2913
2914 See also -x, --proxy, --proxy-anyauth and --proxy-basic.
2915
2916 --proxy-header <header/@file>
2917 (HTTP) Extra header to include in the request when sending HTTP
2918 to a proxy. You may specify any number of extra headers. This is
2919 the equivalent option to --header but is for proxy communication
2920 only like in CONNECT requests when you want a separate header
2921 sent to the proxy to what is sent to the actual remote host.
2922
2923 curl will make sure that each header you add/replace is sent
2924 with the proper end-of-line marker, you should thus not add that
2925 as a part of the header content: do not add newlines or carriage
2926 returns, they will only mess things up for you.
2927
2928 Headers specified with this option will not be included in re‐
2929 quests that curl knows will not be sent to a proxy.
2930
2931 Starting in 7.55.0, this option can take an argument in @file‐
2932 name style, which then adds a header for each line in the input
2933 file. Using @- will make curl read the header file from stdin.
2934
2935 This option can be used multiple times to add/replace/remove
2936 multiple headers.
2937
2938 Examples:
2939 curl --proxy-header "X-First-Name: Joe" -x http://proxy https://example.com
2940 curl --proxy-header "User-Agent: surprise" -x http://proxy https://example.com
2941 curl --proxy-header "Host:" -x http://proxy https://example.com
2942
2943 See also -x, --proxy. Added in 7.37.0.
2944
2945 --proxy-insecure
2946 Same as --insecure but used in HTTPS proxy context.
2947
2948 Example:
2949 curl --proxy-insecure -x https://proxy https://example.com
2950
2951 See also -x, --proxy and -k, --insecure. Added in 7.52.0.
2952
2953 --proxy-key-type <type>
2954 Same as --key-type but used in HTTPS proxy context.
2955
2956 Example:
2957 curl --proxy-key-type DER --proxy-key here -x https://proxy https://example.com
2958
2959 See also --proxy-key and -x, --proxy. Added in 7.52.0.
2960
2961 --proxy-key <key>
2962 Same as --key but used in HTTPS proxy context.
2963
2964 Example:
2965 curl --proxy-key here -x https://proxy https://example.com
2966
2967 See also --proxy-key-type and -x, --proxy. Added in 7.52.0.
2968
2969 --proxy-negotiate
2970 Tells curl to use HTTP Negotiate (SPNEGO) authentication when
2971 communicating with the given proxy. Use --negotiate for enabling
2972 HTTP Negotiate (SPNEGO) with a remote host.
2973
2974 Example:
2975 curl --proxy-negotiate --proxy-user user:passwd -x proxy https://example.com
2976
2977 See also --proxy-anyauth and --proxy-basic.
2978
2979 --proxy-ntlm
2980 Tells curl to use HTTP NTLM authentication when communicating
2981 with the given proxy. Use --ntlm for enabling NTLM with a remote
2982 host.
2983
2984 Example:
2985 curl --proxy-ntlm --proxy-user user:passwd -x http://proxy https://example.com
2986
2987 See also --proxy-negotiate and --proxy-anyauth.
2988
2989 --proxy-pass <phrase>
2990 Same as --pass but used in HTTPS proxy context.
2991
2992 Example:
2993 curl --proxy-pass secret --proxy-key here -x https://proxy https://example.com
2994
2995 See also -x, --proxy and --proxy-key. Added in 7.52.0.
2996
2997 --proxy-pinnedpubkey <hashes>
2998 (TLS) Tells curl to use the specified public key file (or
2999 hashes) to verify the proxy. This can be a path to a file which
3000 contains a single public key in PEM or DER format, or any number
3001 of base64 encoded sha256 hashes preceded by 'sha256//' and sepa‐
3002 rated by ';'.
3003
3004 When negotiating a TLS or SSL connection, the server sends a
3005 certificate indicating its identity. A public key is extracted
3006 from this certificate and if it does not exactly match the pub‐
3007 lic key provided to this option, curl will abort the connection
3008 before sending or receiving any data.
3009
3010 If this option is used several times, the last one will be used.
3011
3012 Examples:
3013 curl --proxy-pinnedpubkey keyfile https://example.com
3014 curl --proxy-pinnedpubkey 'sha256//ce118b51897f4452dc' https://example.com
3015
3016 See also --pinnedpubkey and -x, --proxy. Added in 7.59.0.
3017
3018 --proxy-service-name <name>
3019 This option allows you to change the service name for proxy ne‐
3020 gotiation.
3021
3022 Example:
3023 curl --proxy-service-name "shrubbery" -x proxy https://example.com
3024
3025 See also --service-name and -x, --proxy. Added in 7.43.0.
3026
3027 --proxy-ssl-allow-beast
3028 Same as --ssl-allow-beast but used in HTTPS proxy context.
3029
3030 Example:
3031 curl --proxy-ssl-allow-beast -x https://proxy https://example.com
3032
3033 See also --ssl-allow-beast and -x, --proxy. Added in 7.52.0.
3034
3035 --proxy-ssl-auto-client-cert
3036 Same as --ssl-auto-client-cert but used in HTTPS proxy context.
3037
3038 Example:
3039 curl --proxy-ssl-auto-client-cert -x https://proxy https://example.com
3040
3041 See also --ssl-auto-client-cert and -x, --proxy. Added in
3042 7.77.0.
3043
3044 --proxy-tls13-ciphers <ciphersuite list>
3045 (TLS) Specifies which cipher suites to use in the connection to
3046 your HTTPS proxy when it negotiates TLS 1.3. The list of ciphers
3047 suites must specify valid ciphers. Read up on TLS 1.3 cipher
3048 suite details on this URL:
3049
3050 https://curl.se/docs/ssl-ciphers.html
3051
3052 This option is currently used only when curl is built to use
3053 OpenSSL 1.1.1 or later. If you are using a different SSL backend
3054 you can try setting TLS 1.3 cipher suites by using the --proxy-
3055 ciphers option.
3056
3057 If this option is used several times, the last one will be used.
3058
3059 Example:
3060 curl --proxy-tls13-ciphers TLS_AES_128_GCM_SHA256 -x proxy https://example.com
3061
3062 See also --tls13-ciphers and --curves. Added in 7.61.0.
3063
3064 --proxy-tlsauthtype <type>
3065 Same as --tlsauthtype but used in HTTPS proxy context.
3066
3067 Example:
3068 curl --proxy-tlsauthtype SRP -x https://proxy https://example.com
3069
3070 See also -x, --proxy and --proxy-tlsuser. Added in 7.52.0.
3071
3072 --proxy-tlspassword <string>
3073 Same as --tlspassword but used in HTTPS proxy context.
3074
3075 Example:
3076 curl --proxy-tlspassword passwd -x https://proxy https://example.com
3077
3078 See also -x, --proxy and --proxy-tlsuser. Added in 7.52.0.
3079
3080 --proxy-tlsuser <name>
3081 Same as --tlsuser but used in HTTPS proxy context.
3082
3083 Example:
3084 curl --proxy-tlsuser smith -x https://proxy https://example.com
3085
3086 See also -x, --proxy and --proxy-tlspassword. Added in 7.52.0.
3087
3088 --proxy-tlsv1
3089 Same as --tlsv1 but used in HTTPS proxy context.
3090
3091 Example:
3092 curl --proxy-tlsv1 -x https://proxy https://example.com
3093
3094 See also -x, --proxy. Added in 7.52.0.
3095
3096 -U, --proxy-user <user:password>
3097 Specify the user name and password to use for proxy authentica‐
3098 tion.
3099
3100 If you use a Windows SSPI-enabled curl binary and do either Ne‐
3101 gotiate or NTLM authentication then you can tell curl to select
3102 the user name and password from your environment by specifying a
3103 single colon with this option: "-U :".
3104
3105 On systems where it works, curl will hide the given option argu‐
3106 ment from process listings. This is not enough to protect cre‐
3107 dentials from possibly getting seen by other users on the same
3108 system as they will still be visible for a moment before
3109 cleared. Such sensitive data should be retrieved from a file in‐
3110 stead or similar and never used in clear text in a command line.
3111
3112 If this option is used several times, the last one will be used.
3113
3114 Example:
3115 curl --proxy-user name:pwd -x proxy https://example.com
3116
3117 See also --proxy-pass.
3118
3119 -x, --proxy [protocol://]host[:port]
3120 Use the specified proxy.
3121
3122 The proxy string can be specified with a protocol:// prefix. No
3123 protocol specified or http:// will be treated as HTTP proxy. Use
3124 socks4://, socks4a://, socks5:// or socks5h:// to request a spe‐
3125 cific SOCKS version to be used.
3126
3127
3128 HTTPS proxy support via https:// protocol prefix was added in
3129 7.52.0 for OpenSSL, GnuTLS and NSS.
3130
3131 Unrecognized and unsupported proxy protocols cause an error
3132 since 7.52.0. Prior versions may ignore the protocol and use
3133 http:// instead.
3134
3135 If the port number is not specified in the proxy string, it is
3136 assumed to be 1080.
3137
3138 This option overrides existing environment variables that set
3139 the proxy to use. If there's an environment variable setting a
3140 proxy, you can set proxy to "" to override it.
3141
3142 All operations that are performed over an HTTP proxy will trans‐
3143 parently be converted to HTTP. It means that certain protocol
3144 specific operations might not be available. This is not the case
3145 if you can tunnel through the proxy, as one with the --proxytun‐
3146 nel option.
3147
3148 User and password that might be provided in the proxy string are
3149 URL decoded by curl. This allows you to pass in special charac‐
3150 ters such as @ by using %40 or pass in a colon with %3a.
3151
3152 The proxy host can be specified the same way as the proxy envi‐
3153 ronment variables, including the protocol prefix (http://) and
3154 the embedded user + password.
3155
3156 If this option is used several times, the last one will be used.
3157
3158 Example:
3159 curl --proxy http://proxy.example https://example.com
3160
3161 See also --socks5 and --proxy-basic.
3162
3163 --proxy1.0 <host[:port]>
3164 Use the specified HTTP 1.0 proxy. If the port number is not
3165 specified, it is assumed at port 1080.
