1curl(1) curl Manual curl(1)
2
6 curl - transfer a URL
7
9 curl [options / URLs]
10
12 curl is a tool for transferring data from or to a server. It supports
13 these protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS,
14 IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP,
15 SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. The command is
16 designed to work without user interaction.
17 curl offers a busload of useful tricks like proxy support, user authen‐
19 tication, FTP upload, HTTP post, SSL connections, cookies, file trans‐
20 fer resume and more. As you will see below, the number of features will
21 make your head spin.
22 curl is powered by libcurl for all transfer-related features. See
24 libcurl(3) for details.
25
27 The URL syntax is protocol-dependent. You find a detailed description
28 in RFC 3986.
29 You can specify multiple URLs or parts of URLs by writing part sets
31 within braces and quoting the URL as in:
32 "http://site.{one,two,three}.com"
34 or you can get sequences of alphanumeric series by using [] as in:
36 "ftp://ftp.example.com/file[1-100].txt"
38 "ftp://ftp.example.com/file[001-100].txt" (with leading zeros)
40 "ftp://ftp.example.com/file[a-z].txt"
42 Nested sequences are not supported, but you can use several ones next
44 to each other:
45 "http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html"
47 You can specify any amount of URLs on the command line. They will be
49 fetched in a sequential manner in the specified order. You can specify
50 command line options and URLs mixed and in any order on the command
51 line.
52 You can specify a step counter for the ranges to get every Nth number
54 or letter:
55 "http://example.com/file[1-100:10].txt"
57 "http://example.com/file[a-z:2].txt"
59 When using [] or {} sequences when invoked from a command line prompt,
61 you probably have to put the full URL within double quotes to avoid the
62 shell from interfering with it. This also goes for other characters
63 treated special, like for example '&', '?' and '*'.
64 Provide the IPv6 zone index in the URL with an escaped percentage sign
66 and the interface name. Like in
67 "http://[fe80::3%25eth0]/"
69 If you specify URL without protocol:// prefix, curl will attempt to
71 guess what protocol you might want. It will then default to HTTP but
72 try other protocols based on often-used host name prefixes. For exam‐
73 ple, for host names starting with "ftp." curl will assume you want to
74 speak FTP.
75 curl will do its best to use what you pass to it as a URL. It is not
77 trying to validate it as a syntactically correct URL by any means but
78 is fairly liberal with what it accepts.
79 curl will attempt to re-use connections for multiple file transfers, so
81 that getting many files from the same server will not do multiple con‐
82 nects / handshakes. This improves speed. Of course this is only done on
83 files specified on a single command line and cannot be used between
84 separate curl invocations.
85
87 If not told otherwise, curl writes the received data to stdout. It can
88 be instructed to instead save that data into a local file, using the
89 -o, --output or -O, --remote-name options. If curl is given multiple
90 URLs to transfer on the command line, it similarly needs multiple op‐
91 tions for where to save them.
92 curl does not parse or otherwise "understand" the content it gets or
94 writes as output. It does no encoding or decoding, unless explicitly
95 asked to with dedicated command line options.
96
98 curl supports numerous protocols, or put in URL terms: schemes. Your
99 particular build may not support them all.
100 DICT Lets you lookup words using online dictionaries.
102 FILE Read or write local files. curl does not support accessing
104 file:// URL remotely, but when running on Microsoft Windows us‐
105 ing the native UNC approach will work.
106 FTP(S) curl supports the File Transfer Protocol with a lot of tweaks
108 and levers. With or without using TLS.
109 GOPHER(S)
111 Retrieve files.
112 HTTP(S)
114 curl supports HTTP with numerous options and variations. It can
115 speak HTTP version 0.9, 1.0, 1.1, 2 and 3 depending on build op‐
116 tions and the correct command line options.
117 IMAP(S)
119 Using the mail reading protocol, curl can "download" emails for
120 you. With or without using TLS.
121 LDAP(S)
123 curl can do directory lookups for you, with or without TLS.
124 MQTT curl supports MQTT version 3. Downloading over MQTT equals "sub‐
126 scribe" to a topic while uploading/posting equals "publish" on a
127 topic. MQTT over TLS is not supported (yet).
128 POP3(S)
130 Downloading from a pop3 server means getting a mail. With or
131 without using TLS.
132 RTMP(S)
134 The Realtime Messaging Protocol is primarily used to server
135 streaming media and curl can download it.
136 RTSP curl supports RTSP 1.0 downloads.
138 SCP curl supports SSH version 2 scp transfers.
140 SFTP curl supports SFTP (draft 5) done over SSH version 2.
142 SMB(S) curl supports SMB version 1 for upload and download.
144 SMTP(S)
146 Uploading contents to an SMTP server means sending an email.
147 With or without TLS.
148 TELNET Telling curl to fetch a telnet URL starts an interactive session
150 where it sends what it reads on stdin and outputs what the
151 server sends it.
152 TFTP curl can do TFTP downloads and uploads.
154
156 curl normally displays a progress meter during operations, indicating
157 the amount of transferred data, transfer speeds and estimated time
158 left, etc. The progress meter displays the transfer rate in bytes per
159 second. The suffixes (k, M, G, T, P) are 1024 based. For example 1k is
160 1024 bytes. 1M is 1048576 bytes.
161 curl displays this data to the terminal by default, so if you invoke
163 curl to do an operation and it is about to write data to the terminal,
164 it disables the progress meter as otherwise it would mess up the output
165 mixing progress meter and response data.
166 If you want a progress meter for HTTP POST or PUT requests, you need to
168 redirect the response output to a file, using shell redirect (>), -o,
169 --output or similar.
170 This does not apply to FTP upload as that operation does not spit out
172 any response data to the terminal.
173 If you prefer a progress "bar" instead of the regular meter, -#,
175 --progress-bar is your friend. You can also disable the progress meter
176 completely with the -s, --silent option.
177
179 Options start with one or two dashes. Many of the options require an
180 additional value next to them.
181 The short "single-dash" form of the options, -d for example, may be
183 used with or without a space between it and its value, although a space
184 is a recommended separator. The long "double-dash" form, -d, --data for
185 example, requires a space between it and its value.
186 Short version options that do not need any additional values can be
188 used immediately next to each other, like for example you can specify
189 all the options -O, -L and -v at once as -OLv.
190 In general, all boolean options are enabled with --option and yet again
192 disabled with --no-option. That is, you use the same option name but
193 prefix it with "no-". However, in this list we mostly only list and
194 show the --option version of them.
195 When -:, --next is used, it resets the parser state and you start again
197 with a clean option state, except for the options that are "global".
198 Global options will retain their values and meaning even after -:,
199 --next.
200 The following options are global: --fail-early, --libcurl, --parallel-
202 immediate, -Z, --parallel, -#, --progress-bar, --rate, -S, --show-er‐
203 ror, --stderr, --styled-output, --trace-ascii, --trace-time, --trace
204 and -v, --verbose.
205 --abstract-unix-socket <path>
208 (HTTP) Connect through an abstract Unix domain socket, instead
209 of using the network. Note: netstat shows the path of an ab‐
210 stract socket prefixed with '@', however the <path> argument
211 should not have this leading character.
212 If --abstract-unix-socket is provided several times, the last
214 set value will be used.
215 Example:
217 curl --abstract-unix-socket socketpath https://example.com
218 See also --unix-socket. Added in 7.53.0.
220 --alt-svc <file name>
222 (HTTPS) This option enables the alt-svc parser in curl. If the
223 file name points to an existing alt-svc cache file, that will be
224 used. After a completed transfer, the cache will be saved to the
225 file name again if it has been modified.
226 Specify a "" file name (zero length) to avoid loading/saving and
228 make curl just handle the cache in memory.
229 If this option is used several times, curl will load contents
231 from all the files but the last one will be used for saving.
232 --alt-svc can be used several times in a command line
234 Example:
236 curl --alt-svc svc.txt https://example.com
237 See also --resolve and --connect-to. Added in 7.64.1.
239 --anyauth
241 (HTTP) Tells curl to figure out authentication method by itself,
242 and use the most secure one the remote site claims to support.
243 This is done by first doing a request and checking the response-
244 headers, thus possibly inducing an extra network round-trip.
245 This is used instead of setting a specific authentication
246 method, which you can do with --basic, --digest, --ntlm, and
247 --negotiate.
248 Using --anyauth is not recommended if you do uploads from stdin,
250 since it may require data to be sent twice and then the client
251 must be able to rewind. If the need should arise when uploading
252 from stdin, the upload operation will fail.
253 Used together with -u, --user.
255 Providing --anyauth multiple times has no extra effect.
257 Example:
259 curl --anyauth --user me:pwd https://example.com
260 See also --proxy-anyauth, --basic and --digest.
262 -a, --append
264 (FTP SFTP) When used in an upload, this makes curl append to the
265 target file instead of overwriting it. If the remote file does
266 not exist, it will be created. Note that this flag is ignored by
267 some SFTP servers (including OpenSSH).
268 Providing -a, --append multiple times has no extra effect. Dis‐
270 able it again with --no-append.
271 Example:
273 curl --upload-file local --append ftp://example.com/
274 See also -r, --range and -C, --continue-at.
276 --aws-sigv4 <provider1[:provider2[:region[:service]]]>
278 Use AWS V4 signature authentication in the transfer.
279 The provider argument is a string that is used by the algorithm
281 when creating outgoing authentication headers.
282 The region argument is a string that points to a geographic area
284 of a resources collection (region-code) when the region name is
285 omitted from the endpoint.
286 The service argument is a string that points to a function pro‐
288 vided by a cloud (service-code) when the service name is omitted
289 from the endpoint.
290 If --aws-sigv4 is provided several times, the last set value
292 will be used.
293 Example:
295 curl --aws-sigv4 "aws:amz:east-2:es" --user "key:secret" https://example.com
296 See also --basic and -u, --user. Added in 7.75.0.
298 --basic
300 (HTTP) Tells curl to use HTTP Basic authentication with the re‐
301 mote host. This is the default and this option is usually point‐
302 less, unless you use it to override a previously set option that
303 sets a different authentication method (such as --ntlm, --di‐
304 gest, or --negotiate).
305 Used together with -u, --user.
307 Providing --basic multiple times has no extra effect.
309 Example:
311 curl -u name:password --basic https://example.com
312 See also --proxy-basic.
314 --cacert <file>
316 (TLS) Tells curl to use the specified certificate file to verify
317 the peer. The file may contain multiple CA certificates. The
318 certificate(s) must be in PEM format. Normally curl is built to
319 use a default file for this, so this option is typically used to
320 alter that default file.
321 curl recognizes the environment variable named 'CURL_CA_BUNDLE'
323 if it is set, and uses the given path as a path to a CA cert
324 bundle. This option overrides that variable.
325 The windows version of curl will automatically look for a CA
327 certs file named 'curl-ca-bundle.crt', either in the same direc‐
328 tory as curl.exe, or in the Current Working Directory, or in any
329 folder along your PATH.
330 If curl is built against the NSS SSL library, the NSS PEM
332 PKCS#11 module (libnsspem.so) needs to be available for this op‐
333 tion to work properly.
334 (iOS and macOS only) If curl is built against Secure Transport,
336 then this option is supported for backward compatibility with
337 other SSL engines, but it should not be set. If the option is
338 not set, then curl will use the certificates in the system and
339 user Keychain to verify the peer, which is the preferred method
340 of verifying the peer's certificate chain.
341 (Schannel only) This option is supported for Schannel in Windows
343 7 or later with libcurl 7.60 or later. This option is supported
344 for backward compatibility with other SSL engines; instead it is
345 recommended to use Windows' store of root certificates (the de‐
346 fault for Schannel).
347 If --cacert is provided several times, the last set value will
349 be used.
350 Example:
352 curl --cacert CA-file.txt https://example.com
353 See also --capath and -k, --insecure.
355 --capath <dir>
357 (TLS) Tells curl to use the specified certificate directory to
358 verify the peer. Multiple paths can be provided by separating
359 them with ":" (e.g. "path1:path2:path3"). The certificates must
360 be in PEM format, and if curl is built against OpenSSL, the di‐
361 rectory must have been processed using the c_rehash utility sup‐
362 plied with OpenSSL. Using --capath can allow OpenSSL-powered
363 curl to make SSL-connections much more efficiently than using
364 --cacert if the --cacert file contains many CA certificates.