3166
3167 The only difference between this and the HTTP proxy option -x,
3168 --proxy, is that attempts to use CONNECT through the proxy will
3169 specify an HTTP 1.0 protocol instead of the default HTTP 1.1.
3170
3171 Example:
3172 curl --proxy1.0 -x http://proxy https://example.com
3173
3174 See also -x, --proxy, --socks5 and --preproxy.
3175
3176 -p, --proxytunnel
3177 When an HTTP proxy is used -x, --proxy, this option will make
3178 curl tunnel through the proxy. The tunnel approach is made with
3179 the HTTP proxy CONNECT request and requires that the proxy al‐
3180 lows direct connect to the remote port number curl wants to tun‐
3181 nel through to.
3182
3183 To suppress proxy CONNECT response headers when curl is set to
3184 output headers use --suppress-connect-headers.
3185
3186 Example:
3187 curl --proxytunnel -x http://proxy https://example.com
3188
3189 See also -x, --proxy.
3190
3191 --pubkey <key>
3192 (SFTP SCP) Public key file name. Allows you to provide your pub‐
3193 lic key in this separate file.
3194
3195 If this option is used several times, the last one will be used.
3196
3197 (As of 7.39.0, curl attempts to automatically extract the public
3198 key from the private key file, so passing this option is gener‐
3199 ally not required. Note that this public key extraction requires
3200 libcurl to be linked against a copy of libssh2 1.2.8 or higher
3201 that is itself linked against OpenSSL.)
3202
3203 Example:
3204 curl --pubkey file.pub sftp://example.com/
3205
3206 See also --pass.
3207
3208 -Q, --quote <command>
3209 (FTP SFTP) Send an arbitrary command to the remote FTP or SFTP
3210 server. Quote commands are sent BEFORE the transfer takes place
3211 (just after the initial PWD command in an FTP transfer, to be
3212 exact). To make commands take place after a successful transfer,
3213 prefix them with a dash '-'. To make commands be sent after curl
3214 has changed the working directory, just before the transfer com‐
3215 mand(s), prefix the command with a '+' (this is only supported
3216 for FTP). You may specify any number of commands.
3217
3218 By default curl will stop at first failure. To make curl con‐
3219 tinue even if the command fails, prefix the command with an as‐
3220 terisk (*). Otherwise, if the server returns failure for one of
3221 the commands, the entire operation will be aborted.
3222
3223 You must send syntactically correct FTP commands as RFC 959 de‐
3224 fines to FTP servers, or one of the commands listed below to
3225 SFTP servers.
3226
3227 This option can be used multiple times.
3228
3229 SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP
3230 quote commands itself before sending them to the server. File
3231 names may be quoted shell-style to embed spaces or special char‐
3232 acters. Following is the list of all supported SFTP quote com‐
3233 mands:
3234
3235 atime date file
3236 The atime command sets the last access time of the file
3237 named by the file operand. The <date expression> can be
3238 all sorts of date strings, see the curl_getdate(3) man
3239 page for date expression details. (Added in 7.73.0)
3240
3241 chgrp group file
3242 The chgrp command sets the group ID of the file named by
3243 the file operand to the group ID specified by the group
3244 operand. The group operand is a decimal integer group ID.
3245
3246 chmod mode file
3247 The chmod command modifies the file mode bits of the
3248 specified file. The mode operand is an octal integer mode
3249 number.
3250
3251 chown user file
3252 The chown command sets the owner of the file named by the
3253 file operand to the user ID specified by the user oper‐
3254 and. The user operand is a decimal integer user ID.
3255
3256 ln source_file target_file
3257 The ln and symlink commands create a symbolic link at the
3258 target_file location pointing to the source_file loca‐
3259 tion.
3260
3261 mkdir directory_name
3262 The mkdir command creates the directory named by the di‐
3263 rectory_name operand.
3264
3265 mtime date file
3266 The mtime command sets the last modification time of the
3267 file named by the file operand. The <date expression> can
3268 be all sorts of date strings, see the curl_getdate(3) man
3269 page for date expression details. (Added in 7.73.0)
3270
3271 pwd The pwd command returns the absolute pathname of the cur‐
3272 rent working directory.
3273
3274 rename source target
3275 The rename command renames the file or directory named by
3276 the source operand to the destination path named by the
3277 target operand.
3278
3279 rm file
3280 The rm command removes the file specified by the file op‐
3281 erand.
3282
3283 rmdir directory
3284 The rmdir command removes the directory entry specified
3285 by the directory operand, provided it is empty.
3286
3287 symlink source_file target_file
3288 See ln.
3289
3290 Example:
3291 curl --quote "DELE file" ftp://example.com/foo
3292
3293 See also -X, --request.
3294
3295 --random-file <file>
3296 Specify the path name to file containing what will be considered
3297 as random data. The data may be used to seed the random engine
3298 for SSL connections. See also the --egd-file option.
3299
3300 Example:
3301 curl --random-file rubbish https://example.com
3302
3303 See also --egd-file.
3304
3305 -r, --range <range>
3306 (HTTP FTP SFTP FILE) Retrieve a byte range (i.e. a partial docu‐
3307 ment) from an HTTP/1.1, FTP or SFTP server or a local FILE.
3308 Ranges can be specified in a number of ways.
3309
3310 0-499 specifies the first 500 bytes
3311
3312 500-999 specifies the second 500 bytes
3313
3314 -500 specifies the last 500 bytes
3315
3316 9500- specifies the bytes from offset 9500 and forward
3317
3318 0-0,-1 specifies the first and last byte only(*)(HTTP)
3319
3320 100-199,500-599
3321 specifies two separate 100-byte ranges(*) (HTTP)
3322
3323 (*) = NOTE that this will cause the server to reply with a mul‐
3324 tipart response, which will be returned as-is by curl! Parsing
3325 or otherwise transforming this response is the responsibility of
3326 the caller.
3327
3328 Only digit characters (0-9) are valid in the 'start' and 'stop'
3329 fields of the 'start-stop' range syntax. If a non-digit charac‐
3330 ter is given in the range, the server's response will be unspec‐
3331 ified, depending on the server's configuration.
3332
3333 You should also be aware that many HTTP/1.1 servers do not have
3334 this feature enabled, so that when you attempt to get a range,
3335 you will instead get the whole document.
3336
3337 FTP and SFTP range downloads only support the simple 'start-
3338 stop' syntax (optionally with one of the numbers omitted). FTP
3339 use depends on the extended FTP command SIZE.
3340
3341 If this option is used several times, the last one will be used.
3342
3343 Example:
3344 curl --range 22-44 https://example.com
3345
3346 See also -C, --continue-at and -a, --append.
3347
3348 --raw (HTTP) When used, it disables all internal HTTP decoding of con‐
3349 tent or transfer encodings and instead makes them passed on un‐
3350 altered, raw.
3351
3352 Example:
3353 curl --raw https://example.com
3354
3355 See also --tr-encoding.
3356
3357 -e, --referer <URL>
3358 (HTTP) Sends the "Referrer Page" information to the HTTP server.
3359 This can also be set with the --header flag of course. When used
3360 with --location you can append ";auto" to the --referer URL to
3361 make curl automatically set the previous URL when it follows a
3362 Location: header. The ";auto" string can be used alone, even if
3363 you do not set an initial -e, --referer.
3364
3365 If this option is used several times, the last one will be used.
3366
3367 Examples:
3368 curl --referer "https://fake.example" https://example.com
3369 curl --referer "https://fake.example;auto" -L https://example.com
3370 curl --referer ";auto" -L https://example.com
3371
3372 See also -A, --user-agent and -H, --header.
3373
3374 -J, --remote-header-name
3375 (HTTP) This option tells the --remote-name option to use the
3376 server-specified Content-Disposition filename instead of ex‐
3377 tracting a filename from the URL. If the server-provided file
3378 name contains a path, that will be stripped off before the file
3379 name is used.
3380
3381 The file is saved in the current directory, or in the directory
3382 specified with --output-dir.
3383
3384 If the server specifies a file name and a file with that name
3385 already exists in the destination directory, it will not be
3386 overwritten and an error will occur. If the server does not
3387 specify a file name then this option has no effect.
3388
3389 There's no attempt to decode %-sequences (yet) in the provided
3390 file name, so this option may provide you with rather unexpected
3391 file names.
3392
3393 WARNING: Exercise judicious use of this option, especially on
3394 Windows. A rogue server could send you the name of a DLL or
3395 other file that could be loaded automatically by Windows or some
3396 third party software.
3397
3398 Example:
3399 curl -OJ https://example.com/file
3400
3401 See also -O, --remote-name.
3402
3403 --remote-name-all
3404 This option changes the default action for all given URLs to be
3405 dealt with as if --remote-name were used for each one. So if you
3406 want to disable that for a specific URL after --remote-name-all
3407 has been used, you must use "-o -" or --no-remote-name.
3408
3409 Example:
3410 curl --remote-name-all ftp://example.com/file1 ftp://example.com/file2
3411
3412 See also -O, --remote-name.
3413
3414 -O, --remote-name
3415 Write output to a local file named like the remote file we get.
3416 (Only the file part of the remote file is used, the path is cut
3417 off.)
3418
3419 The file will be saved in the current working directory. If you
3420 want the file saved in a different directory, make sure you
3421 change the current working directory before invoking curl with
3422 this option.
3423
3424 The remote file name to use for saving is extracted from the
3425 given URL, nothing else, and if it already exists it will be
3426 overwritten. If you want the server to be able to choose the
3427 file name refer to --remote-header-name which can be used in ad‐
3428 dition to this option. If the server chooses a file name and
3429 that name already exists it will not be overwritten.
3430
3431 There is no URL decoding done on the file name. If it has %20 or
3432 other URL encoded parts of the name, they will end up as-is as
3433 file name.
3434
3435 You may use this option as many times as the number of URLs you
3436 have.
3437
3438 Example:
3439 curl -O https://example.com/filename
3440
3441 See also --remote-name-all.
3442
3443 -R, --remote-time
3444 When used, this will make curl attempt to figure out the time‐
3445 stamp of the remote file, and if that is available make the lo‐
3446 cal file get that same timestamp.