365 If this option is set, the default capath value will be ignored.
367 If --capath is provided several times, the last set value will
369 be used.
370 Example:
372 curl --capath /local/directory https://example.com
373 See also --cacert and -k, --insecure.
375 --cert-status
377 (TLS) Tells curl to verify the status of the server certificate
378 by using the Certificate Status Request (aka. OCSP stapling) TLS
379 extension.
380 If this option is enabled and the server sends an invalid (e.g.
382 expired) response, if the response suggests that the server cer‐
383 tificate has been revoked, or no response at all is received,
384 the verification fails.
385 This is currently only implemented in the OpenSSL, GnuTLS and
387 NSS backends.
388 Providing --cert-status multiple times has no extra effect.
390 Disable it again with --no-cert-status.
391 Example:
393 curl --cert-status https://example.com
394 See also --pinnedpubkey. Added in 7.41.0.
396 --cert-type <type>
398 (TLS) Tells curl what type the provided client certificate is
399 using. PEM, DER, ENG and P12 are recognized types.
400 The default type depends on the TLS backend and is usually PEM,
402 however for Secure Transport and Schannel it is P12. If -E,
403 --cert is a pkcs11: URI then ENG is the default type.
404 If --cert-type is provided several times, the last set value
406 will be used.
407 Example:
409 curl --cert-type PEM --cert file https://example.com
410 See also -E, --cert, --key and --key-type.
412 -E, --cert <certificate[:password]>
414 (TLS) Tells curl to use the specified client certificate file
415 when getting a file with HTTPS, FTPS or another SSL-based proto‐
416 col. The certificate must be in PKCS#12 format if using Secure
417 Transport, or PEM format if using any other engine. If the op‐
418 tional password is not specified, it will be queried for on the
419 terminal. Note that this option assumes a certificate file that
420 is the private key and the client certificate concatenated. See
421 -E, --cert and --key to specify them independently.
422 In the <certificate> portion of the argument, you must escape
424 the character ":" as "\:" so that it is not recognized as the
425 password delimiter. Similarly, you must escape the character "\"
426 as "\\" so that it is not recognized as an escape character.
427 If curl is built against the NSS SSL library then this option
429 can tell curl the nickname of the certificate to use within the
430 NSS database defined by the environment variable SSL_DIR (or by
431 default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (lib‐
432 nsspem.so) is available then PEM files may be loaded.
433 If you provide a path relative to the current directory, you
435 must prefix the path with "./" in order to avoid confusion with
436 an NSS database nickname.
437 If curl is built against OpenSSL library, and the engine pkcs11
439 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
440 ify a certificate located in a PKCS#11 device. A string begin‐
441 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
442 PKCS#11 URI is provided, then the --engine option will be set as
443 "pkcs11" if none was provided and the --cert-type option will be
444 set as "ENG" if none was provided.
445 (iOS and macOS only) If curl is built against Secure Transport,
447 then the certificate string can either be the name of a certifi‐
448 cate/private key in the system or user keychain, or the path to
449 a PKCS#12-encoded certificate and private key. If you want to
450 use a file from the current directory, please precede it with
451 "./" prefix, in order to avoid confusion with a nickname.
452 (Schannel only) Client certificates must be specified by a path
454 expression to a certificate store. (Loading PFX is not sup‐
455 ported; you can import it to a store first). You can use "<store
456 location>\<store name>\<thumbprint>" to refer to a certificate
457 in the system certificates store, for example, "Curren‐
458 tUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint
459 is usually a SHA-1 hex string which you can see in certificate
460 details. Following store locations are supported: CurrentUser,
461 LocalMachine, CurrentService, Services, CurrentUserGroupPolicy,
462 LocalMachineGroupPolicy, LocalMachineEnterprise.
463 If -E, --cert is provided several times, the last set value will
465 be used.
466 Example:
468 curl --cert certfile --key keyfile https://example.com
469 See also --cert-type, --key and --key-type.
471 --ciphers <list of ciphers>
473 (TLS) Specifies which ciphers to use in the connection. The list
474 of ciphers must specify valid ciphers. Read up on SSL cipher
475 list details on this URL:
476 https://curl.se/docs/ssl-ciphers.html
478 If --ciphers is provided several times, the last set value will
480 be used.
481 Example:
483 curl --ciphers ECDHE-ECDSA-AES256-CCM8 https://example.com
484 See also --tlsv1.3.
486 --compressed-ssh
488 (SCP SFTP) Enables built-in SSH compression. This is a request,
489 not an order; the server may or may not do it.
490 Providing --compressed-ssh multiple times has no extra effect.
492 Disable it again with --no-compressed-ssh.
493 Example:
495 curl --compressed-ssh sftp://example.com/
496 See also --compressed. Added in 7.56.0.
498 --compressed
500 (HTTP) Request a compressed response using one of the algorithms
501 curl supports, and automatically decompress the content. Headers
502 are not modified.
503 If this option is used and the server sends an unsupported en‐
505 coding, curl will report an error. This is a request, not an or‐
506 der; the server may or may not deliver data compressed.
507 Providing --compressed multiple times has no extra effect. Dis‐
509 able it again with --no-compressed.
510 Example:
512 curl --compressed https://example.com
513 See also --compressed-ssh.
515 -K, --config <file>
517 Specify a text file to read curl arguments from. The command
518 line arguments found in the text file will be used as if they
519 were provided on the command line.
520 Options and their parameters must be specified on the same line
522 in the file, separated by whitespace, colon, or the equals sign.
523 Long option names can optionally be given in the config file
524 without the initial double dashes and if so, the colon or equals
525 characters can be used as separators. If the option is specified
526 with one or two dashes, there can be no colon or equals charac‐
527 ter between the option and its parameter.
528 If the parameter contains whitespace (or starts with : or =),
530 the parameter must be enclosed within quotes. Within double
531 quotes, the following escape sequences are available: \\, \",
532 \t, \n, \r and \v. A backslash preceding any other letter is ig‐
533 nored.
534 If the first column of a config line is a '#' character, the
536 rest of the line will be treated as a comment.
537 Only write one option per physical line in the config file.
539 Specify the filename to -K, --config as '-' to make curl read
541 the file from stdin.
542 Note that to be able to specify a URL in the config file, you
544 need to specify it using the --url option, and not by simply
545 writing the URL on its own line. So, it could look similar to
546 this:
547 url = "https://curl.se/docs/"
549 # --- Example file ---
551 # this is a comment
552 url = "example.com"
553 output = "curlhere.html"
554 user-agent = "superagent/1.0"
555 # and fetch another URL too
557 url = "example.com/docs/manpage.html"
558 -O
559 referer = "http://nowhereatall.example.com/"
560 # --- End of example file ---
561 When curl is invoked, it (unless -q, --disable is used) checks
563 for a default config file and uses it if found, even when -K,
564 --config is used. The default config file is checked for in the
565 following places in this order:
566 1) "$CURL_HOME/.curlrc"
568 2) "$XDG_CONFIG_HOME/.curlrc" (Added in 7.73.0)
570 3) "$HOME/.curlrc"
572 4) Windows: "%USERPROFILE%\.curlrc"
574 5) Windows: "%APPDATA%\.curlrc"
576 6) Windows: "%USERPROFILE%\Application Data\.curlrc"
578 7) Non-Windows: use getpwuid to find the home directory
580 8) On Windows, if it finds no .curlrc file in the sequence de‐
582 scribed above, it checks for one in the same dir the curl exe‐
583 cutable is placed.
584 On Windows two filenames are checked per location: .curlrc and
586 _curlrc, preferring the former. Older versions on Windows
587 checked for _curlrc only.
588 -K, --config can be used several times in a command line
590 Example:
592 curl --config file.txt https://example.com
593 See also -q, --disable.
595 --connect-timeout <fractional seconds>
597 Maximum time in seconds that you allow curl's connection to
598 take. This only limits the connection phase, so if curl con‐
599 nects within the given period it will continue - if not it will
600 exit. Since version 7.32.0, this option accepts decimal values.
601 The "connection phase" is considered complete when the requested
603 TCP, TLS or QUIC handshakes are done.
604 The decimal value needs to provided using a dot (.) as decimal
606 separator - not the local version even if it might be using an‐
607 other separator.
608 If --connect-timeout is provided several times, the last set
610 value will be used.
611 Examples:
613 curl --connect-timeout 20 https://example.com
614 curl --connect-timeout 3.14 https://example.com
615 See also -m, --max-time.
617 --connect-to <HOST1:PORT1:HOST2:PORT2>
619 For a request to the given HOST1:PORT1 pair, connect to
621 HOST2:PORT2 instead. This option is suitable to direct requests
622 at a specific server, e.g. at a specific cluster node in a clus‐
623 ter of servers. This option is only used to establish the net‐
624 work connection. It does NOT affect the hostname/port that is
625 used for TLS/SSL (e.g. SNI, certificate verification) or for the
626 application protocols. "HOST1" and "PORT1" may be the empty
627 string, meaning "any host/port". "HOST2" and "PORT2" may also be
628 the empty string, meaning "use the request's original
629 host/port".
630 A "host" specified to this option is compared as a string, so it
632 needs to match the name used in request URL. It can be either
633 numerical such as "127.0.0.1" or the full host name such as "ex‐
634 ample.org".
635 --connect-to can be used several times in a command line
637 Example:
639 curl --connect-to example.com:443:example.net:8443 https://example.com
640 See also --resolve and -H, --header. Added in 7.49.0.
642 -C, --continue-at <offset>
644 Continue/Resume a previous file transfer at the given offset.
645 The given offset is the exact number of bytes that will be
646 skipped, counting from the beginning of the source file before
647 it is transferred to the destination. If used with uploads, the
648 FTP server command SIZE will not be used by curl.
649 Use "-C -" to tell curl to automatically find out where/how to
651 resume the transfer. It then uses the given output/input files
652 to figure that out.
653 If -C, --continue-at is provided several times, the last set
655 value will be used.
656 Examples:
658 curl -C - https://example.com
659 curl -C 400 https://example.com
660 See also -r, --range.
662 -c, --cookie-jar <filename>
664 (HTTP) Specify to which file you want curl to write all cookies
665 after a completed operation. Curl writes all cookies from its
666 in-memory cookie storage to the given file at the end of opera‐
667 tions. If no cookies are known, no data will be written. The
668 file will be written using the Netscape cookie file format. If
669 you set the file name to a single dash, "-", the cookies will be
670 written to stdout.
671 This command line option will activate the cookie engine that
673 makes curl record and use cookies. Another way to activate it is
674 to use the -b, --cookie option.
675 If the cookie jar cannot be created or written to, the whole
677 curl operation will not fail or even report an error clearly.
678 Using -v, --verbose will get a warning displayed, but that is
679 the only visible feedback you get about this possibly lethal
680 situation.
681 If -c, --cookie-jar is provided several times, the last set
683 value will be used.
684 Examples:
686 curl -c store-here.txt https://example.com
687 curl -c store-here.txt -b read-these https://example.com
688 See also -b, --cookie.
690 -b, --cookie <data|filename>
692 (HTTP) Pass the data to the HTTP server in the Cookie header. It
693 is supposedly the data previously received from the server in a
694 "Set-Cookie:" line. The data should be in the format
695 "NAME1=VALUE1; NAME2=VALUE2". This makes curl use the cookie
696 header with this content explicitly in all outgoing request(s).
697 If multiple requests are done due to authentication, followed
698 redirects or similar, they will all get this cookie passed on.
699 If no '=' symbol is used in the argument, it is instead treated
701 as a filename to read previously stored cookie from. This option
702 also activates the cookie engine which will make curl record in‐
703 coming cookies, which may be handy if you are using this in com‐
704 bination with the -L, --location option or do multiple URL
705 transfers on the same invoke. If the file name is exactly a mi‐
706 nus ("-"), curl will instead read the contents from stdin.
707 The file format of the file to read cookies from should be plain
709 HTTP headers (Set-Cookie style) or the Netscape/Mozilla cookie
710 file format.
711 The file specified with -b, --cookie is only used as input. No
713 cookies will be written to the file. To store cookies, use the
714 -c, --cookie-jar option.
715 If you use the Set-Cookie file format and do not specify a do‐
717 main then the cookie is not sent since the domain will never
718 match. To address this, set a domain in Set-Cookie line (doing
719 that will include sub-domains) or preferably: use the Netscape
720 format.
721 Users often want to both read cookies from a file and write up‐
723 dated cookies back to a file, so using both -b, --cookie and -c,
724 --cookie-jar in the same command line is common.
725 -b, --cookie can be used several times in a command line
727 Examples:
729 curl -b cookiefile https://example.com
730 curl -b cookiefile -c cookiefile https://example.com
731 See also -c, --cookie-jar and -j, --junk-session-cookies.
733 --create-dirs
735 When used in conjunction with the -o, --output option, curl will
736 create the necessary local directory hierarchy as needed. This
737 option creates the directories mentioned with the -o, --output
738 option, nothing else. If the -o, --output file name uses no di‐
739 rectory, or if the directories it mentions already exist, no di‐
740 rectories will be created.
741 Created dirs are made with mode 0750 on unix style file systems.
743 To create remote directories when using FTP or SFTP, try --ftp-
745 create-dirs.
746 Providing --create-dirs multiple times has no extra effect.
748 Disable it again with --no-create-dirs.
749 Example:
751 curl --create-dirs --output local/dir/file https://example.com
752 See also --ftp-create-dirs and --output-dir.
754 --create-file-mode <mode>
756 (SFTP SCP FILE) When curl is used to create files remotely using
757 one of the supported protocols, this option allows the user to
758 set which 'mode' to set on the file at creation time, instead of
759 the default 0644.
760 This option takes an octal number as argument.
762 If --create-file-mode is provided several times, the last set
764 value will be used.
765 Example:
767 curl --create-file-mode 0777 -T localfile sftp://example.com/new
768 See also --ftp-create-dirs. Added in 7.75.0.
770 --crlf (FTP SMTP) Convert LF to CRLF in upload. Useful for MVS
772 (OS/390).
773 (SMTP added in 7.40.0)
775 Providing --crlf multiple times has no extra effect. Disable it
777 again with --no-crlf.
778 Example:
780 curl --crlf -T file ftp://example.com/
781 See also -B, --use-ascii.
783 --crlfile <file>
785 (TLS) Provide a file using PEM format with a Certificate Revoca‐
786 tion List that may specify peer certificates that are to be con‐
787 sidered revoked.
788 If --crlfile is provided several times, the last set value will
790 be used.
791 Example:
793 curl --crlfile rejects.txt https://example.com
794 See also --cacert and --capath.
796 --curves <algorithm list>
798 (TLS) Tells curl to request specific curves to use during SSL
799 session establishment according to RFC 8422, 5.1. Multiple al‐
800 gorithms can be provided by separating them with ":" (e.g.
801 "X25519:P-521"). The parameter is available identically in the
802 "openssl s_client/s_server" utilities.
803 --curves allows a OpenSSL powered curl to make SSL-connections
805 with exactly the (EC) curve requested by the client, avoiding
806 nontransparent client/server negotiations.
807 If this option is set, the default curves list built into
809 openssl will be ignored.
810 If --curves is provided several times, the last set value will
812 be used.
813 Example:
815 curl --curves X25519 https://example.com
816 See also --ciphers. Added in 7.73.0.
818 --data-ascii <data>
820 (HTTP) This is just an alias for -d, --data.
821 --data-ascii can be used several times in a command line
823 Example:
825 curl --data-ascii @file https://example.com
826 See also --data-binary, --data-raw and --data-urlencode.
828 --data-binary <data>
830 (HTTP) This posts data exactly as specified with no extra pro‐
831 cessing whatsoever.
832 If you start the data with the letter @, the rest should be a
834 filename. Data is posted in a similar manner as -d, --data does,
835 except that newlines and carriage returns are preserved and con‐
836 versions are never done.
837 Like -d, --data the default content-type sent to the server is
839 application/x-www-form-urlencoded. If you want the data to be
840 treated as arbitrary binary data by the server then set the con‐
841 tent-type to octet-stream: -H "Content-Type: application/octet-
842 stream".
843 If this option is used several times, the ones following the
845 first will append data as described in -d, --data.
846 --data-binary can be used several times in a command line
848 Example:
850 curl --data-binary @filename https://example.com
851 See also --data-ascii.
853 --data-raw <data>
855 (HTTP) This posts data similarly to -d, --data but without the
856 special interpretation of the @ character.
857 --data-raw can be used several times in a command line
859 Examples:
861 curl --data-raw "hello" https://example.com
862 curl --data-raw "@at@at@" https://example.com
863 See also -d, --data. Added in 7.43.0.
865 --data-urlencode <data>
867 (HTTP) This posts data, similar to the other -d, --data options
868 with the exception that this performs URL-encoding.
869 To be CGI-compliant, the <data> part should begin with a name
871 followed by a separator and a content specification. The <data>
872 part can be passed to curl using one of the following syntaxes:
873 content
875 This will make curl URL-encode the content and pass that
876 on. Just be careful so that the content does not contain
877 any = or @ symbols, as that will then make the syntax
878 match one of the other cases below!
879 =content
881 This will make curl URL-encode the content and pass that
882 on. The preceding = symbol is not included in the data.
883 name=content
885 This will make curl URL-encode the content part and pass
886 that on. Note that the name part is expected to be URL-
887 encoded already.
888 @filename
890 This will make curl load data from the given file (in‐
891 cluding any newlines), URL-encode that data and pass it
892 on in the POST.
893 name@filename
895 This will make curl load data from the given file (in‐
896 cluding any newlines), URL-encode that data and pass it
897 on in the POST. The name part gets an equal sign ap‐
898 pended, resulting in name=urlencoded-file-content. Note
899 that the name is expected to be URL-encoded already.
900 --data-urlencode can be used several times in a command line
902 Examples:
904 curl --data-urlencode name=val https://example.com
905 curl --data-urlencode =encodethis https://example.com
906 curl --data-urlencode name@file https://example.com
907 curl --data-urlencode @fileonly https://example.com
908 See also -d, --data and --data-raw.
910 -d, --data <data>
912 (HTTP MQTT) Sends the specified data in a POST request to the
913 HTTP server, in the same way that a browser does when a user has
914 filled in an HTML form and presses the submit button. This will
915 cause curl to pass the data to the server using the content-type
916 application/x-www-form-urlencoded. Compare to -F, --form.
917 --data-raw is almost the same but does not have a special inter‐
919 pretation of the @ character. To post data purely binary, you
920 should instead use the --data-binary option. To URL-encode the
921 value of a form field you may use --data-urlencode.
922 If any of these options is used more than once on the same com‐
924 mand line, the data pieces specified will be merged with a sepa‐
925 rating &-symbol. Thus, using '-d name=daniel -d skill=lousy'
926 would generate a post chunk that looks like
927 'name=daniel&skill=lousy'.
928 If you start the data with the letter @, the rest should be a
930 file name to read the data from, or - if you want curl to read
931 the data from stdin. Posting data from a file named 'foobar'
932 would thus be done with -d, --data @foobar. When -d, --data is
933 told to read from a file like that, carriage returns and new‐
934 lines will be stripped out. If you do not want the @ character
935 to have a special interpretation use --data-raw instead.
936 -d, --data can be used several times in a command line
938 Examples:
940 curl -d "name=curl" https://example.com
941 curl -d "name=curl" -d "tool=cmdline" https://example.com
942 curl -d @filename https://example.com
943 See also --data-binary, --data-urlencode and --data-raw. This
945 option is mutually exclusive to -F, --form and -I, --head and
946 -T, --upload-file.
947 --delegation <LEVEL>
949 (GSS/kerberos) Set LEVEL to tell the server what it is allowed
950 to delegate when it comes to user credentials.
951 none Do not allow any delegation.
953 policy Delegates if and only if the OK-AS-DELEGATE flag is set
955 in the Kerberos service ticket, which is a matter of
956 realm policy.
957 always Unconditionally allow the server to delegate.
959 If --delegation is provided several times, the last set value will be
961 used.
962 Example:
964 curl --delegation "none" https://example.com
965 See also -k, --insecure and --ssl.
967 --digest
969 (HTTP) Enables HTTP Digest authentication. This is an authenti‐
970 cation scheme that prevents the password from being sent over
971 the wire in clear text. Use this in combination with the normal
972 -u, --user option to set user name and password.
973 Providing --digest multiple times has no extra effect. Disable
975 it again with --no-digest.
976 Example:
978 curl -u name:password --digest https://example.com
979 See also -u, --user, --proxy-digest and --anyauth. This option
981 is mutually exclusive to --basic and --ntlm and --negotiate.
982 --disable-eprt
984 (FTP) Tell curl to disable the use of the EPRT and LPRT commands
985 when doing active FTP transfers. Curl will normally always first
986 attempt to use EPRT, then LPRT before using PORT, but with this
987 option, it will use PORT right away. EPRT and LPRT are exten‐
988 sions to the original FTP protocol, and may not work on all
989 servers, but they enable more functionality in a better way than
990 the traditional PORT command.
991 --eprt can be used to explicitly enable EPRT again and --no-eprt
993 is an alias for --disable-eprt.
994 If the server is accessed using IPv6, this option will have no
996 effect as EPRT is necessary then.
997 Disabling EPRT only changes the active behavior. If you want to
999 switch to passive mode you need to not use -P, --ftp-port or
1000 force it with --ftp-pasv.
1001 Providing --disable-eprt multiple times has no extra effect.
1003 Disable it again with --no-disable-eprt.
1004 Example:
1006 curl --disable-eprt ftp://example.com/
1007 See also --disable-epsv and -P, --ftp-port.
1009 --disable-epsv
1011 (FTP) Tell curl to disable the use of the EPSV command when do‐
1012 ing passive FTP transfers. Curl will normally always first at‐
1013 tempt to use EPSV before PASV, but with this option, it will not
1014 try using EPSV.
1015 --epsv can be used to explicitly enable EPSV again and --no-epsv
1017 is an alias for --disable-epsv.
1018 If the server is an IPv6 host, this option will have no effect
1020 as EPSV is necessary then.
1021 Disabling EPSV only changes the passive behavior. If you want to
1023 switch to active mode you need to use -P, --ftp-port.
1024 Providing --disable-epsv multiple times has no extra effect.
1026 Disable it again with --no-disable-epsv.
1027 Example:
1029 curl --disable-epsv ftp://example.com/
1030 See also --disable-eprt and -P, --ftp-port.
1032 -q, --disable
1034 If used as the first parameter on the command line, the curlrc
1035 config file will not be read and used. See the -K, --config for
1036 details on the default config file search path.
1037 Providing -q, --disable multiple times has no extra effect.
1039 Disable it again with --no-disable.
1040 Example:
1042 curl -q https://example.com
1043 See also -K, --config.
1045 --disallow-username-in-url
1047 (HTTP) This tells curl to exit if passed a URL containing a
1048 username. This is probably most useful when the URL is being
1049 provided at runtime or similar.
1050 Providing --disallow-username-in-url multiple times has no extra
1052 effect. Disable it again with --no-disallow-username-in-url.
1053 Example:
1055 curl --disallow-username-in-url https://example.com
1056 See also --proto. Added in 7.61.0.
1058 --dns-interface <interface>
1060 (DNS) Tell curl to send outgoing DNS requests through <inter‐
1061 face>. This option is a counterpart to --interface (which does
1062 not affect DNS). The supplied string must be an interface name
1063 (not an address).
1064 If --dns-interface is provided several times, the last set value
1066 will be used.
1067 Example:
1069 curl --dns-interface eth0 https://example.com
1070 See also --dns-ipv4-addr and --dns-ipv6-addr. --dns-interface
1072 requires that the underlying libcurl was built to support c-
1073 ares. Added in 7.33.0.
1074 --dns-ipv4-addr <address>
1076 (DNS) Tell curl to bind to <ip-address> when making IPv4 DNS re‐
1077 quests, so that the DNS requests originate from this address.
1078 The argument should be a single IPv4 address.
1079 If --dns-ipv4-addr is provided several times, the last set value
1081 will be used.
1082 Example:
1084 curl --dns-ipv4-addr 10.1.2.3 https://example.com
1085 See also --dns-interface and --dns-ipv6-addr. --dns-ipv4-addr
1087 requires that the underlying libcurl was built to support c-
1088 ares. Added in 7.33.0.