3447
3448 Example:
3449 curl --remote-time -o foo https://example.com
3450
3451 See also -O, --remote-name and -z, --time-cond.
3452
3453 --request-target <path>
3454 (HTTP) Tells curl to use an alternative "target" (path) instead
3455 of using the path as provided in the URL. Particularly useful
3456 when wanting to issue HTTP requests without leading slash or
3457 other data that does not follow the regular URL pattern, like
3458 "OPTIONS *".
3459
3460 Example:
3461 curl --request-target "*" -X OPTIONS https://example.com
3462
3463 See also -X, --request. Added in 7.55.0.
3464
3465 -X, --request <method>
3466 (HTTP) Specifies a custom request method to use when communicat‐
3467 ing with the HTTP server. The specified request method will be
3468 used instead of the method otherwise used (which defaults to
3469 GET). Read the HTTP 1.1 specification for details and explana‐
3470 tions. Common additional HTTP requests include PUT and DELETE,
3471 but related technologies like WebDAV offers PROPFIND, COPY, MOVE
3472 and more.
3473
3474 Normally you do not need this option. All sorts of GET, HEAD,
3475 POST and PUT requests are rather invoked by using dedicated com‐
3476 mand line options.
3477
3478 This option only changes the actual word used in the HTTP re‐
3479 quest, it does not alter the way curl behaves. So for example if
3480 you want to make a proper HEAD request, using -X HEAD will not
3481 suffice. You need to use the --head option.
3482
3483 The method string you set with --request will be used for all
3484 requests, which if you for example use --location may cause un‐
3485 intended side-effects when curl does not change request method
3486 according to the HTTP 30x response codes - and similar.
3487
3488 (FTP) Specifies a custom FTP command to use instead of LIST when
3489 doing file lists with FTP.
3490
3491 (POP3) Specifies a custom POP3 command to use instead of LIST or
3492 RETR.
3493
3494
3495 (IMAP) Specifies a custom IMAP command to use instead of LIST.
3496 (Added in 7.30.0)
3497
3498 (SMTP) Specifies a custom SMTP command to use instead of HELP or
3499 VRFY. (Added in 7.34.0)
3500
3501 If this option is used several times, the last one will be used.
3502
3503 Examples:
3504 curl -X "DELETE" https://example.com
3505 curl -X NLST ftp://example.com/
3506
3507 See also --request-target.
3508
3509 --resolve <[+]host:port:addr[,addr]...>
3510 Provide a custom address for a specific host and port pair. Us‐
3511 ing this, you can make the curl requests(s) use a specified ad‐
3512 dress and prevent the otherwise normally resolved address to be
3513 used. Consider it a sort of /etc/hosts alternative provided on
3514 the command line. The port number should be the number used for
3515 the specific protocol the host will be used for. It means you
3516 need several entries if you want to provide address for the same
3517 host but different ports.
3518
3519 By specifying '*' as host you can tell curl to resolve any host
3520 and specific port pair to the specified address. Wildcard is re‐
3521 solved last so any --resolve with a specific host and port will
3522 be used first.
3523
3524 The provided address set by this option will be used even if
3525 --ipv4 or --ipv6 is set to make curl use another IP version.
3526
3527 By prefixing the host with a '+' you can make the entry time out
3528 after curl's default timeout (1 minute). Note that this will
3529 only make sense for long running parallel transfers with a lot
3530 of files. In such cases, if this option is used curl will try to
3531 resolve the host as it normally would once the timeout has ex‐
3532 pired.
3533
3534 Support for providing the IP address within [brackets] was added
3535 in 7.57.0.
3536
3537 Support for providing multiple IP addresses per entry was added
3538 in 7.59.0.
3539
3540 Support for resolving with wildcard was added in 7.64.0.
3541
3542 Support for the '+' prefix was was added in 7.75.0.
3543
3544 This option can be used many times to add many host names to re‐
3545 solve.
3546
3547 Example:
3548 curl --resolve example.com:443:127.0.0.1 https://example.com
3549
3550 See also --connect-to and --alt-svc.
3551
3552 --retry-all-errors
3553 Retry on any error. This option is used together with --retry.
3554
3555 This option is the "sledgehammer" of retrying. Do not use this
3556 option by default (eg in curlrc), there may be unintended conse‐
3557 quences such as sending or receiving duplicate data. Do not use
3558 with redirected input or output. You'd be much better off han‐
3559 dling your unique problems in shell script. Please read the ex‐
3560 ample below.
3561
3562 WARNING: For server compatibility curl attempts to retry failed
3563 flaky transfers as close as possible to how they were started,
3564 but this is not possible with redirected input or output. For
3565 example, before retrying it removes output data from a failed
3566 partial transfer that was written to an output file. However
3567 this is not true of data redirected to a | pipe or > file, which
3568 are not reset. We strongly suggest you do not parse or record
3569 output via redirect in combination with this option, since you
3570 may receive duplicate data.
3571
3572 By default curl will not error on an HTTP response code that in‐
3573 dicates an HTTP error, if the transfer was successful. For exam‐
3574 ple, if a server replies 404 Not Found and the reply is fully
3575 received then that is not an error. When --retry is used then
3576 curl will retry on some HTTP response codes that indicate tran‐
3577 sient HTTP errors, but that does not include most 4xx response
3578 codes such as 404. If you want to retry on all response codes
3579 that indicate HTTP errors (4xx and 5xx) then combine with -f,
3580 --fail.
3581
3582 Example:
3583 curl --retry 5 --retry-all-errors https://example.com
3584
3585 See also --retry. Added in 7.71.0.
3586
3587 --retry-connrefused
3588 In addition to the other conditions, consider ECONNREFUSED as a
3589 transient error too for --retry. This option is used together
3590 with --retry.
3591
3592 Example:
3593 curl --retry-connrefused --retry https://example.com
3594
3595 See also --retry and --retry-all-errors. Added in 7.52.0.
3596
3597 --retry-delay <seconds>
3598 Make curl sleep this amount of time before each retry when a
3599 transfer has failed with a transient error (it changes the de‐
3600 fault backoff time algorithm between retries). This option is
3601 only interesting if --retry is also used. Setting this delay to
3602 zero will make curl use the default backoff time.
3603
3604 If this option is used several times, the last one will be used.
3605
3606 Example:
3607 curl --retry-delay 5 --retry https://example.com
3608
3609 See also --retry.
3610
3611 --retry-max-time <seconds>
3612 The retry timer is reset before the first transfer attempt. Re‐
3613 tries will be done as usual (see --retry) as long as the timer
3614 has not reached this given limit. Notice that if the timer has
3615 not reached the limit, the request will be made and while per‐
3616 forming, it may take longer than this given time period. To
3617 limit a single request's maximum time, use -m, --max-time. Set
3618 this option to zero to not timeout retries.
3619
3620 If this option is used several times, the last one will be used.
3621
3622 Example:
3623 curl --retry-max-time 30 --retry 10 https://example.com
3624
3625 See also --retry.
3626
3627 --retry <num>
3628 If a transient error is returned when curl tries to perform a
3629 transfer, it will retry this number of times before giving up.
3630 Setting the number to 0 makes curl do no retries (which is the
3631 default). Transient error means either: a timeout, an FTP 4xx
3632 response code or an HTTP 408, 429, 500, 502, 503 or 504 response
3633 code.
3634
3635 When curl is about to retry a transfer, it will first wait one
3636 second and then for all forthcoming retries it will double the
3637 waiting time until it reaches 10 minutes which then will be the
3638 delay between the rest of the retries. By using --retry-delay
3639 you disable this exponential backoff algorithm. See also
3640 --retry-max-time to limit the total time allowed for retries.
3641
3642 Since curl 7.66.0, curl will comply with the Retry-After: re‐
3643 sponse header if one was present to know when to issue the next
3644 retry.
3645
3646 If this option is used several times, the last one will be used.
3647
3648 Example:
3649 curl --retry 7 https://example.com
3650
3651 See also --retry-max-time.
3652
3653 --sasl-authzid <identity>
3654 Use this authorisation identity (authzid), during SASL PLAIN au‐
3655 thentication, in addition to the authentication identity (auth‐
3656 cid) as specified by -u, --user.
3657
3658 If the option is not specified, the server will derive the au‐
3659 thzid from the authcid, but if specified, and depending on the
3660 server implementation, it may be used to access another user's
3661 inbox, that the user has been granted access to, or a shared
3662 mailbox for example.
3663
3664 Example:
3665 curl --sasl-authzid zid imap://example.com/
3666
3667 See also --login-options. Added in 7.66.0.
3668
3669 --sasl-ir
3670 Enable initial response in SASL authentication.
3671
3672 Example:
3673 curl --sasl-ir imap://example.com/
3674
3675 See also --sasl-authzid. Added in 7.31.0.
3676
3677 --service-name <name>
3678 This option allows you to change the service name for SPNEGO.
3679
3680 Examples: --negotiate --service-name sockd would use
3681 sockd/server-name.
3682
3683 Example:
3684 curl --service-name sockd/server https://example.com
3685
3686 See also --negotiate and --proxy-service-name. Added in 7.43.0.
3687
3688 -S, --show-error
3689 When used with -s, --silent, it makes curl show an error message
3690 if it fails.
3691
3692 This option is global and does not need to be specified for each
3693 use of -:, --next.
3694
3695 Example:
3696 curl --show-error --silent https://example.com
3697
3698 See also --no-progress-meter.
3699
3700 -s, --silent
3701 Silent or quiet mode. Do not show progress meter or error mes‐
3702 sages. Makes Curl mute. It will still output the data you ask
3703 for, potentially even to the terminal/stdout unless you redirect
3704 it.
3705
3706 Use --show-error in addition to this option to disable progress
3707 meter but still show error messages.
3708
3709 Example:
3710 curl -s https://example.com
3711
3712 See also -v, --verbose, --stderr and --no-progress-meter.
3713
3714 --socks4 <host[:port]>
3715 Use the specified SOCKS4 proxy. If the port number is not speci‐
3716 fied, it is assumed at port 1080. Using this socket type make
3717 curl resolve the host name and passing the address on to the
3718 proxy.
3719
3720 This option overrides any previous use of -x, --proxy, as they
3721 are mutually exclusive.
3722
3723 This option is superfluous since you can specify a socks4 proxy
3724 with --proxy using a socks4:// protocol prefix.