1089 --dns-ipv6-addr <address>
1091 (DNS) Tell curl to bind to <ip-address> when making IPv6 DNS re‐
1092 quests, so that the DNS requests originate from this address.
1093 The argument should be a single IPv6 address.
1094 If --dns-ipv6-addr is provided several times, the last set value
1096 will be used.
1097 Example:
1099 curl --dns-ipv6-addr 2a04:4e42::561 https://example.com
1100 See also --dns-interface and --dns-ipv4-addr. --dns-ipv6-addr
1102 requires that the underlying libcurl was built to support c-
1103 ares. Added in 7.33.0.
1104 --dns-servers <addresses>
1106 Set the list of DNS servers to be used instead of the system de‐
1107 fault. The list of IP addresses should be separated with com‐
1108 mas. Port numbers may also optionally be given as :<port-number>
1109 after each IP address.
1110 If --dns-servers is provided several times, the last set value
1112 will be used.
1113 Example:
1115 curl --dns-servers 192.168.0.1,192.168.0.2 https://example.com
1116 See also --dns-interface and --dns-ipv4-addr. --dns-servers re‐
1118 quires that the underlying libcurl was built to support c-ares.
1119 Added in 7.33.0.
1120 --doh-cert-status
1122 Same as --cert-status but used for DoH (DNS-over-HTTPS).
1123 Providing --doh-cert-status multiple times has no extra effect.
1125 Disable it again with --no-doh-cert-status.
1126 Example:
1128 curl --doh-cert-status --doh-url https://doh.example https://example.com
1129 See also --doh-insecure. Added in 7.76.0.
1131 --doh-insecure
1133 Same as -k, --insecure but used for DoH (DNS-over-HTTPS).
1134 Providing --doh-insecure multiple times has no extra effect.
1136 Disable it again with --no-doh-insecure.
1137 Example:
1139 curl --doh-insecure --doh-url https://doh.example https://example.com
1140 See also --doh-url. Added in 7.76.0.
1142 --doh-url <URL>
1144 Specifies which DNS-over-HTTPS (DoH) server to use to resolve
1145 hostnames, instead of using the default name resolver mechanism.
1146 The URL must be HTTPS.
1147 Some SSL options that you set for your transfer will apply to
1149 DoH since the name lookups take place over SSL. However, the
1150 certificate verification settings are not inherited and can be
1151 controlled separately via --doh-insecure and --doh-cert-status.
1152 This option is unset if an empty string "" is used as the URL.
1154 (Added in 7.85.0)
1155 If --doh-url is provided several times, the last set value will
1157 be used.
1158 Example:
1160 curl --doh-url https://doh.example https://example.com
1161 See also --doh-insecure. Added in 7.62.0.
1163 -D, --dump-header <filename>
1165 (HTTP FTP) Write the received protocol headers to the specified
1166 file. If no headers are received, the use of this option will
1167 create an empty file.
1168 When used in FTP, the FTP server response lines are considered
1170 being "headers" and thus are saved there.
1171 Having multiple transfers in one set of operations (i.e. the
1173 URLs in one -:, --next clause), will append them to the same
1174 file, separated by a blank line.
1175 If -D, --dump-header is provided several times, the last set
1177 value will be used.
1178 Example:
1180 curl --dump-header store.txt https://example.com
1181 See also -o, --output.
1183 --egd-file <file>
1185 (TLS) Deprecated option. This option is ignored by curl since
1186 7.84.0. Prior to that it only had an effect on curl if built to
1187 use old versions of OpenSSL.
1188 Specify the path name to the Entropy Gathering Daemon socket.
1190 The socket is used to seed the random engine for SSL connec‐
1191 tions.
1192 If --egd-file is provided several times, the last set value will
1194 be used.
1195 Example:
1197 curl --egd-file /random/here https://example.com
1198 See also --random-file.
1200 --engine <name>
1202 (TLS) Select the OpenSSL crypto engine to use for cipher opera‐
1203 tions. Use --engine list to print a list of build-time supported
1204 engines. Note that not all (and possibly none) of the engines
1205 may be available at runtime.
1206 If --engine is provided several times, the last set value will
1208 be used.
1209 Example:
1211 curl --engine flavor https://example.com
1212 See also --ciphers and --curves.
1214 --etag-compare <file>
1216 (HTTP) This option makes a conditional HTTP request for the spe‐
1217 cific ETag read from the given file by sending a custom If-None-
1218 Match header using the stored ETag.
1219 For correct results, make sure that the specified file contains
1221 only a single line with the desired ETag. An empty file is
1222 parsed as an empty ETag.
1223 Use the option --etag-save to first save the ETag from a re‐
1225 sponse, and then use this option to compare against the saved
1226 ETag in a subsequent request.
1227 If --etag-compare is provided several times, the last set value
1229 will be used.
1230 Example:
1232 curl --etag-compare etag.txt https://example.com
1233 See also --etag-save and -z, --time-cond. Added in 7.68.0.
1235 --etag-save <file>
1237 (HTTP) This option saves an HTTP ETag to the specified file. An
1238 ETag is a caching related header, usually returned in a re‐
1239 sponse.
1240 If no ETag is sent by the server, an empty file is created.
1242 If --etag-save is provided several times, the last set value
1244 will be used.
1245 Example:
1247 curl --etag-save storetag.txt https://example.com
1248 See also --etag-compare. Added in 7.68.0.
1250 --expect100-timeout <seconds>
1252 (HTTP) Maximum time in seconds that you allow curl to wait for a
1253 100-continue response when curl emits an Expects: 100-continue
1254 header in its request. By default curl will wait one second.
1255 This option accepts decimal values! When curl stops waiting, it
1256 will continue as if the response has been received.
1257 The decimal value needs to provided using a dot (.) as decimal
1259 separator - not the local version even if it might be using an‐
1260 other separator.
1261 If --expect100-timeout is provided several times, the last set
1263 value will be used.
1264 Example:
1266 curl --expect100-timeout 2.5 -T file https://example.com
1267 See also --connect-timeout. Added in 7.47.0.
1269 --fail-early
1271 Fail and exit on the first detected transfer error.
1272 When curl is used to do multiple transfers on the command line,
1274 it will attempt to operate on each given URL, one by one. By de‐
1275 fault, it will ignore errors if there are more URLs given and
1276 the last URL's success will determine the error code curl re‐
1277 turns. So early failures will be "hidden" by subsequent success‐
1278 ful transfers.
1279 Using this option, curl will instead return an error on the
1281 first transfer that fails, independent of the amount of URLs
1282 that are given on the command line. This way, no transfer fail‐
1283 ures go undetected by scripts and similar.
1284 This option does not imply -f, --fail, which causes transfers to
1286 fail due to the server's HTTP status code. You can combine the
1287 two options, however note -f, --fail is not global and is there‐
1288 fore contained by -:, --next.
1289 This option is global and does not need to be specified for each
1291 use of --next.
1292 Providing --fail-early multiple times has no extra effect. Dis‐
1294 able it again with --no-fail-early.
1295 Example:
1297 curl --fail-early https://example.com https://two.example
1298 See also -f, --fail and --fail-with-body. Added in 7.52.0.
1300 --fail-with-body
1302 (HTTP) Return an error on server errors where the HTTP response
1303 code is 400 or greater). In normal cases when an HTTP server
1304 fails to deliver a document, it returns an HTML document stating
1305 so (which often also describes why and more). This flag will
1306 still allow curl to output and save that content but also to re‐
1307 turn error 22.
1308 This is an alternative option to -f, --fail which makes curl
1310 fail for the same circumstances but without saving the content.
1311 Providing --fail-with-body multiple times has no extra effect.
1313 Disable it again with --no-fail-with-body.
1314 Example:
1316 curl --fail-with-body https://example.com
1317 See also -f, --fail. This option is mutually exclusive to -f,
1319 --fail. Added in 7.76.0.
1320 -f, --fail
1322 (HTTP) Fail fast with no output at all on server errors. This is
1323 useful to enable scripts and users to better deal with failed
1324 attempts. In normal cases when an HTTP server fails to deliver a
1325 document, it returns an HTML document stating so (which often
1326 also describes why and more). This flag will prevent curl from
1327 outputting that and return error 22.
1328 This method is not fail-safe and there are occasions where non-
1330 successful response codes will slip through, especially when au‐
1331 thentication is involved (response codes 401 and 407).
1332 Providing -f, --fail multiple times has no extra effect. Dis‐
1334 able it again with --no-fail.
1335 Example:
1337 curl --fail https://example.com
1338 See also --fail-with-body. This option is mutually exclusive to
1340 --fail-with-body.
1341 --false-start
1343 (TLS) Tells curl to use false start during the TLS handshake.
1344 False start is a mode where a TLS client will start sending ap‐
1345 plication data before verifying the server's Finished message,
1346 thus saving a round trip when performing a full handshake.
1347 This is currently only implemented in the NSS and Secure Trans‐
1349 port (on iOS 7.0 or later, or OS X 10.9 or later) backends.
1350 Providing --false-start multiple times has no extra effect.
1352 Disable it again with --no-false-start.
1353 Example:
1355 curl --false-start https://example.com
1356 See also --tcp-fastopen. Added in 7.42.0.
1358 --form-escape
1360 (HTTP) Tells curl to pass on names of multipart form fields and
1361 files using backslash-escaping instead of percent-encoding.
1362 If --form-escape is provided several times, the last set value
1364 will be used.
1365 Example:
1367 curl --form-escape -F 'field\name=curl' -F 'file=@load"this' https://example.com
1368 See also -F, --form. Added in 7.81.0.
1370 --form-string <name=string>
1372 (HTTP SMTP IMAP) Similar to -F, --form except that the value
1373 string for the named parameter is used literally. Leading '@'
1374 and '<' characters, and the ';type=' string in the value have no
1375 special meaning. Use this in preference to -F, --form if there's
1376 any possibility that the string value may accidentally trigger
1377 the '@' or '<' features of -F, --form.
1378 --form-string can be used several times in a command line
1380 Example:
1382 curl --form-string "data" https://example.com
1383 See also -F, --form.
1385 -F, --form <name=content>
1387 (HTTP SMTP IMAP) For HTTP protocol family, this lets curl emu‐
1388 late a filled-in form in which a user has pressed the submit
1389 button. This causes curl to POST data using the Content-Type
1390 multipart/form-data according to RFC 2388.
1391 For SMTP and IMAP protocols, this is the means to compose a mul‐
1393 tipart mail message to transmit.
1394 This enables uploading of binary files etc. To force the 'con‐
1396 tent' part to be a file, prefix the file name with an @ sign. To
1397 just get the content part from a file, prefix the file name with
1398 the symbol <. The difference between @ and < is then that @
1399 makes a file get attached in the post as a file upload, while
1400 the < makes a text field and just get the contents for that text
1401 field from a file.
1402 Tell curl to read content from stdin instead of a file by using
1404 - as filename. This goes for both @ and < constructs. When stdin
1405 is used, the contents is buffered in memory first by curl to de‐
1406 termine its size and allow a possible resend. Defining a part's
1407 data from a named non-regular file (such as a named pipe or sim‐
1408 ilar) is unfortunately not subject to buffering and will be ef‐
1409 fectively read at transmission time; since the full size is un‐
1410 known before the transfer starts, such data is sent as chunks by
1411 HTTP and rejected by IMAP.
1412 Example: send an image to an HTTP server, where 'profile' is the
1414 name of the form-field to which the file portrait.jpg will be
1415 the input:
1416 curl -F profile=@portrait.jpg https://example.com/upload.cgi
1418 Example: send your name and shoe size in two text fields to the
1420 server:
1421 curl -F name=John -F shoesize=11 https://example.com/
1423 Example: send your essay in a text field to the server. Send it
1425 as a plain text field, but get the contents for it from a local
1426 file:
1427 curl -F "story=<hugefile.txt" https://example.com/
1429 You can also tell curl what Content-Type to use by using
1431 'type=', in a manner similar to:
1432 curl -F "web=@index.html;type=text/html" example.com
1434 or
1436 curl -F "name=daniel;type=text/foo" example.com
1438 You can also explicitly change the name field of a file upload
1440 part by setting filename=, like this:
1441 curl -F "file=@localfile;filename=nameinpost" example.com
1443 If filename/path contains ',' or ';', it must be quoted by dou‐
1445 ble-quotes like:
1446 curl -F "file=@\"local,file\";filename=\"name;in;post\"" example.com
1448 or
1450 curl -F 'file=@"local,file";filename="name;in;post"' example.com
1452 Note that if a filename/path is quoted by double-quotes, any
1454 double-quote or backslash within the filename must be escaped by
1455 backslash.
1456 Quoting must also be applied to non-file data if it contains
1458 semicolons, leading/trailing spaces or leading double quotes:
1459 curl -F 'colors="red; green; blue";type=text/x-myapp' example.com
1461 You can add custom headers to the field by setting headers=,
1463 like
1464 curl -F "submit=OK;headers=\"X-submit-type: OK\"" example.com
1466 or
1468 curl -F "submit=OK;headers=@headerfile" example.com
1470 The headers= keyword may appear more that once and above notes
1472 about quoting apply. When headers are read from a file, Empty
1473 lines and lines starting with '#' are comments and ignored; each
1474 header can be folded by splitting between two words and starting
1475 the continuation line with a space; embedded carriage-returns
1476 and trailing spaces are stripped. Here is an example of a
1477 header file contents:
1478 # This file contain two headers.
1480 X-header-1: this is a header
1481 # The following header is folded.
1483 X-header-2: this is
1484 another header
1485 To support sending multipart mail messages, the syntax is ex‐
1487 tended as follows:
1488 - name can be omitted: the equal sign is the first character of
1489 the argument,
1490 - if data starts with '(', this signals to start a new multi‐
1491 part: it can be followed by a content type specification.
1492 - a multipart can be terminated with a '=)' argument.
1493 Example: the following command sends an SMTP mime email consist‐
1495 ing in an inline part in two alternative formats: plain text and
1496 HTML. It attaches a text file:
1497 curl -F '=(;type=multipart/alternative' \
1499 -F '=plain text message' \
1500 -F '= <body>HTML message</body>;type=text/html' \
1501 -F '=)' -F '=@textfile.txt' ... smtp://example.com
1502 Data can be encoded for transfer using encoder=. Available en‐
1504 codings are binary and 8bit that do nothing else than adding the
1505 corresponding Content-Transfer-Encoding header, 7bit that only
1506 rejects 8-bit characters with a transfer error, quoted-printable
1507 and base64 that encodes data according to the corresponding
1508 schemes, limiting lines length to 76 characters.
1509 Example: send multipart mail with a quoted-printable text mes‐
1511 sage and a base64 attached file:
1512 curl -F '=text message;encoder=quoted-printable' \
1514 -F '=@localfile;encoder=base64' ... smtp://example.com
1515 See further examples and details in the MANUAL.
1517 -F, --form can be used several times in a command line
1519 Example:
1521 curl --form "name=curl" --form "file=@loadthis" https://example.com
1522 See also -d, --data, --form-string and --form-escape. This op‐
1524 tion is mutually exclusive to -d, --data and -I, --head and -T,
1525 --upload-file.
1526 --ftp-account <data>
1528 (FTP) When an FTP server asks for "account data" after user name
1529 and password has been provided, this data is sent off using the
1530 ACCT command.
1531 If --ftp-account is provided several times, the last set value
1533 will be used.
1534 Example:
1536 curl --ftp-account "mr.robot" ftp://example.com/
1537 See also -u, --user.
1539 --ftp-alternative-to-user <command>
1541 (FTP) If authenticating with the USER and PASS commands fails,
1542 send this command. When connecting to Tumbleweed's Secure
1543 Transport server over FTPS using a client certificate, using
1544 "SITE AUTH" will tell the server to retrieve the username from
1545 the certificate.
1546 If --ftp-alternative-to-user is provided several times, the last
1548 set value will be used.
1549 Example:
1551 curl --ftp-alternative-to-user "U53r" ftp://example.com
1552 See also --ftp-account and -u, --user.
1554 --ftp-create-dirs
1556 (FTP SFTP) When an FTP or SFTP URL/operation uses a path that
1557 does not currently exist on the server, the standard behavior of
1558 curl is to fail. Using this option, curl will instead attempt to
1559 create missing directories.
1560 Providing --ftp-create-dirs multiple times has no extra effect.
1562 Disable it again with --no-ftp-create-dirs.
1563 Example:
1565 curl --ftp-create-dirs -T file ftp://example.com/remote/path/file
1566 See also --create-dirs.
1568 --ftp-method <method>
1570 (FTP) Control what method curl should use to reach a file on an
1571 FTP(S) server. The method argument should be one of the follow‐
1572 ing alternatives:
1573 multicwd
1575 curl does a single CWD operation for each path part in
1576 the given URL. For deep hierarchies this means many com‐
1577 mands. This is how RFC 1738 says it should be done. This
1578 is the default but the slowest behavior.
1579 nocwd curl does no CWD at all. curl will do SIZE, RETR, STOR
1581 etc and give a full path to the server for all these com‐
1582 mands. This is the fastest behavior.
1583 singlecwd
1585 curl does one CWD with the full target directory and then
1586 operates on the file "normally" (like in the multicwd
1587 case). This is somewhat more standards compliant than
1588 'nocwd' but without the full penalty of 'multicwd'.
1589 If --ftp-method is provided several times, the last set value will be
1591 used.
1592 Examples:
1594 curl --ftp-method multicwd ftp://example.com/dir1/dir2/file
1595 curl --ftp-method nocwd ftp://example.com/dir1/dir2/file
1596 curl --ftp-method singlecwd ftp://example.com/dir1/dir2/file
1597 See also -l, --list-only.
1599 --ftp-pasv
1601 (FTP) Use passive mode for the data connection. Passive is the
1602 internal default behavior, but using this option can be used to
1603 override a previous -P, --ftp-port option.
1604 Reversing an enforced passive really is not doable but you must
1606 then instead enforce the correct -P, --ftp-port again.
1607 Passive mode means that curl will try the EPSV command first and
1609 then PASV, unless --disable-epsv is used.
1610 Providing --ftp-pasv multiple times has no extra effect. Dis‐
1612 able it again with --no-ftp-pasv.
1613 Example:
1615 curl --ftp-pasv ftp://example.com/
1616 See also --disable-epsv.
1618 -P, --ftp-port <address>
1620 (FTP) Reverses the default initiator/listener roles when con‐
1621 necting with FTP. This option makes curl use active mode. curl
1622 then tells the server to connect back to the client's specified
1623 address and port, while passive mode asks the server to setup an
1624 IP address and port for it to connect to. <address> should be
1625 one of:
1626 interface
1628 e.g. "eth0" to specify which interface's IP address you
1629 want to use (Unix only)
1630 IP address
1632 e.g. "192.168.10.1" to specify the exact IP address
1633 host name
1635 e.g. "my.host.domain" to specify the machine
1636 - make curl pick the same IP address that is already used
1638 for the control connection
1639 Disable the use of PORT with --ftp-pasv. Disable the attempt to use the
1641 EPRT command instead of PORT by using --disable-eprt. EPRT is really
1642 PORT++.
1643 You can also append ":[start]-[end]" to the right of the address, to
1645 tell curl what TCP port range to use. That means you specify a port
1646 range, from a lower to a higher number. A single number works as well,
1647 but do note that it increases the risk of failure since the port may
1648 not be available.
1649 If -P, --ftp-port is provided several times, the last set value will be
1652 used.
1653 Examples:
1655 curl -P - ftp:/example.com
1656 curl -P eth0 ftp:/example.com
1657 curl -P 192.168.0.2 ftp:/example.com
1658 See also --ftp-pasv and --disable-eprt.
1660 --ftp-pret
1662 (FTP) Tell curl to send a PRET command before PASV (and EPSV).
1663 Certain FTP servers, mainly drftpd, require this non-standard
1664 command for directory listings as well as up and downloads in
1665 PASV mode.
1666 Providing --ftp-pret multiple times has no extra effect. Dis‐
1668 able it again with --no-ftp-pret.
1669 Example:
1671 curl --ftp-pret ftp://example.com/
1672 See also -P, --ftp-port and --ftp-pasv.
1674 --ftp-skip-pasv-ip
1676 (FTP) Tell curl to not use the IP address the server suggests in
1677 its response to curl's PASV command when curl connects the data
1678 connection. Instead curl will re-use the same IP address it al‐
1679 ready uses for the control connection.
1680 Since curl 7.74.0 this option is enabled by default.
1682 This option has no effect if PORT, EPRT or EPSV is used instead
1684 of PASV.
1685 Providing --ftp-skip-pasv-ip multiple times has no extra effect.
1687 Disable it again with --no-ftp-skip-pasv-ip.
1688 Example:
1690 curl --ftp-skip-pasv-ip ftp://example.com/
1691 See also --ftp-pasv.
1693 --ftp-ssl-ccc-mode <active/passive>
1695 (FTP) Sets the CCC mode. The passive mode will not initiate the
1696 shutdown, but instead wait for the server to do it, and will not
1697 reply to the shutdown from the server. The active mode initiates
1698 the shutdown and waits for a reply from the server.
1699 Providing --ftp-ssl-ccc-mode multiple times has no extra effect.
1701 Disable it again with --no-ftp-ssl-ccc-mode.
1702 Example:
1704 curl --ftp-ssl-ccc-mode active --ftp-ssl-ccc ftps://example.com/
1705 See also --ftp-ssl-ccc.
1707 --ftp-ssl-ccc
1709 (FTP) Use CCC (Clear Command Channel) Shuts down the SSL/TLS
1710 layer after authenticating. The rest of the control channel com‐
1711 munication will be unencrypted. This allows NAT routers to fol‐
1712 low the FTP transaction. The default mode is passive.
1713 Providing --ftp-ssl-ccc multiple times has no extra effect.
1715 Disable it again with --no-ftp-ssl-ccc.
1716 Example:
1718 curl --ftp-ssl-ccc ftps://example.com/
1719 See also --ssl and --ftp-ssl-ccc-mode.
1721 --ftp-ssl-control
1723 (FTP) Require SSL/TLS for the FTP login, clear for transfer.
1724 Allows secure authentication, but non-encrypted data transfers
1725 for efficiency. Fails the transfer if the server does not sup‐
1726 port SSL/TLS.
1727 Providing --ftp-ssl-control multiple times has no extra effect.
1729 Disable it again with --no-ftp-ssl-control.
1730 Example:
1732 curl --ftp-ssl-control ftp://example.com
1733 See also --ssl.
1735 -G, --get
1737 When used, this option will make all data specified with -d,
1738 --data, --data-binary or --data-urlencode to be used in an HTTP
1739 GET request instead of the POST request that otherwise would be
1740 used. The data will be appended to the URL with a '?' separator.
1741 If used in combination with -I, --head, the POST data will in‐
1743 stead be appended to the URL with a HEAD request.
1744 Providing -G, --get multiple times has no extra effect. Disable
1746 it again with --no-get.
1747 Examples:
1749 curl --get https://example.com
1750 curl --get -d "tool=curl" -d "age=old" https://example.com
1751 curl --get -I -d "tool=curl" https://example.com
1752 See also -d, --data and -X, --request.
1754 -g, --globoff
1756 This option switches off the "URL globbing parser". When you set
1757 this option, you can specify URLs that contain the letters {}[]
1758 without having curl itself interpret them. Note that these let‐
1759 ters are not normal legal URL contents but they should be en‐
1760 coded according to the URI standard.
1761 Providing -g, --globoff multiple times has no extra effect.
1763 Disable it again with --no-globoff.
1764 Example:
1766 curl -g "https://example.com/{[]}}}}"
1767 See also -K, --config and -q, --disable.
1769 --happy-eyeballs-timeout-ms <milliseconds>
1771 Happy Eyeballs is an algorithm that attempts to connect to both
1772 IPv4 and IPv6 addresses for dual-stack hosts, giving IPv6 a
1773 head-start of the specified number of milliseconds. If the IPv6
1774 address cannot be connected to within that time, then a connec‐
1775 tion attempt is made to the IPv4 address in parallel. The first
1776 connection to be established is the one that is used.
1777 The range of suggested useful values is limited. Happy Eyeballs
1779 RFC 6555 says "It is RECOMMENDED that connection attempts be
1780 paced 150-250 ms apart to balance human factors against network
1781 load." libcurl currently defaults to 200 ms. Firefox and Chrome
1782 currently default to 300 ms.
1783 If --happy-eyeballs-timeout-ms is provided several times, the
1785 last set value will be used.