3725
3726 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
3727 the same time --proxy is used with an HTTP/HTTPS proxy. In such
3728 a case curl first connects to the SOCKS proxy and then connects
3729 (through SOCKS) to the HTTP or HTTPS proxy.
3730
3731 If this option is used several times, the last one will be used.
3732
3733 Example:
3734 curl --socks4 hostname:4096 https://example.com
3735
3736 See also --socks4a, --socks5 and --socks5-hostname.
3737
3738 --socks4a <host[:port]>
3739 Use the specified SOCKS4a proxy. If the port number is not spec‐
3740 ified, it is assumed at port 1080. This asks the proxy to re‐
3741 solve the host name.
3742
3743 This option overrides any previous use of -x, --proxy, as they
3744 are mutually exclusive.
3745
3746 This option is superfluous since you can specify a socks4a proxy
3747 with --proxy using a socks4a:// protocol prefix.
3748
3749 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
3750 the same time --proxy is used with an HTTP/HTTPS proxy. In such
3751 a case curl first connects to the SOCKS proxy and then connects
3752 (through SOCKS) to the HTTP or HTTPS proxy.
3753
3754 If this option is used several times, the last one will be used.
3755
3756 Example:
3757 curl --socks4a hostname:4096 https://example.com
3758
3759 See also --socks4, --socks5 and --socks5-hostname.
3760
3761 --socks5-basic
3762 Tells curl to use username/password authentication when connect‐
3763 ing to a SOCKS5 proxy. The username/password authentication is
3764 enabled by default. Use --socks5-gssapi to force GSS-API au‐
3765 thentication to SOCKS5 proxies.
3766
3767 Example:
3768 curl --socks5-basic --socks5 hostname:4096 https://example.com
3769
3770 See also --socks5. Added in 7.55.0.
3771
3772 --socks5-gssapi-nec
3773 As part of the GSS-API negotiation a protection mode is negoti‐
3774 ated. RFC 1961 says in section 4.3/4.4 it should be protected,
3775 but the NEC reference implementation does not. The option
3776 --socks5-gssapi-nec allows the unprotected exchange of the pro‐
3777 tection mode negotiation.
3778
3779 Example:
3780 curl --socks5-gssapi-nec --socks5 hostname:4096 https://example.com
3781
3782 See also --socks5.
3783
3784 --socks5-gssapi-service <name>
3785 The default service name for a socks server is rcmd/server-fqdn.
3786 This option allows you to change it.
3787
3788 Examples: --socks5 proxy-name --socks5-gssapi-service sockd
3789 would use sockd/proxy-name --socks5 proxy-name --socks5-gssapi-
3790 service sockd/real-name would use sockd/real-name for cases
3791 where the proxy-name does not match the principal name.
3792
3793 Example:
3794 curl --socks5-gssapi-service sockd --socks5 hostname:4096 https://example.com
3795
3796 See also --socks5.
3797
3798 --socks5-gssapi
3799 Tells curl to use GSS-API authentication when connecting to a
3800 SOCKS5 proxy. The GSS-API authentication is enabled by default
3801 (if curl is compiled with GSS-API support). Use --socks5-basic
3802 to force username/password authentication to SOCKS5 proxies.
3803
3804 Example:
3805 curl --socks5-gssapi --socks5 hostname:4096 https://example.com
3806
3807 See also --socks5. Added in 7.55.0.
3808
3809 --socks5-hostname <host[:port]>
3810 Use the specified SOCKS5 proxy (and let the proxy resolve the
3811 host name). If the port number is not specified, it is assumed
3812 at port 1080.
3813
3814 This option overrides any previous use of -x, --proxy, as they
3815 are mutually exclusive.
3816
3817 This option is superfluous since you can specify a socks5 host‐
3818 name proxy with --proxy using a socks5h:// protocol prefix.
3819
3820 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
3821 the same time --proxy is used with an HTTP/HTTPS proxy. In such
3822 a case curl first connects to the SOCKS proxy and then connects
3823 (through SOCKS) to the HTTP or HTTPS proxy.
3824
3825 If this option is used several times, the last one will be used.
3826
3827 Example:
3828 curl --socks5-hostname proxy.example:7000 https://example.com
3829
3830 See also --socks5 and --socks4a.
3831
3832 --socks5 <host[:port]>
3833 Use the specified SOCKS5 proxy - but resolve the host name lo‐
3834 cally. If the port number is not specified, it is assumed at
3835 port 1080.
3836
3837 This option overrides any previous use of -x, --proxy, as they
3838 are mutually exclusive.
3839
3840 This option is superfluous since you can specify a socks5 proxy
3841 with --proxy using a socks5:// protocol prefix.
3842
3843 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
3844 the same time --proxy is used with an HTTP/HTTPS proxy. In such
3845 a case curl first connects to the SOCKS proxy and then connects
3846 (through SOCKS) to the HTTP or HTTPS proxy.
3847
3848 If this option is used several times, the last one will be used.
3849
3850 This option (as well as --socks4) does not work with IPV6, FTPS
3851 or LDAP.
3852
3853 Example:
3854 curl --socks5 proxy.example:7000 https://example.com
3855
3856 See also --socks5-hostname and --socks4a.
3857
3858 -Y, --speed-limit <speed>
3859 If a download is slower than this given speed (in bytes per sec‐
3860 ond) for speed-time seconds it gets aborted. speed-time is set
3861 with --speed-time and is 30 if not set.
3862
3863 If this option is used several times, the last one will be used.
3864
3865 Example:
3866 curl --speed-limit 300 --speed-time 10 https://example.com
3867
3868 See also -y, --speed-time, --limit-rate and -m, --max-time.
3869
3870 -y, --speed-time <seconds>
3871 If a download is slower than speed-limit bytes per second during
3872 a speed-time period, the download gets aborted. If speed-time is
3873 used, the default speed-limit will be 1 unless set with -Y,
3874 --speed-limit.
3875
3876 This option controls transfers and thus will not affect slow
3877 connects etc. If this is a concern for you, try the --connect-
3878 timeout option.
3879
3880 If this option is used several times, the last one will be used.
3881
3882 Example:
3883 curl --speed-limit 300 --speed-time 10 https://example.com
3884
3885 See also -Y, --speed-limit and --limit-rate.
3886
3887 --ssl-allow-beast
3888 This option tells curl to not work around a security flaw in the
3889 SSL3 and TLS1.0 protocols known as BEAST. If this option is not
3890 used, the SSL layer may use workarounds known to cause interop‐
3891 erability problems with some older SSL implementations.
3892
3893 WARNING: this option loosens the SSL security, and by using this
3894 flag you ask for exactly that.
3895
3896 Example:
3897 curl --ssl-allow-beast https://example.com
3898
3899 See also --proxy-ssl-allow-beast and -k, --insecure.
3900
3901 --ssl-auto-client-cert
3902 Tell libcurl to automatically locate and use a client certifi‐
3903 cate for authentication, when requested by the server. This op‐
3904 tion is only supported for Schannel (the native Windows SSL li‐
3905 brary). Prior to 7.77.0 this was the default behavior in libcurl
3906 with Schannel. Since the server can request any certificate that
3907 supports client authentication in the OS certificate store it
3908 could be a privacy violation and unexpected.
3909
3910 Example:
3911 curl --ssl-auto-client-cert https://example.com
3912
3913 See also --proxy-ssl-auto-client-cert. Added in 7.77.0.
3914
3915 --ssl-no-revoke
3916 (Schannel) This option tells curl to disable certificate revoca‐
3917 tion checks. WARNING: this option loosens the SSL security, and
3918 by using this flag you ask for exactly that.
3919
3920 Example:
3921 curl --ssl-no-revoke https://example.com
3922
3923 See also --crlfile. Added in 7.44.0.
3924
3925 --ssl-reqd
3926 (FTP IMAP POP3 SMTP LDAP) Require SSL/TLS for the connection.
3927 Terminates the connection if the server does not support
3928 SSL/TLS.
3929
3930 This option is handled in LDAP since version 7.81.0. It is fully
3931 supported by the openldap backend and rejected by the generic
3932 ldap backend if explicit TLS is required.
3933
3934 This option was formerly known as --ftp-ssl-reqd.
3935
3936 Example:
3937 curl --ssl-reqd ftp://example.com
3938
3939 See also --ssl and -k, --insecure.
3940
3941 --ssl-revoke-best-effort
3942 (Schannel) This option tells curl to ignore certificate revoca‐
3943 tion checks when they failed due to missing/offline distribution
3944 points for the revocation check lists.
3945
3946 Example:
3947 curl --ssl-revoke-best-effort https://example.com
3948
3949 See also --crlfile and -k, --insecure. Added in 7.70.0.
3950
3951 --ssl (FTP IMAP POP3 SMTP LDAP) Try to use SSL/TLS for the connection.
3952 Reverts to a non-secure connection if the server does not sup‐
3953 port SSL/TLS. See also --ftp-ssl-control and --ssl-reqd for dif‐
3954 ferent levels of encryption required.
3955
3956 This option is handled in LDAP since version 7.81.0. It is fully
3957 supported by the openldap backend and ignored by the generic
3958 ldap backend.
3959
3960 Please note that a server may close the connection if the nego‐
3961 tiation does not succeed.
3962
3963 This option was formerly known as --ftp-ssl. That option name
3964 can still be used but will be removed in a future version.
3965
3966 Example:
3967 curl --ssl pop3://example.com/
3968
3969 See also -k, --insecure and --ciphers.
3970
3971 -2, --sslv2
3972 (SSL) This option previously asked curl to use SSLv2, but start‐
3973 ing in curl 7.77.0 this instruction is ignored. SSLv2 is widely
3974 considered insecure (see RFC 6176).
3975
3976 Example:
3977 curl --sslv2 https://example.com
3978
3979 See also --http1.1 and --http2. -2, --sslv2 requires that the
3980 underlying libcurl was built to support TLS. This option over‐
3981 rides -3, --sslv3 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
3982
3983 -3, --sslv3
3984 (SSL) This option previously asked curl to use SSLv3, but start‐
3985 ing in curl 7.77.0 this instruction is ignored. SSLv3 is widely
3986 considered insecure (see RFC 7568).