1786 Example:
1788 curl --happy-eyeballs-timeout-ms 500 https://example.com
1789 See also -m, --max-time and --connect-timeout. Added in 7.59.0.
1791 --haproxy-protocol
1793 (HTTP) Send a HAProxy PROXY protocol v1 header at the beginning
1794 of the connection. This is used by some load balancers and re‐
1795 verse proxies to indicate the client's true IP address and port.
1796 This option is primarily useful when sending test requests to a
1798 service that expects this header.
1799 Providing --haproxy-protocol multiple times has no extra effect.
1801 Disable it again with --no-haproxy-protocol.
1802 Example:
1804 curl --haproxy-protocol https://example.com
1805 See also -x, --proxy. Added in 7.60.0.
1807 -I, --head
1809 (HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the
1810 command HEAD which this uses to get nothing but the header of a
1811 document. When used on an FTP or FILE file, curl displays the
1812 file size and last modification time only.
1813 Providing -I, --head multiple times has no extra effect. Dis‐
1815 able it again with --no-head.
1816 Example:
1818 curl -I https://example.com
1819 See also -G, --get, -v, --verbose and --trace-ascii.
1821 -H, --header <header/@file>
1823 (HTTP IMAP SMTP) Extra header to include in information sent.
1824 When used within an HTTP request, it is added to the regular re‐
1825 quest headers.
1826 For an IMAP or SMTP MIME uploaded mail built with -F, --form op‐
1828 tions, it is prepended to the resulting MIME document, effec‐
1829 tively including it at the mail global level. It does not affect
1830 raw uploaded mails (Added in 7.56.0).
1831 You may specify any number of extra headers. Note that if you
1833 should add a custom header that has the same name as one of the
1834 internal ones curl would use, your externally set header will be
1835 used instead of the internal one. This allows you to make even
1836 trickier stuff than curl would normally do. You should not re‐
1837 place internally set headers without knowing perfectly well what
1838 you are doing. Remove an internal header by giving a replacement
1839 without content on the right side of the colon, as in: -H
1840 "Host:". If you send the custom header with no-value then its
1841 header must be terminated with a semicolon, such as -H "X-Cus‐
1842 tom-Header;" to send "X-Custom-Header:".
1843 curl will make sure that each header you add/replace is sent
1845 with the proper end-of-line marker, you should thus not add that
1846 as a part of the header content: do not add newlines or carriage
1847 returns, they will only mess things up for you.
1848 This option can take an argument in @filename style, which then
1850 adds a header for each line in the input file. Using @- will
1851 make curl read the header file from stdin. Added in 7.55.0.
1852 Please note that most anti-spam utilities check the presence and
1854 value of several MIME mail headers: these are "From:", "To:",
1855 "Date:" and "Subject:" among others and should be added with
1856 this option.
1857 You need --proxy-header to send custom headers intended for an
1859 HTTP proxy. Added in 7.37.0.
1860 Passing on a "Transfer-Encoding: chunked" header when doing an
1862 HTTP request with a request body, will make curl send the data
1863 using chunked encoding.
1864 WARNING: headers set with this option will be set in all HTTP
1866 requests - even after redirects are followed, like when told
1867 with -L, --location. This can lead to the header being sent to
1868 other hosts than the original host, so sensitive headers should
1869 be used with caution combined with following redirects.
1870 -H, --header can be used several times in a command line
1872 Examples:
1874 curl -H "X-First-Name: Joe" https://example.com
1875 curl -H "User-Agent: yes-please/2000" https://example.com
1876 curl -H "Host:" https://example.com
1877 curl -H @headers.txt https://example.com
1878 See also -A, --user-agent and -e, --referer.
1880 -h, --help <category>
1882 Usage help. This lists all commands of the <category>. If no
1883 arg was provided, curl will display the most important command
1884 line arguments. If the argument "all" was provided, curl will
1885 display all options available. If the argument "category" was
1886 provided, curl will display all categories and their meanings.
1887 Example:
1889 curl --help all
1890 See also -v, --verbose.
1892 --hostpubmd5 <md5>
1894 (SFTP SCP) Pass a string containing 32 hexadecimal digits. The
1895 string should be the 128 bit MD5 checksum of the remote host's
1896 public key, curl will refuse the connection with the host unless
1897 the md5sums match.
1898 If --hostpubmd5 is provided several times, the last set value
1900 will be used.
1901 Example:
1903 curl --hostpubmd5 e5c1c49020640a5ab0f2034854c321a8 sftp://example.com/
1904 See also --hostpubsha256.
1906 --hostpubsha256 <sha256>
1908 (SFTP SCP) Pass a string containing a Base64-encoded SHA256 hash
1909 of the remote host's public key. Curl will refuse the connection
1910 with the host unless the hashes match.
1911 This feature requires libcurl to be built with libssh2 and does
1913 not work with other SSH backends.
1914 If --hostpubsha256 is provided several times, the last set value
1916 will be used.
1917 Example:
1919 curl --hostpubsha256 NDVkMTQxMGQ1ODdmMjQ3MjczYjAyOTY5MmRkMjVmNDQ= sftp://example.com/
1920 See also --hostpubmd5. Added in 7.80.0.
1922 --hsts <file name>
1924 (HTTPS) This option enables HSTS for the transfer. If the file
1925 name points to an existing HSTS cache file, that will be used.
1926 After a completed transfer, the cache will be saved to the file
1927 name again if it has been modified.
1928 If curl is told to use HTTP:// for a transfer involving a host
1930 name that exists in the HSTS cache, it upgrades the transfer to
1931 use HTTPS. Each HSTS cache entry has an individual life time af‐
1932 ter which the upgrade is no longer performed.
1933 Specify a "" file name (zero length) to avoid loading/saving and
1935 make curl just handle HSTS in memory.
1936 If this option is used several times, curl will load contents
1938 from all the files but the last one will be used for saving.
1939 --hsts can be used several times in a command line
1941 Example:
1943 curl --hsts cache.txt https://example.com
1944 See also --proto. Added in 7.74.0.
1946 --http0.9
1948 (HTTP) Tells curl to be fine with HTTP version 0.9 response.
1949 HTTP/0.9 is a completely headerless response and therefore you
1951 can also connect with this to non-HTTP servers and still get a
1952 response since curl will simply transparently downgrade - if al‐
1953 lowed.
1954 Since curl 7.66.0, HTTP/0.9 is disabled by default.
1956 Providing --http0.9 multiple times has no extra effect. Disable
1958 it again with --no-http0.9.
1959 Example:
1961 curl --http0.9 https://example.com
1962 See also --http1.1, --http2 and --http3. Added in 7.64.0.
1964 -0, --http1.0
1966 (HTTP) Tells curl to use HTTP version 1.0 instead of using its
1967 internally preferred HTTP version.
1968 Providing -0, --http1.0 multiple times has no extra effect.
1970 Example:
1972 curl --http1.0 https://example.com
1973 See also --http0.9 and --http1.1. This option is mutually exclu‐
1975 sive to --http1.1 and --http2 and --http2-prior-knowledge and
1976 --http3.
1977 --http1.1
1979 (HTTP) Tells curl to use HTTP version 1.1.
1980 Providing --http1.1 multiple times has no extra effect.
1982 Example:
1984 curl --http1.1 https://example.com
1985 See also -0, --http1.0 and --http0.9. This option is mutually
1987 exclusive to -0, --http1.0 and --http2 and --http2-prior-knowl‐
1988 edge and --http3. Added in 7.33.0.
1989 --http2-prior-knowledge
1991 (HTTP) Tells curl to issue its non-TLS HTTP requests using
1992 HTTP/2 without HTTP/1.1 Upgrade. It requires prior knowledge
1993 that the server supports HTTP/2 straight away. HTTPS requests
1994 will still do HTTP/2 the standard way with negotiated protocol
1995 version in the TLS handshake.
1996 Providing --http2-prior-knowledge multiple times has no extra
1998 effect. Disable it again with --no-http2-prior-knowledge.
1999 Example:
2001 curl --http2-prior-knowledge https://example.com
2002 See also --http2 and --http3. --http2-prior-knowledge requires
2004 that the underlying libcurl was built to support HTTP/2. This
2005 option is mutually exclusive to --http1.1 and -0, --http1.0 and
2006 --http2 and --http3. Added in 7.49.0.
2007 --http2
2009 (HTTP) Tells curl to use HTTP version 2.
2010 For HTTPS, this means curl will attempt to negotiate HTTP/2 in
2012 the TLS handshake. curl does this by default.
2013 For HTTP, this means curl will attempt to upgrade the request to
2015 HTTP/2 using the Upgrade: request header.
2016 When curl uses HTTP/2 over HTTPS, it does not itself insist on
2018 TLS 1.2 or higher even though that is required by the specifica‐
2019 tion. A user can add this version requirement with --tlsv1.2.
2020 Providing --http2 multiple times has no extra effect.
2022 Example:
2024 curl --http2 https://example.com
2025 See also --http1.1 and --http3. --http2 requires that the under‐
2027 lying libcurl was built to support HTTP/2. This option is mutu‐
2028 ally exclusive to --http1.1 and -0, --http1.0 and --http2-prior-
2029 knowledge and --http3. Added in 7.33.0.
2030 --http3-only
2032 (HTTP) **WARNING**: this option is experimental. Do not use in
2033 production.
2034 Instructs curl to use HTTP/3 to the host in the URL, with no
2036 fallback to earlier HTTP versions. HTTP/3 can only be used for
2037 HTTPS and not for HTTP URLs. For HTTP, this option will trigger
2038 an error.
2039 This option allows a user to avoid using the Alt-Svc method of
2041 upgrading to HTTP/3 when you know that the target speaks HTTP/3
2042 on the given host and port.
2043 This option will make curl fail if a QUIC connection cannot be
2045 established, it will not attempt any other HTTP version on its
2046 own. Use --http3 for similar functionality with a fallback.
2047 Providing --http3-only multiple times has no extra effect.
2049 Example:
2051 curl --http3-only https://example.com
2052 See also --http1.1, --http2 and --http3. --http3-only requires
2054 that the underlying libcurl was built to support HTTP/3. This
2055 option is mutually exclusive to --http1.1 and -0, --http1.0 and
2056 --http2 and --http2-prior-knowledge and --http3. Added in
2057 7.88.0.
2058 --http3
2060 (HTTP) **WARNING**: this option is experimental. Do not use in
2061 production.
2062 Tells curl to try HTTP/3 to the host in the URL, but fallback to
2064 earlier HTTP versions if the HTTP/3 connection establishment
2065 fails. HTTP/3 is only available for HTTPS and not for HTTP URLs.
2066 This option allows a user to avoid using the Alt-Svc method of
2068 upgrading to HTTP/3 when you know that the target speaks HTTP/3
2069 on the given host and port.
2070 When asked to use HTTP/3, curl will issue a separate attempt to
2072 use older HTTP versions with a slight delay, so if the HTTP/3
2073 transfer fails or is very slow, curl will still try to proceed
2074 with an older HTTP version.
2075 Use --http3-only for similar functionality without a fallback.
2077 Providing --http3 multiple times has no extra effect.
2079 Example:
2081 curl --http3 https://example.com
2082 See also --http1.1 and --http2. --http3 requires that the under‐
2084 lying libcurl was built to support HTTP/3. This option is mutu‐
2085 ally exclusive to --http1.1 and -0, --http1.0 and --http2 and
2086 --http2-prior-knowledge and --http3-only. Added in 7.66.0.
2087 --ignore-content-length
2089 (FTP HTTP) For HTTP, Ignore the Content-Length header. This is
2090 particularly useful for servers running Apache 1.x, which will
2091 report incorrect Content-Length for files larger than 2 giga‐
2092 bytes.
2093 For FTP (since 7.46.0), skip the RETR command to figure out the
2095 size before downloading a file.
2096 This option does not work for HTTP if libcurl was built to use
2098 hyper.
2099 Providing --ignore-content-length multiple times has no extra
2101 effect. Disable it again with --no-ignore-content-length.
2102 Example:
2104 curl --ignore-content-length https://example.com
2105 See also --ftp-skip-pasv-ip.
2107 -i, --include
2109 Include the HTTP response headers in the output. The HTTP re‐
2110 sponse headers can include things like server name, cookies,
2111 date of the document, HTTP version and more...
2112 To view the request headers, consider the -v, --verbose option.
2114 Providing -i, --include multiple times has no extra effect.
2116 Disable it again with --no-include.
2117 Example:
2119 curl -i https://example.com
2120 See also -v, --verbose.
2122 -k, --insecure
2124 (TLS SFTP SCP) By default, every secure connection curl makes is
2125 verified to be secure before the transfer takes place. This op‐
2126 tion makes curl skip the verification step and proceed without
2127 checking.
2128 When this option is not used for protocols using TLS, curl veri‐
2130 fies the server's TLS certificate before it continues: that the
2131 certificate contains the right name which matches the host name
2132 used in the URL and that the certificate has been signed by a CA
2133 certificate present in the cert store. See this online resource
2134 for further details:
2135 https://curl.se/docs/sslcerts.html
2136 For SFTP and SCP, this option makes curl skip the known_hosts
2138 verification. known_hosts is a file normally stored in the
2139 user's home directory in the ".ssh" subdirectory, which contains
2140 host names and their public keys.
2141 WARNING: using this option makes the transfer insecure.
2143 When curl uses secure protocols it trusts responses and allows
2145 for example HSTS and Alt-Svc information to be stored and used
2146 subsequently. Using -k, --insecure can make curl trust and use
2147 such information from malicious servers.
2148 Providing -k, --insecure multiple times has no extra effect.
2150 Disable it again with --no-insecure.
2151 Example:
2153 curl --insecure https://example.com
2154 See also --proxy-insecure, --cacert and --capath.
2156 --interface <name>
2158 Perform an operation using a specified interface. You can enter
2159 interface name, IP address or host name. An example could look
2160 like:
2161 curl --interface eth0:1 https://www.example.com/
2163 On Linux it can be used to specify a VRF, but the binary needs
2165 to either have CAP_NET_RAW or to be run as root. More informa‐
2166 tion about Linux VRF: https://www.kernel.org/doc/Documenta‐
2167 tion/networking/vrf.txt
2168 If --interface is provided several times, the last set value
2170 will be used.
2171 Example:
2173 curl --interface eth0 https://example.com
2174 See also --dns-interface.
2176 -4, --ipv4
2178 This option tells curl to use IPv4 addresses only, and not for
2179 example try IPv6.
2180 Providing -4, --ipv4 multiple times has no extra effect. Dis‐
2182 able it again with --no-ipv4.
2183 Example:
2185 curl --ipv4 https://example.com
2186 See also --http1.1 and --http2. This option is mutually exclu‐
2188 sive to -6, --ipv6.
2189 -6, --ipv6
2191 This option tells curl to use IPv6 addresses only, and not for
2192 example try IPv4.
2193 Providing -6, --ipv6 multiple times has no extra effect. Dis‐
2195 able it again with --no-ipv6.
2196 Example:
2198 curl --ipv6 https://example.com
2199 See also --http1.1 and --http2. This option is mutually exclu‐
2201 sive to -4, --ipv4.
2202 --json <data>
2204 (HTTP) Sends the specified JSON data in a POST request to the
2205 HTTP server. --json works as a shortcut for passing on these
2206 three options:
2207 --data [arg]
2209 --header "Content-Type: application/json"
2210 --header "Accept: application/json"
2211 There is no verification that the passed in data is actual JSON
2213 or that the syntax is correct.
2214 If you start the data with the letter @, the rest should be a
2216 file name to read the data from, or a single dash (-) if you
2217 want curl to read the data from stdin. Posting data from a file
2218 named 'foobar' would thus be done with --json @foobar and to in‐
2219 stead read the data from stdin, use --json @-.
2220 If this option is used more than once on the same command line,
2222 the additional data pieces will be concatenated to the previous
2223 before sending.
2224 The headers this option sets can be overridden with -H, --header
2226 as usual.
2227 --json can be used several times in a command line
2229 Examples:
2231 curl --json '{ "drink": "coffe" }' https://example.com
2232 curl --json '{ "drink":' --json ' "coffe" }' https://example.com
2233 curl --json @prepared https://example.com
2234 curl --json @- https://example.com < json.txt
2235 See also --data-binary and --data-raw. This option is mutually
2237 exclusive to -F, --form and -I, --head and -T, --upload-file.
2238 Added in 7.82.0.
2239 -j, --junk-session-cookies
2241 (HTTP) When curl is told to read cookies from a given file, this
2242 option will make it discard all "session cookies". This will ba‐
2243 sically have the same effect as if a new session is started.
2244 Typical browsers always discard session cookies when they are
2245 closed down.
2246 Providing -j, --junk-session-cookies multiple times has no extra
2248 effect. Disable it again with --no-junk-session-cookies.
2249 Example:
2251 curl --junk-session-cookies -b cookies.txt https://example.com
2252 See also -b, --cookie and -c, --cookie-jar.
2254 --keepalive-time <seconds>
2256 This option sets the time a connection needs to remain idle be‐
2257 fore sending keepalive probes and the time between individual
2258 keepalive probes. It is currently effective on operating systems
2259 offering the TCP_KEEPIDLE and TCP_KEEPINTVL socket options
2260 (meaning Linux, recent AIX, HP-UX and more). Keepalives are
2261 used by the TCP stack to detect broken networks on idle connec‐
2262 tions. The number of missed keepalive probes before declaring
2263 the connection down is OS dependent and is commonly 9 or 10.
2264 This option has no effect if --no-keepalive is used.
2265 If unspecified, the option defaults to 60 seconds.
2267 If --keepalive-time is provided several times, the last set
2269 value will be used.
2270 Example:
2272 curl --keepalive-time 20 https://example.com
2273 See also --no-keepalive and -m, --max-time.
2275 --key-type <type>
2277 (TLS) Private key file type. Specify which type your --key pro‐
2278 vided private key is. DER, PEM, and ENG are supported. If not
2279 specified, PEM is assumed.
2280 If --key-type is provided several times, the last set value will
2282 be used.
2283 Example:
2285 curl --key-type DER --key here https://example.com
2286 See also --key.
2288 --key <key>
2290 (TLS SSH) Private key file name. Allows you to provide your pri‐
2291 vate key in this separate file. For SSH, if not specified, curl
2292 tries the following candidates in order: '~/.ssh/id_rsa',
2293 '~/.ssh/id_dsa', './id_rsa', './id_dsa'.
2294 If curl is built against OpenSSL library, and the engine pkcs11
2296 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
2297 ify a private key located in a PKCS#11 device. A string begin‐
2298 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
2299 PKCS#11 URI is provided, then the --engine option will be set as
2300 "pkcs11" if none was provided and the --key-type option will be
2301 set as "ENG" if none was provided.
2302 If curl is built against Secure Transport or Schannel then this
2304 option is ignored for TLS protocols (HTTPS, etc). Those backends
2305 expect the private key to be already present in the keychain or
2306 PKCS#12 file containing the certificate.
2307 If --key is provided several times, the last set value will be
2309 used.
2310 Example:
2312 curl --cert certificate --key here https://example.com
2313 See also --key-type and -E, --cert.
2315 --krb <level>
2317 (FTP) Enable Kerberos authentication and use. The level must be
2318 entered and should be one of 'clear', 'safe', 'confidential', or
2319 'private'. Should you use a level that is not one of these,
2320 'private' will instead be used.
2321 If --krb is provided several times, the last set value will be
2323 used.
2324 Example:
2326 curl --krb clear ftp://example.com/
2327 See also --delegation and --ssl. --krb requires that the under‐
2329 lying libcurl was built to support Kerberos.
2330 --libcurl <file>
2332 Append this option to any ordinary curl command line, and you
2333 will get libcurl-using C source code written to the file that
2334 does the equivalent of what your command-line operation does!
2335 This option is global and does not need to be specified for each
2337 use of --next.
2338 If --libcurl is provided several times, the last set value will
2340 be used.
2341 Example:
2343 curl --libcurl client.c https://example.com
2344 See also -v, --verbose.
2346 --limit-rate <speed>
2348 Specify the maximum transfer rate you want curl to use - for
2349 both downloads and uploads. This feature is useful if you have a
2350 limited pipe and you would like your transfer not to use your
2351 entire bandwidth. To make it slower than it otherwise would be.
2352 The given speed is measured in bytes/second, unless a suffix is
2354 appended. Appending 'k' or 'K' will count the number as kilo‐
2355 bytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it
2356 gigabytes. The suffixes (k, M, G, T, P) are 1024 based. For ex‐
2357 ample 1k is 1024. Examples: 200K, 3m and 1G.
2358 The rate limiting logic works on averaging the transfer speed to
2360 no more than the set threshold over a period of multiple sec‐
2361 onds.
2362 If you also use the -Y, --speed-limit option, that option will
2364 take precedence and might cripple the rate-limiting slightly, to
2365 help keeping the speed-limit logic working.
2366 If --limit-rate is provided several times, the last set value
2368 will be used.
2369 Examples:
2371 curl --limit-rate 100K https://example.com
2372 curl --limit-rate 1000 https://example.com
2373 curl --limit-rate 10M https://example.com
2374 See also --rate, -Y, --speed-limit and -y, --speed-time.
2376 -l, --list-only
2378 (FTP POP3) (FTP) When listing an FTP directory, this switch
2379 forces a name-only view. This is especially useful if the user
2380 wants to machine-parse the contents of an FTP directory since
2381 the normal directory view does not use a standard look or for‐
2382 mat. When used like this, the option causes an NLST command to
2383 be sent to the server instead of LIST.
2384 Note: Some FTP servers list only files in their response to
2386 NLST; they do not include sub-directories and symbolic links.
2387 (POP3) When retrieving a specific email from POP3, this switch
2389 forces a LIST command to be performed instead of RETR. This is
2390 particularly useful if the user wants to see if a specific mes‐
2391 sage-id exists on the server and what size it is.
2392 Note: When combined with -X, --request, this option can be used
2394 to send a UIDL command instead, so the user may use the email's
2395 unique identifier rather than its message-id to make the re‐
2396 quest.
2397 Providing -l, --list-only multiple times has no extra effect.
2399 Disable it again with --no-list-only.
2400 Example:
2402 curl --list-only ftp://example.com/dir/
2403 See also -Q, --quote and -X, --request.
2405 --local-port <num/range>
2407 Set a preferred single number or range (FROM-TO) of local port
2408 numbers to use for the connection(s). Note that port numbers by
2409 nature are a scarce resource that will be busy at times so set‐
2410 ting this range to something too narrow might cause unnecessary
2411 connection setup failures.
2412 If --local-port is provided several times, the last set value
2414 will be used.
2415 Example:
2417 curl --local-port 1000-3000 https://example.com
2418 See also -g, --globoff.
2420 --location-trusted
2422 (HTTP) Like -L, --location, but will allow sending the name +
2423 password to all hosts that the site may redirect to. This may or
2424 may not introduce a security breach if the site redirects you to
2425 a site to which you will send your authentication info (which is
2426 plaintext in the case of HTTP Basic authentication).
2427 Providing --location-trusted multiple times has no extra effect.
2429 Disable it again with --no-location-trusted.
2430 Example:
2432 curl --location-trusted -u user:password https://example.com
2433 See also -u, --user.
2435 -L, --location
2437 (HTTP) If the server reports that the requested page has moved
2438 to a different location (indicated with a Location: header and a
2439 3XX response code), this option will make curl redo the request
2440 on the new place. If used together with -i, --include or -I,
2441 --head, headers from all requested pages will be shown. When au‐
2442 thentication is used, curl only sends its credentials to the
2443 initial host. If a redirect takes curl to a different host, it
2444 will not be able to intercept the user+password. See also --lo‐
2445 cation-trusted on how to change this. You can limit the amount
2446 of redirects to follow by using the --max-redirs option.
2447 When curl follows a redirect and if the request is a POST, it
2449 will send the following request with a GET if the HTTP response
2450 was 301, 302, or 303. If the response code was any other 3xx
2451 code, curl will re-send the following request using the same un‐
2452 modified method.
2453 You can tell curl to not change POST requests to GET after a 30x
2455 response by using the dedicated options for that: --post301,
2456 --post302 and --post303.
2457 The method set with -X, --request overrides the method curl
2459 would otherwise select to use.