3987
3988 Example:
3989 curl --sslv3 https://example.com
3990
3991 See also --http1.1 and --http2. -3, --sslv3 requires that the
3992 underlying libcurl was built to support TLS. This option over‐
3993 rides -2, --sslv2 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
3994
3995 --stderr <file>
3996 Redirect all writes to stderr to the specified file instead. If
3997 the file name is a plain '-', it is instead written to stdout.
3998
3999 This option is global and does not need to be specified for each
4000 use of -:, --next.
4001
4002 If this option is used several times, the last one will be used.
4003
4004 Example:
4005 curl --stderr output.txt https://example.com
4006
4007 See also -v, --verbose and -s, --silent.
4008
4009 --styled-output
4010 Enables the automatic use of bold font styles when writing HTTP
4011 headers to the terminal. Use --no-styled-output to switch them
4012 off.
4013
4014 This option is global and does not need to be specified for each
4015 use of -:, --next.
4016
4017 Example:
4018 curl --styled-output -I https://example.com
4019
4020 See also -I, --head and -v, --verbose. Added in 7.61.0.
4021
4022 --suppress-connect-headers
4023 When --proxytunnel is used and a CONNECT request is made do not
4024 output proxy CONNECT response headers. This option is meant to
4025 be used with --dump-header or --include which are used to show
4026 protocol headers in the output. It has no effect on debug op‐
4027 tions such as --verbose or --trace, or any statistics.
4028
4029 Example:
4030 curl --suppress-connect-headers --include -x proxy https://example.com
4031
4032 See also -D, --dump-header, -i, --include and -p, --proxytunnel.
4033 Added in 7.54.0.
4034
4035 --tcp-fastopen
4036 Enable use of TCP Fast Open (RFC7413).
4037
4038 Example:
4039 curl --tcp-fastopen https://example.com
4040
4041 See also --false-start. Added in 7.49.0.
4042
4043 --tcp-nodelay
4044 Turn on the TCP_NODELAY option. See the curl_easy_setopt(3) man
4045 page for details about this option.
4046
4047 Since 7.50.2, curl sets this option by default and you need to
4048 explicitly switch it off if you do not want it on.
4049
4050 Example:
4051 curl --tcp-nodelay https://example.com
4052
4053 See also -N, --no-buffer.
4054
4055 -t, --telnet-option <opt=val>
4056 Pass options to the telnet protocol. Supported options are:
4057
4058 TTYPE=<term> Sets the terminal type.
4059
4060 XDISPLOC=<X display> Sets the X display location.
4061
4062 NEW_ENV=<var,val> Sets an environment variable.
4063
4064 Example:
4065 curl -t TTYPE=vt100 telnet://example.com/
4066
4067 See also -K, --config.
4068
4069 --tftp-blksize <value>
4070 (TFTP) Set TFTP BLKSIZE option (must be >512). This is the block
4071 size that curl will try to use when transferring data to or from
4072 a TFTP server. By default 512 bytes will be used.
4073
4074 If this option is used several times, the last one will be used.
4075
4076 Example:
4077 curl --tftp-blksize 1024 tftp://example.com/file
4078
4079 See also --tftp-no-options.
4080
4081 --tftp-no-options
4082 (TFTP) Tells curl not to send TFTP options requests.
4083
4084 This option improves interop with some legacy servers that do
4085 not acknowledge or properly implement TFTP options. When this
4086 option is used --tftp-blksize is ignored.
4087
4088 Example:
4089 curl --tftp-no-options tftp://192.168.0.1/
4090
4091 See also --tftp-blksize. Added in 7.48.0.
4092
4093 -z, --time-cond <time>
4094 (HTTP FTP) Request a file that has been modified later than the
4095 given time and date, or one that has been modified before that
4096 time. The <date expression> can be all sorts of date strings or
4097 if it does not match any internal ones, it is taken as a file‐
4098 name and tries to get the modification date (mtime) from <file>
4099 instead. See the curl_getdate(3) man pages for date expression
4100 details.
4101
4102 Start the date expression with a dash (-) to make it request for
4103 a document that is older than the given date/time, default is a
4104 document that is newer than the specified date/time.
4105
4106 If this option is used several times, the last one will be used.
4107
4108 Examples:
4109 curl -z "Wed 01 Sep 2021 12:18:00" https://example.com
4110 curl -z "-Wed 01 Sep 2021 12:18:00" https://example.com
4111 curl -z file https://example.com
4112
4113 See also --etag-compare and -R, --remote-time.
4114
4115 --tls-max <VERSION>
4116 (SSL) VERSION defines maximum supported TLS version. The minimum
4117 acceptable version is set by tlsv1.0, tlsv1.1, tlsv1.2 or
4118 tlsv1.3.
4119
4120 If the connection is done without TLS, this option has no ef‐
4121 fect. This includes QUIC-using (HTTP/3) transfers.
4122
4123
4124 default
4125 Use up to recommended TLS version.
4126
4127 1.0 Use up to TLSv1.0.
4128
4129 1.1 Use up to TLSv1.1.
4130
4131 1.2 Use up to TLSv1.2.
4132
4133 1.3 Use up to TLSv1.3.
4134
4135 Examples:
4136 curl --tls-max 1.2 https://example.com
4137 curl --tls-max 1.3 --tlsv1.2 https://example.com
4138
4139 See also --tlsv1.0, --tlsv1.1, --tlsv1.2 and --tlsv1.3. --tls-max re‐
4140 quires that the underlying libcurl was built to support TLS. Added in
4141 7.54.0.
4142
4143 --tls13-ciphers <ciphersuite list>
4144 (TLS) Specifies which cipher suites to use in the connection if
4145 it negotiates TLS 1.3. The list of ciphers suites must specify
4146 valid ciphers. Read up on TLS 1.3 cipher suite details on this
4147 URL:
4148
4149 https://curl.se/docs/ssl-ciphers.html
4150
4151 This option is currently used only when curl is built to use
4152 OpenSSL 1.1.1 or later. If you are using a different SSL backend
4153 you can try setting TLS 1.3 cipher suites by using the --ciphers
4154 option.
4155
4156 If this option is used several times, the last one will be used.
4157
4158 Example:
4159 curl --tls13-ciphers TLS_AES_128_GCM_SHA256 https://example.com
4160
4161 See also --ciphers and --curves. Added in 7.61.0.
4162
4163 --tlsauthtype <type>
4164 Set TLS authentication type. Currently, the only supported op‐
4165 tion is "SRP", for TLS-SRP (RFC 5054). If --tlsuser and
4166 --tlspassword are specified but --tlsauthtype is not, then this
4167 option defaults to "SRP". This option works only if the underly‐
4168 ing libcurl is built with TLS-SRP support, which requires
4169 OpenSSL or GnuTLS with TLS-SRP support.
4170
4171 Example:
4172 curl --tlsauthtype SRP https://example.com
4173
4174 See also --tlsuser.
4175
4176 --tlspassword <string>
4177 Set password for use with the TLS authentication method speci‐
4178 fied with --tlsauthtype. Requires that --tlsuser also be set.
4179
4180 This option does not work with TLS 1.3.
4181
4182 Example:
4183 curl --tlspassword pwd --tlsuser user https://example.com
4184
4185 See also --tlsuser.
4186
4187 --tlsuser <name>
4188 Set username for use with the TLS authentication method speci‐
4189 fied with --tlsauthtype. Requires that --tlspassword also is
4190 set.
4191
4192 This option does not work with TLS 1.3.
4193
4194 Example:
4195 curl --tlspassword pwd --tlsuser user https://example.com
4196
4197 See also --tlspassword.
4198
4199 --tlsv1.0
4200 (TLS) Forces curl to use TLS version 1.0 or later when connect‐
4201 ing to a remote TLS server.
4202
4203 In old versions of curl this option was documented to allow
4204 _only_ TLS 1.0. That behavior was inconsistent depending on the
4205 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
4206 sion.
4207
4208 Example:
4209 curl --tlsv1.0 https://example.com
4210
4211 See also --tlsv1.3. Added in 7.34.0.
4212
4213 --tlsv1.1
4214 (TLS) Forces curl to use TLS version 1.1 or later when connect‐
4215 ing to a remote TLS server.
4216
4217 In old versions of curl this option was documented to allow
4218 _only_ TLS 1.1. That behavior was inconsistent depending on the
4219 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
4220 sion.
4221
4222 Example:
4223 curl --tlsv1.1 https://example.com
4224
4225 See also --tlsv1.3. Added in 7.34.0.
4226
4227 --tlsv1.2
4228 (TLS) Forces curl to use TLS version 1.2 or later when connect‐
4229 ing to a remote TLS server.
4230
4231 In old versions of curl this option was documented to allow
4232 _only_ TLS 1.2. That behavior was inconsistent depending on the
4233 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
4234 sion.
4235
4236 Example:
4237 curl --tlsv1.2 https://example.com
4238
4239 See also --tlsv1.3. Added in 7.34.0.
4240
4241 --tlsv1.3
4242 (TLS) Forces curl to use TLS version 1.3 or later when connect‐
4243 ing to a remote TLS server.
4244
4245 If the connection is done without TLS, this option has no ef‐
4246 fect. This includes QUIC-using (HTTP/3) transfers.
4247
4248 Note that TLS 1.3 is not supported by all TLS backends.
4249
4250 Example:
4251 curl --tlsv1.3 https://example.com
4252
4253 See also --tlsv1.2. Added in 7.52.0.
4254
4255 -1, --tlsv1
4256 (SSL) Tells curl to use at least TLS version 1.x when negotiat‐
4257 ing with a remote TLS server. That means TLS version 1.0 or
4258 higher
4259
4260 Example:
4261 curl --tlsv1 https://example.com
4262
4263 See also --http1.1 and --http2. -1, --tlsv1 requires that the
4264 underlying libcurl was built to support TLS. This option over‐
4265 rides --tlsv1.1 and --tlsv1.2 and --tlsv1.3.
4266
4267 --tr-encoding
4268 (HTTP) Request a compressed Transfer-Encoding response using one
4269 of the algorithms curl supports, and uncompress the data while
4270 receiving it.
4271
4272 Example:
4273 curl --tr-encoding https://example.com
4274
4275 See also --compressed.
4276
4277 --trace-ascii <file>
4278 Enables a full trace dump of all incoming and outgoing data, in‐
4279 cluding descriptive information, to the given output file. Use
4280 "-" as filename to have the output sent to stdout.
4281
4282 This is similar to --trace, but leaves out the hex part and only
4283 shows the ASCII part of the dump. It makes smaller output that
4284 might be easier to read for untrained humans.
4285
4286 This option is global and does not need to be specified for each
4287 use of -:, --next.
4288
4289 If this option is used several times, the last one will be used.
4290
4291 Example:
4292 curl --trace-ascii log.txt https://example.com
4293
4294 See also -v, --verbose and --trace. This option overrides
4295 --trace and -v, --verbose.
4296
4297 --trace-time
4298 Prepends a time stamp to each trace or verbose line that curl
4299 displays.
4300
4301 This option is global and does not need to be specified for each
4302 use of -:, --next.
4303
4304 Example:
4305 curl --trace-time --trace-ascii output https://example.com
4306
4307 See also --trace and -v, --verbose.
4308
4309 --trace <file>
4310 Enables a full trace dump of all incoming and outgoing data, in‐
4311 cluding descriptive information, to the given output file. Use
4312 "-" as filename to have the output sent to stdout. Use "%" as
4313 filename to have the output sent to stderr.
4314
4315 This option is global and does not need to be specified for each
4316 use of -:, --next.
4317
4318 If this option is used several times, the last one will be used.
4319
4320 Example:
4321 curl --trace log.txt https://example.com
4322
4323 See also --trace-ascii and --trace-time. This option overrides
4324 -v, --verbose and --trace-ascii.
4325
4326 --unix-socket <path>
4327 (HTTP) Connect through this Unix domain socket, instead of using
4328 the network.
4329
4330 Example:
4331 curl --unix-socket socket-path https://example.com
4332
4333 See also --abstract-unix-socket. Added in 7.40.0.
4334
4335 -T, --upload-file <file>
4336 This transfers the specified local file to the remote URL. If
4337 there is no file part in the specified URL, curl will append the
4338 local file name. NOTE that you must use a trailing / on the last
4339 directory to really prove to Curl that there is no file name or
4340 curl will think that your last directory name is the remote file
4341 name to use. That will most likely cause the upload operation to
4342 fail. If this is used on an HTTP(S) server, the PUT command will
4343 be used.
4344
4345 Use the file name "-" (a single dash) to use stdin instead of a
4346 given file. Alternately, the file name "." (a single period)
4347 may be specified instead of "-" to use stdin in non-blocking
4348 mode to allow reading server output while stdin is being up‐
4349 loaded.
4350
4351 You can specify one --upload-file for each URL on the command
4352 line. Each -T, --upload-file + URL pair specifies what to upload
4353 and to where. curl also supports "globbing" of the --upload-file
4354 argument, meaning that you can upload multiple files to a single
4355 URL by using the same URL globbing style supported in the URL.
4356
4357 When uploading to an SMTP server: the uploaded data is assumed
4358 to be RFC 5322 formatted. It has to feature the necessary set of
4359 headers and mail body formatted correctly by the user as curl
4360 will not transcode nor encode it further in any way.
4361
4362 Examples:
4363 curl -T file https://example.com
4364 curl -T "img[1-1000].png" ftp://ftp.example.com/
4365 curl --upload-file "{file1,file2}" https://example.com
4366
4367 See also -G, --get and -I, --head.
4368
4369 --url <url>
4370 Specify a URL to fetch. This option is mostly handy when you
4371 want to specify URL(s) in a config file.
4372
4373 If the given URL is missing a scheme name (such as "http://" or
4374 "ftp://" etc) then curl will make a guess based on the host. If
4375 the outermost sub-domain name matches DICT, FTP, IMAP, LDAP,
4376 POP3 or SMTP then that protocol will be used, otherwise HTTP
4377 will be used. Since 7.45.0 guessing can be disabled by setting a
4378 default protocol, see --proto-default for details.
4379
4380 This option may be used any number of times. To control where
4381 this URL is written, use the --output or the --remote-name op‐
4382 tions.
4383
4384 WARNING: On Windows, particular file:// accesses can be con‐
4385 verted to network accesses by the operating system. Beware!
4386
4387 Example:
4388 curl --url https://example.com
4389
4390 See also -:, --next and -K, --config.
4391
4392 -B, --use-ascii
4393 (FTP LDAP) Enable ASCII transfer. For FTP, this can also be en‐
4394 forced by using a URL that ends with ";type=A". This option
4395 causes data sent to stdout to be in text mode for win32 systems.
4396
4397 Example:
4398 curl -B ftp://example.com/README
4399
4400 See also --crlf and --data-ascii.
4401
4402 -A, --user-agent <name>
4403 (HTTP) Specify the User-Agent string to send to the HTTP server.
4404 To encode blanks in the string, surround the string with single
4405 quote marks. This header can also be set with the --header or
4406 the --proxy-header options.
4407
4408 If you give an empty argument to -A, --user-agent (""), it will
4409 remove the header completely from the request. If you prefer a
4410 blank header, you can set it to a single space (" ").
4411
4412 If this option is used several times, the last one will be used.
4413
4414 Example:
4415 curl -A "Agent 007" https://example.com
4416
4417 See also -H, --header and --proxy-header.
4418
4419 -u, --user <user:password>
4420 Specify the user name and password to use for server authentica‐
4421 tion. Overrides --netrc and --netrc-optional.
4422
4423 If you simply specify the user name, curl will prompt for a
4424 password.
4425
4426 The user name and passwords are split up on the first colon,
4427 which makes it impossible to use a colon in the user name with
4428 this option. The password can, still.
4429
4430 On systems where it works, curl will hide the given option argu‐
4431 ment from process listings. This is not enough to protect cre‐
4432 dentials from possibly getting seen by other users on the same
4433 system as they will still be visible for a moment before
4434 cleared. Such sensitive data should be retrieved from a file in‐
4435 stead or similar and never used in clear text in a command line.
4436
4437 When using Kerberos V5 with a Windows based server you should
4438 include the Windows domain name in the user name, in order for
4439 the server to successfully obtain a Kerberos Ticket. If you do
4440 not, then the initial authentication handshake may fail.
4441
4442 When using NTLM, the user name can be specified simply as the
4443 user name, without the domain, if there is a single domain and
4444 forest in your setup for example.
4445
4446 To specify the domain name use either Down-Level Logon Name or
4447 UPN (User Principal Name) formats. For example, EXAMPLE\user and
4448 user@example.com respectively.
4449
4450 If you use a Windows SSPI-enabled curl binary and perform Ker‐
4451 beros V5, Negotiate, NTLM or Digest authentication then you can
4452 tell curl to select the user name and password from your envi‐
4453 ronment by specifying a single colon with this option: "-u :".
4454
4455 If this option is used several times, the last one will be used.
4456
4457 Example:
4458 curl -u user:secret https://example.com
4459
4460 See also -n, --netrc and -K, --config.
4461
4462 -v, --verbose
4463 Makes curl verbose during the operation. Useful for debugging
4464 and seeing what's going on "under the hood". A line starting
4465 with '>' means "header data" sent by curl, '<' means "header
4466 data" received by curl that is hidden in normal cases, and a
4467 line starting with '*' means additional info provided by curl.
4468
4469 If you only want HTTP headers in the output, --include might be
4470 the option you are looking for.
4471
4472 If you think this option still does not give you enough details,
4473 consider using --trace or --trace-ascii instead.
4474
4475 This option is global and does not need to be specified for each
4476 use of -:, --next.
4477
4478 Use --silent to make curl really quiet.
4479
4480 Example:
4481 curl --verbose https://example.com
4482
4483 See also -i, --include. This option overrides --trace and
4484 --trace-ascii.
4485
4486 -V, --version
4487 Displays information about curl and the libcurl version it uses.
4488
4489 The first line includes the full version of curl, libcurl and
4490 other 3rd party libraries linked with the executable.
4491
4492 The second line (starts with "Protocols:") shows all protocols
4493 that libcurl reports to support.
4494
4495 The third line (starts with "Features:") shows specific features
4496 libcurl reports to offer. Available features include:
4497
4498 alt-svc
4499 Support for the Alt-Svc: header is provided.
4500
4501 AsynchDNS
4502 This curl uses asynchronous name resolves. Asynchronous
4503 name resolves can be done using either the c-ares or the
4504 threaded resolver backends.
4505
4506 brotli Support for automatic brotli compression over HTTP(S).
4507
4508 CharConv
4509 curl was built with support for character set conversions
4510 (like EBCDIC)
4511
4512 Debug This curl uses a libcurl built with Debug. This enables
4513 more error-tracking and memory debugging etc. For curl-
4514 developers only!
4515
4516 gsasl The built-in SASL authentication includes extensions to
4517 support SCRAM because libcurl was built with libgsasl.
4518
4519 GSS-API
4520 GSS-API is supported.
4521
4522 HSTS HSTS support is present.
4523
4524 HTTP2 HTTP/2 support has been built-in.
4525
4526 HTTP3 HTTP/3 support has been built-in.
4527
4528 HTTPS-proxy
4529 This curl is built to support HTTPS proxy.
4530
4531 IDN This curl supports IDN - international domain names.
4532
4533 IPv6 You can use IPv6 with this.
4534
4535 Kerberos
4536 Kerberos V5 authentication is supported.
4537
4538 Largefile
4539 This curl supports transfers of large files, files larger
4540 than 2GB.
4541
4542 libz Automatic decompression (via gzip, deflate) of compressed
4543 files over HTTP is supported.
4544
4545 MultiSSL
4546 This curl supports multiple TLS backends.
4547
4548 NTLM NTLM authentication is supported.
4549
4550 NTLM_WB
4551 NTLM delegation to winbind helper is supported.
4552
4553 PSL PSL is short for Public Suffix List and means that this
4554 curl has been built with knowledge about "public suf‐
4555 fixes".
4556
4557 SPNEGO SPNEGO authentication is supported.
4558
4559 SSL SSL versions of various protocols are supported, such as
4560 HTTPS, FTPS, POP3S and so on.
4561
4562 SSPI SSPI is supported.
4563
4564 TLS-SRP
4565 SRP (Secure Remote Password) authentication is supported
4566 for TLS.
4567
4568 TrackMemory
4569 Debug memory tracking is supported.
4570
4571 Unicode
4572 Unicode support on Windows.
4573
4574 UnixSockets
4575 Unix sockets support is provided.
4576
4577 zstd Automatic decompression (via zstd) of compressed files
4578 over HTTP is supported.
4579
4580 Example:
4581 curl --version
4582
4583 See also -h, --help and -M, --manual.
4584
4585 -w, --write-out <format>
4586 Make curl display information on stdout after a completed trans‐
4587 fer. The format is a string that may contain plain text mixed
4588 with any number of variables. The format can be specified as a
4589 literal "string", or you can have curl read the format from a
4590 file with "@filename" and to tell curl to read the format from
4591 stdin you write "@-".
4592
4593 The variables present in the output format will be substituted
4594 by the value or text that curl thinks fit, as described below.
4595 All variables are specified as %{variable_name} and to output a
4596 normal % you just write them as %%. You can output a newline by
4597 using \n, a carriage return with \r and a tab space with \t.
4598
4599 The output will be written to standard output, but this can be
4600 switched to standard error by using %{stderr}.
4601
4602 NOTE: The %-symbol is a special symbol in the win32-environment,
4603 where all occurrences of % must be doubled when using this op‐
4604 tion.
4605
4606 The variables available are:
4607
4608 content_type The Content-Type of the requested document, if
4609 there was any.
4610
4611 errormsg The error message. (Added in 7.75.0)
4612
4613 exitcode The numerical exitcode of the transfer. (Added in
4614 7.75.0)
4615
4616 filename_effective
4617 The ultimate filename that curl writes out to.
4618 This is only meaningful if curl is told to write
4619 to a file with the --remote-name or --output op‐
4620 tion. It's most useful in combination with the
4621 --remote-header-name option.
4622
4623 ftp_entry_path The initial path curl ended up in when logging on
4624 to the remote FTP server.
4625
4626 http_code The numerical response code that was found in the
4627 last retrieved HTTP(S) or FTP(s) transfer.
4628
4629 http_connect The numerical code that was found in the last re‐
4630 sponse (from a proxy) to a curl CONNECT request.
4631
4632 http_version The http version that was effectively used.
4633 (Added in 7.50.0)
4634
4635 json A JSON object with all available keys.
4636
4637 local_ip The IP address of the local end of the most re‐
4638 cently done connection - can be either IPv4 or
4639 IPv6.
4640
4641 local_port The local port number of the most recently done
4642 connection.
4643
4644 method The http method used in the most recent HTTP re‐
4645 quest. (Added in 7.72.0)
4646
4647 num_connects Number of new connects made in the recent trans‐
4648 fer.
4649
4650 num_headers The number of response headers in the most recent
4651 request (restarted at each redirect). Note that
4652 the status line IS NOT a header. (Added in
4653 7.73.0)
4654
4655 num_redirects Number of redirects that were followed in the re‐
4656 quest.
4657
4658 onerror The rest of the output is only shown if the
4659 transfer returned a non-zero error (Added in
4660 7.75.0)
4661
4662 proxy_ssl_verify_result
4663 The result of the HTTPS proxy's SSL peer certifi‐
4664 cate verification that was requested. 0 means the
4665 verification was successful. (Added in 7.52.0)
4666
4667 redirect_url When an HTTP request was made without --location
4668 to follow redirects (or when --max-redirs is
4669 met), this variable will show the actual URL a
4670 redirect would have gone to.
4671
4672 referer The Referer: header, if there was any. (Added in
4673 7.76.0)
4674
4675 remote_ip The remote IP address of the most recently done
4676 connection - can be either IPv4 or IPv6.
4677
4678 remote_port The remote port number of the most recently done
4679 connection.
4680
4681 response_code The numerical response code that was found in the
4682 last transfer (formerly known as "http_code").
4683
4684 scheme The URL scheme (sometimes called protocol) that
4685 was effectively used. (Added in 7.52.0)
4686
4687 size_download The total amount of bytes that were downloaded.
4688 This is the size of the body/data that was trans‐
4689 ferred, excluding headers.
4690
4691 size_header The total amount of bytes of the downloaded head‐
4692 ers.
4693
4694 size_request The total amount of bytes that were sent in the
4695 HTTP request.
4696
4697 size_upload The total amount of bytes that were uploaded.
4698 This is the size of the body/data that was trans‐
4699 ferred, excluding headers.
4700
4701 speed_download The average download speed that curl measured for
4702 the complete download. Bytes per second.
4703
4704 speed_upload The average upload speed that curl measured for
4705 the complete upload. Bytes per second.
4706
4707 ssl_verify_result
4708 The result of the SSL peer certificate verifica‐
4709 tion that was requested. 0 means the verification
4710 was successful.
4711
4712 stderr From this point on, the --write-out output will
4713 be written to standard error. (Added in 7.63.0)
4714
4715 stdout From this point on, the --write-out output will
4716 be written to standard output. This is the de‐
4717 fault, but can be used to switch back after
4718 switching to stderr. (Added in 7.63.0)
4719
4720 time_appconnect
4721 The time, in seconds, it took from the start un‐
4722 til the SSL/SSH/etc connect/handshake to the re‐
4723 mote host was completed.
4724
4725 time_connect The time, in seconds, it took from the start un‐
4726 til the TCP connect to the remote host (or proxy)
4727 was completed.
4728
4729 time_namelookup
4730 The time, in seconds, it took from the start un‐
4731 til the name resolving was completed.
4732
4733 time_pretransfer
4734 The time, in seconds, it took from the start un‐
4735 til the file transfer was just about to begin.
4736 This includes all pre-transfer commands and nego‐
4737 tiations that are specific to the particular pro‐
4738 tocol(s) involved.
4739
4740 time_redirect The time, in seconds, it took for all redirection
4741 steps including name lookup, connect, pretransfer
4742 and transfer before the final transaction was
4743 started. time_redirect shows the complete execu‐
4744 tion time for multiple redirections.
4745
4746 time_starttransfer
4747 The time, in seconds, it took from the start un‐
4748 til the first byte was just about to be trans‐
4749 ferred. This includes time_pretransfer and also
4750 the time the server needed to calculate the re‐
4751 sult.
4752
4753 time_total The total time, in seconds, that the full opera‐
4754 tion lasted.
4755
4756 url The URL that was fetched. (Added in 7.75.0)
4757
4758 urlnum The URL index number of this transfer, 0-indexed.
4759 De-globbed URLs share the same index number as
4760 the origin globbed URL. (Added in 7.75.0)
4761
4762 url_effective The URL that was fetched last. This is most mean‐
4763 ingful if you have told curl to follow location:
4764 headers.
4765
4766 If this option is used several times, the last one will be used.
4767
4768 Example:
4769 curl -w '%{http_code}\n' https://example.com
4770
4771 See also -v, --verbose and -I, --head.
4772
4773 --xattr
4774 When saving output to a file, this option tells curl to store
4775 certain file metadata in extended file attributes. Currently,
4776 the URL is stored in the xdg.origin.url attribute and, for HTTP,
4777 the content type is stored in the mime_type attribute. If the
4778 file system does not support extended attributes, a warning is
4779 issued.
4780
4781 Example:
4782 curl --xattr -o storage https://example.com
4783
4784 See also -R, --remote-time, -w, --write-out and -v, --verbose.
4785
4787 ~/.curlrc
4788 Default config file, see --config for details.
4789
4791 The environment variables can be specified in lower case or upper case.
4792 The lower case version has precedence. http_proxy is an exception as it
4793 is only available in lower case.
4794
4795 Using an environment variable to set the proxy has the same effect as
4796 using the --proxy option.
4797
4798
4799 http_proxy [protocol://]<host>[:port]
4800 Sets the proxy server to use for HTTP.
4801
4802 HTTPS_PROXY [protocol://]<host>[:port]
4803 Sets the proxy server to use for HTTPS.
4804
4805 [url-protocol]_PROXY [protocol://]<host>[:port]
4806 Sets the proxy server to use for [url-protocol], where the pro‐
4807 tocol is a protocol that curl supports and as specified in a
4808 URL. FTP, FTPS, POP3, IMAP, SMTP, LDAP, etc.
4809
4810 ALL_PROXY [protocol://]<host>[:port]
4811 Sets the proxy server to use if no protocol-specific proxy is
4812 set.
4813
4814 NO_PROXY <comma-separated list of hosts/domains>
4815 list of host names that should not go through any proxy. If set
4816 to an asterisk '*' only, it matches all hosts. Each name in this
4817 list is matched as either a domain name which contains the host‐
4818 name, or the hostname itself.
4819
4820 This environment variable disables use of the proxy even when
4821 specified with the --proxy option. That is NO_PROXY=direct.exam‐
4822 ple.com curl -x http://proxy.example.com http://direct.exam‐
4823 ple.com accesses the target URL directly, and NO_PROXY=di‐
4824 rect.example.com curl -x http://proxy.example.com http://some‐
4825 where.example.com accesses the target URL through the proxy.
4826
4827 The list of host names can also be include numerical IP ad‐
4828 dresses, and IPv6 versions should then be given without enclos‐
4829 ing brackets.
4830
4831 IPv6 numerical addresses are compared as strings, so they will
4832 only match if the representations are the same: "::1" is the
4833 same as "::0:1" but they do not match.
4834
4835 APPDATA <dir>
4836 On Windows, this variable is used when trying to find the home
4837 directory. If the primary home variable are all unset.
4838
4839 COLUMNS <terminal width>
4840 If set, the specified number of characters will be used as the
4841 terminal width when the alternative progress-bar is shown. If
4842 not set, curl will try to figure it out using other ways.
4843
4844 CURL_CA_BUNDLE <file>
4845 If set, will be used as the --cacert value.
4846
4847 CURL_HOME <dir>
4848 If set, is the first variable curl checks when trying to find
4849 its home directory. If not set, it continues to check XDG_CON‐
4850 FIG_HOME.
4851
4852 CURL_SSL_BACKEND <TLS backend>
4853 If curl was built with support for "MultiSSL", meaning that it
4854 has built-in support for more than one TLS backend, this envi‐
4855 ronment variable can be set to the case insensitive name of the
4856 particular backend to use when curl is invoked. Setting a name
4857 that is not a built-in alternative will make curl stay with the
4858 default.
4859
4860 SSL backend names (case-insensitive): bearssl, gnutls, gskit,
4861 mbedtls, nss, openssl, rustls, schannel, secure-transport, wolf‐
4862 ssl
4863
4864 HOME <dir>
4865 If set, this is used to find the home directory when that is
4866 needed. Like when looking for the default .curlrc. CURL_HOME and
4867 XDG_CONFIG_HOME have preference.
4868
4869 QLOGDIR <directory name>
4870 If curl was built with HTTP/3 support, setting this environment
4871 variable to a local directory will make curl produce qlogs in
4872 that directory, using file names named after the destination
4873 connection id (in hex). Do note that these files can become
4874 rather large. Works with both QUIC backends.
4875
4876 SHELL Used on VMS when trying to detect if using a DCL or a "unix"
4877 shell.
4878
4879 SSL_CERT_DIR <dir>
4880 If set, will be used as the --capath value.
4881
4882 SSL_CERT_FILE <path>
4883 If set, will be used as the --cacert value.
4884
4885 SSLKEYLOGFILE <file name>
4886 If you set this environment variable to a file name, curl will
4887 store TLS secrets from its connections in that file when invoked
4888 to enable you to analyze the TLS traffic in real time using net‐
4889 work analyzing tools such as Wireshark. This works with the fol‐
4890 lowing TLS backends: OpenSSL, libressl, BoringSSL, GnuTLS, NSS
4891 and wolfSSL.
4892
4893 USERPROFILE <dir>
4894 On Windows, this variable is used when trying to find the home
4895 directory. If the other, primary, variable are all unset. If
4896 set, curl will use the path "$USERPROFILE\Application Data".
4897
4898 XDG_CONFIG_HOME <dir>
4899 If CURL_HOME is not set, this variable is checked when looking
4900 for a default .curlrc file.
4901
4903 The proxy string may be specified with a protocol:// prefix to specify
4904 alternative proxy protocols.
4905
4906 If no protocol is specified in the proxy string or if the string does
4907 not match a supported one, the proxy will be treated as an HTTP proxy.
4908
4909 The supported proxy protocol prefixes are as follows:
4910
4911 http://
4912 Makes it use it as an HTTP proxy. The default if no scheme pre‐
4913 fix is used.
4914
4915 https://
4916 Makes it treated as an HTTPS proxy.
4917
4918 socks4://
4919 Makes it the equivalent of --socks4
4920
4921 socks4a://
4922 Makes it the equivalent of --socks4a
4923
4924 socks5://
4925 Makes it the equivalent of --socks5
4926
4927 socks5h://
4928 Makes it the equivalent of --socks5-hostname
4929
4931 There are a bunch of different error codes and their corresponding er‐
4932 ror messages that may appear under error conditions. At the time of
4933 this writing, the exit codes are:
4934
4935 1 Unsupported protocol. This build of curl has no support for this
4936 protocol.
4937
4938 2 Failed to initialize.
4939
4940 3 URL malformed. The syntax was not correct.
4941
4942 4 A feature or option that was needed to perform the desired re‐
4943 quest was not enabled or was explicitly disabled at build-time.
4944 To make curl able to do this, you probably need another build of
4945 libcurl.
4946
4947 5 Could not resolve proxy. The given proxy host could not be re‐
4948 solved.
4949
4950 6 Could not resolve host. The given remote host could not be re‐
4951 solved.
4952
4953 7 Failed to connect to host.
4954
4955 8 Weird server reply. The server sent data curl could not parse.
4956
4957 9 FTP access denied. The server denied login or denied access to
4958 the particular resource or directory you wanted to reach. Most
4959 often you tried to change to a directory that does not exist on
4960 the server.
4961
4962 10 FTP accept failed. While waiting for the server to connect back
4963 when an active FTP session is used, an error code was sent over
4964 the control connection or similar.
4965
4966 11 FTP weird PASS reply. Curl could not parse the reply sent to the
4967 PASS request.
4968
4969 12 During an active FTP session while waiting for the server to
4970 connect back to curl, the timeout expired.
4971
4972 13 FTP weird PASV reply, Curl could not parse the reply sent to the
4973 PASV request.
4974
4975 14 FTP weird 227 format. Curl could not parse the 227-line the
4976 server sent.
4977
4978 15 FTP cannot use host. Could not resolve the host IP we got in the
4979 227-line.
4980
4981 16 HTTP/2 error. A problem was detected in the HTTP2 framing layer.
4982 This is somewhat generic and can be one out of several problems,
4983 see the error message for details.
4984
4985 17 FTP could not set binary. Could not change transfer method to
4986 binary.
4987
4988 18 Partial file. Only a part of the file was transferred.
4989
4990 19 FTP could not download/access the given file, the RETR (or simi‐
4991 lar) command failed.
4992
4993 21 FTP quote error. A quote command returned error from the server.
4994
4995 22 HTTP page not retrieved. The requested url was not found or re‐
4996 turned another error with the HTTP error code being 400 or
4997 above. This return code only appears if --fail is used.
4998
4999 23 Write error. Curl could not write data to a local filesystem or
5000 similar.
5001
5002 25 FTP could not STOR file. The server denied the STOR operation,
5003 used for FTP uploading.
5004
5005 26 Read error. Various reading problems.
5006
5007 27 Out of memory. A memory allocation request failed.
5008
5009 28 Operation timeout. The specified time-out period was reached ac‐
5010 cording to the conditions.
5011
5012 30 FTP PORT failed. The PORT command failed. Not all FTP servers
5013 support the PORT command, try doing a transfer using PASV in‐
5014 stead!
5015
5016 31 FTP could not use REST. The REST command failed. This command is
5017 used for resumed FTP transfers.
5018
5019 33 HTTP range error. The range "command" did not work.
5020
5021 34 HTTP post error. Internal post-request generation error.
5022
5023 35 SSL connect error. The SSL handshaking failed.
5024
5025 36 Bad download resume. Could not continue an earlier aborted down‐
5026 load.
5027
5028 37 FILE could not read file. Failed to open the file. Permissions?
5029
5030 38 LDAP cannot bind. LDAP bind operation failed.
5031
5032 39 LDAP search failed.
5033
5034 41 Function not found. A required LDAP function was not found.
5035
5036 42 Aborted by callback. An application told curl to abort the oper‐
5037 ation.
5038
5039 43 Internal error. A function was called with a bad parameter.
5040
5041 45 Interface error. A specified outgoing interface could not be
5042 used.
5043
5044 47 Too many redirects. When following redirects, curl hit the maxi‐
5045 mum amount.
5046
5047 48 Unknown option specified to libcurl. This indicates that you
5048 passed a weird option to curl that was passed on to libcurl and
5049 rejected. Read up in the manual!
5050
5051 49 Malformed telnet option.
5052
5053 51 The peer's SSL certificate or SSH MD5 fingerprint was not OK.
5054
5055 52 The server did not reply anything, which here is considered an
5056 error.
5057
5058 53 SSL crypto engine not found.
5059
5060 54 Cannot set SSL crypto engine as default.
5061
5062 55 Failed sending network data.
5063
5064 56 Failure in receiving network data.
5065
5066 58 Problem with the local certificate.
5067
5068 59 Could not use specified SSL cipher.
5069
5070 60 Peer certificate cannot be authenticated with known CA certifi‐
5071 cates.
5072
5073 61 Unrecognized transfer encoding.
5074
5075 62 Invalid LDAP URL.
5076
5077 63 Maximum file size exceeded.
5078
5079 64 Requested FTP SSL level failed.
5080
5081 65 Sending the data requires a rewind that failed.
5082
5083 66 Failed to initialise SSL Engine.
5084
5085 67 The user name, password, or similar was not accepted and curl
5086 failed to log in.
5087
5088 68 File not found on TFTP server.
5089
5090 69 Permission problem on TFTP server.
5091
5092 70 Out of disk space on TFTP server.
5093
5094 71 Illegal TFTP operation.
5095
5096 72 Unknown TFTP transfer ID.
5097
5098 73 File already exists (TFTP).
5099
5100 74 No such user (TFTP).
5101
5102 75 Character conversion failed.
5103
5104 76 Character conversion functions required.
5105
5106 77 Problem reading the SSL CA cert (path? access rights?).
5107
5108 78 The resource referenced in the URL does not exist.
5109
5110 79 An unspecified error occurred during the SSH session.
5111
5112 80 Failed to shut down the SSL connection.
5113
5114 82 Could not load CRL file, missing or wrong format.
5115
5116 83 Issuer check failed.
5117
5118 84 The FTP PRET command failed.
5119
5120 85 Mismatch of RTSP CSeq numbers.
5121
5122 86 Mismatch of RTSP Session Identifiers.
5123
5124 87 Unable to parse FTP file list.
5125
5126 88 FTP chunk callback reported error.
5127
5128 89 No connection available, the session will be queued.
5129
5130 90 SSL public key does not matched pinned public key.
5131
5132 91 Invalid SSL certificate status.
5133
5134 92 Stream error in HTTP/2 framing layer.
5135
5136 93 An API function was called from inside a callback.
5137
5138 94 An authentication function returned an error.
5139
5140 95 A problem was detected in the HTTP/3 layer. This is somewhat
5141 generic and can be one out of several problems, see the error
5142 message for details.
5143
5144 96 QUIC connection error. This error may be caused by an SSL li‐
5145 brary error. QUIC is the protocol used for HTTP/3 transfers.
5146
5147 XX More error codes will appear here in future releases. The exist‐
5148 ing ones are meant to never change.
5149
5151 If you experience any problems with curl, submit an issue in the
5152 project's bug tracker on GitHub: https://github.com/curl/curl/issues
5153
5155 Daniel Stenberg is the main author, but the whole list of contributors
5156 is found in the separate THANKS file.
5157
5159 https://curl.se
5160
5162 ftp(1), wget(1)
5163
5164
5165
5166curl 7.82.0 March 05 2022 curl(1)