2460 Providing -L, --location multiple times has no extra effect.
2462 Disable it again with --no-location.
2463 Example:
2465 curl -L https://example.com
2466 See also --resolve and --alt-svc.
2468 --login-options <options>
2470 (IMAP LDAP POP3 SMTP) Specify the login options to use during
2471 server authentication.
2472 You can use login options to specify protocol specific options
2474 that may be used during authentication. At present only IMAP,
2475 POP3 and SMTP support login options. For more information about
2476 login options please see RFC 2384, RFC 5092 and IETF draft
2477 draft-earhart-url-smtp-00.txt
2478 If --login-options is provided several times, the last set value
2480 will be used.
2481 Example:
2483 curl --login-options 'AUTH=*' imap://example.com
2484 See also -u, --user. Added in 7.34.0.
2486 --mail-auth <address>
2488 (SMTP) Specify a single address. This will be used to specify
2489 the authentication address (identity) of a submitted message
2490 that is being relayed to another server.
2491 If --mail-auth is provided several times, the last set value
2493 will be used.
2494 Example:
2496 curl --mail-auth user@example.come -T mail smtp://example.com/
2497 See also --mail-rcpt and --mail-from.
2499 --mail-from <address>
2501 (SMTP) Specify a single address that the given mail should get
2502 sent from.
2503 If --mail-from is provided several times, the last set value
2505 will be used.
2506 Example:
2508 curl --mail-from user@example.com -T mail smtp://example.com/
2509 See also --mail-rcpt and --mail-auth.
2511 --mail-rcpt-allowfails
2513 (SMTP) When sending data to multiple recipients, by default curl
2514 will abort SMTP conversation if at least one of the recipients
2515 causes RCPT TO command to return an error.
2516 The default behavior can be changed by passing --mail-rcpt-al‐
2518 lowfails command-line option which will make curl ignore errors
2519 and proceed with the remaining valid recipients.
2520 If all recipients trigger RCPT TO failures and this flag is
2522 specified, curl will still abort the SMTP conversation and re‐
2523 turn the error received from to the last RCPT TO command.
2524 Providing --mail-rcpt-allowfails multiple times has no extra ef‐
2526 fect. Disable it again with --no-mail-rcpt-allowfails.
2527 Example:
2529 curl --mail-rcpt-allowfails --mail-rcpt dest@example.com smtp://example.com
2530 See also --mail-rcpt. Added in 7.69.0.
2532 --mail-rcpt <address>
2534 (SMTP) Specify a single email address, user name or mailing list
2535 name. Repeat this option several times to send to multiple re‐
2536 cipients.
2537 When performing an address verification (VRFY command), the re‐
2539 cipient should be specified as the user name or user name and
2540 domain (as per Section 3.5 of RFC5321). (Added in 7.34.0)
2541 When performing a mailing list expand (EXPN command), the recip‐
2543 ient should be specified using the mailing list name, such as
2544 "Friends" or "London-Office". (Added in 7.34.0)
2545 --mail-rcpt can be used several times in a command line
2547 Example:
2549 curl --mail-rcpt user@example.net smtp://example.com
2550 See also --mail-rcpt-allowfails.
2552 -M, --manual
2554 Manual. Display the huge help text.
2555 Example:
2557 curl --manual
2558 See also -v, --verbose, --libcurl and --trace.
2560 --max-filesize <bytes>
2562 (FTP HTTP MQTT) Specify the maximum size (in bytes) of a file to
2563 download. If the file requested is larger than this value, the
2564 transfer will not start and curl will return with exit code 63.
2565 A size modifier may be used. For example, Appending 'k' or 'K'
2567 will count the number as kilobytes, 'm' or 'M' makes it
2568 megabytes, while 'g' or 'G' makes it gigabytes. Examples: 200K,
2569 3m and 1G. (Added in 7.58.0)
2570 NOTE: The file size is not always known prior to download, and
2572 for such files this option has no effect even if the file trans‐
2573 fer ends up being larger than this given limit. If --max-file‐
2574 size is provided several times, the last set value will be used.
2575 Example:
2577 curl --max-filesize 100K https://example.com
2578 See also --limit-rate.
2580 --max-redirs <num>
2582 (HTTP) Set maximum number of redirections to follow. When -L,
2583 --location is used, to prevent curl from following too many
2584 redirects, by default, the limit is set to 50 redirects. Set
2585 this option to -1 to make it unlimited.
2586 If --max-redirs is provided several times, the last set value
2588 will be used.
2589 Example:
2591 curl --max-redirs 3 --location https://example.com
2592 See also -L, --location.
2594 -m, --max-time <fractional seconds>
2596 Maximum time in seconds that you allow each transfer to take.
2597 This is useful for preventing your batch jobs from hanging for
2598 hours due to slow networks or links going down. Since 7.32.0,
2599 this option accepts decimal values, but the actual timeout will
2600 decrease in accuracy as the specified timeout increases in deci‐
2601 mal precision.
2602 If you enable retrying the transfer (--retry) then the maximum
2604 time counter is reset each time the transfer is retried. You can
2605 use --retry-max-time to limit the retry time.
2606 The decimal value needs to provided using a dot (.) as decimal
2608 separator - not the local version even if it might be using an‐
2609 other separator.
2610 If -m, --max-time is provided several times, the last set value
2612 will be used.
2613 Examples:
2615 curl --max-time 10 https://example.com
2616 curl --max-time 2.92 https://example.com
2617 See also --connect-timeout and --retry-max-time.
2619 --metalink
2621 This option was previously used to specify a metalink resource.
2622 Metalink support has been disabled in curl since 7.78.0 for se‐
2623 curity reasons.
2624 If --metalink is provided several times, the last set value will
2626 be used.
2627 Example:
2629 curl --metalink file https://example.com
2630 See also -Z, --parallel.
2632 --negotiate
2634 (HTTP) Enables Negotiate (SPNEGO) authentication.
2635 This option requires a library built with GSS-API or SSPI sup‐
2637 port. Use -V, --version to see if your curl supports GSS-
2638 API/SSPI or SPNEGO.
2639 When using this option, you must also provide a fake -u, --user
2641 option to activate the authentication code properly. Sending a
2642 '-u :' is enough as the user name and password from the -u,
2643 --user option are not actually used.
2644 If this option is used several times, only the first one is
2646 used.
2647 Providing --negotiate multiple times has no extra effect.
2649 Example:
2651 curl --negotiate -u : https://example.com
2652 See also --basic, --ntlm, --anyauth and --proxy-negotiate.
2654 --netrc-file <filename>
2656 This option is similar to -n, --netrc, except that you provide
2657 the path (absolute or relative) to the netrc file that curl
2658 should use. You can only specify one netrc file per invocation.
2659 It will abide by --netrc-optional if specified.
2661 If --netrc-file is provided several times, the last set value
2663 will be used.
2664 Example:
2666 curl --netrc-file netrc https://example.com
2667 See also -n, --netrc, -u, --user and -K, --config. This option
2669 is mutually exclusive to -n, --netrc.
2670 --netrc-optional
2672 Similar to -n, --netrc, but this option makes the .netrc usage
2673 optional and not mandatory as the -n, --netrc option does.
2674 Providing --netrc-optional multiple times has no extra effect.
2676 Disable it again with --no-netrc-optional.
2677 Example:
2679 curl --netrc-optional https://example.com
2680 See also --netrc-file. This option is mutually exclusive to -n,
2682 --netrc.
2683 -n, --netrc
2685 Makes curl scan the .netrc (_netrc on Windows) file in the
2686 user's home directory for login name and password. This is typi‐
2687 cally used for FTP on Unix. If used with HTTP, curl will enable
2688 user authentication. See netrc(5) and ftp(1) for details on the
2689 file format. Curl will not complain if that file does not have
2690 the right permissions (it should be neither world- nor group-
2691 readable). The environment variable "HOME" is used to find the
2692 home directory.
2693 A quick and simple example of how to setup a .netrc to allow
2695 curl to FTP to the machine host.domain.com with user name 'my‐
2696 self' and password 'secret' could look similar to:
2697 machine host.domain.com
2699 login myself
2700 password secret
2701 Providing -n, --netrc multiple times has no extra effect. Dis‐
2703 able it again with --no-netrc.
2704 Example:
2706 curl --netrc https://example.com
2707 See also --netrc-file, -K, --config and -u, --user. This option
2709 is mutually exclusive to --netrc-file and --netrc-optional.
2710 -:, --next
2712 Tells curl to use a separate operation for the following URL and
2713 associated options. This allows you to send several URL re‐
2714 quests, each with their own specific options, for example, such
2715 as different user names or custom requests for each.
2716 -:, --next will reset all local options and only global ones
2718 will have their values survive over to the operation following
2719 the -:, --next instruction. Global options include -v, --ver‐
2720 bose, --trace, --trace-ascii and --fail-early.
2721 For example, you can do both a GET and a POST in a single com‐
2723 mand line:
2724 curl www1.example.com --next -d postthis www2.example.com
2726 -:, --next can be used several times in a command line
2728 Examples:
2730 curl https://example.com --next -d postthis www2.example.com
2731 curl -I https://example.com --next https://example.net/
2732 See also -Z, --parallel and -K, --config. Added in 7.36.0.
2734 --no-alpn
2736 (HTTPS) Disable the ALPN TLS extension. ALPN is enabled by de‐
2737 fault if libcurl was built with an SSL library that supports
2738 ALPN. ALPN is used by a libcurl that supports HTTP/2 to negoti‐
2739 ate HTTP/2 support with the server during https sessions.
2740 Providing --no-alpn multiple times has no extra effect. Disable
2742 it again with --alpn.
2743 Example:
2745 curl --no-alpn https://example.com
2746 See also --no-npn and --http2. --no-alpn requires that the un‐
2748 derlying libcurl was built to support TLS. Added in 7.36.0.
2749 -N, --no-buffer
2751 Disables the buffering of the output stream. In normal work sit‐
2752 uations, curl will use a standard buffered output stream that
2753 will have the effect that it will output the data in chunks, not
2754 necessarily exactly when the data arrives. Using this option
2755 will disable that buffering.
2756 Providing -N, --no-buffer multiple times has no extra effect.
2758 Disable it again with --buffer.
2759 Example:
2761 curl --no-buffer https://example.com
2762 See also -#, --progress-bar.
2764 --no-clobber
2766 When used in conjunction with the -o, --output, -J, --remote-
2767 header-name, -O, --remote-name, or --remote-name-all options,
2768 curl avoids overwriting files that already exist. Instead, a dot
2769 and a number gets appended to the name of the file that would be
2770 created, up to filename.100 after which it will not create any
2771 file.
2772 Note that this is the negated option name documented. You can
2774 thus use --clobber to enforce the clobbering, even if -J, --re‐
2775 mote-header-name is specified.
2776 Providing --no-clobber multiple times has no extra effect. Dis‐
2778 able it again with --clobber.
2779 Example:
2781 curl --no-clobber --output local/dir/file https://example.com
2782 See also -o, --output and -O, --remote-name. Added in 7.83.0.
2784 --no-keepalive
2786 Disables the use of keepalive messages on the TCP connection.
2787 curl otherwise enables them by default.
2788 Note that this is the negated option name documented. You can
2790 thus use --keepalive to enforce keepalive.
2791 Providing --no-keepalive multiple times has no extra effect.
2793 Disable it again with --keepalive.
2794 Example:
2796 curl --no-keepalive https://example.com
2797 See also --keepalive-time.
2799 --no-npn
2801 (HTTPS) In curl 7.86.0 and later, curl never uses NPN.
2802 Disable the NPN TLS extension. NPN is enabled by default if
2804 libcurl was built with an SSL library that supports NPN. NPN is
2805 used by a libcurl that supports HTTP/2 to negotiate HTTP/2 sup‐
2806 port with the server during https sessions.
2807 Providing --no-npn multiple times has no extra effect. Disable
2809 it again with --npn.
2810 Example:
2812 curl --no-npn https://example.com
2813 See also --no-alpn and --http2. --no-npn requires that the un‐
2815 derlying libcurl was built to support TLS. Added in 7.36.0.
2816 --no-progress-meter
2818 Option to switch off the progress meter output without muting or
2819 otherwise affecting warning and informational messages like -s,
2820 --silent does.
2821 Note that this is the negated option name documented. You can
2823 thus use --progress-meter to enable the progress meter again.
2824 Providing --no-progress-meter multiple times has no extra ef‐
2826 fect. Disable it again with --progress-meter.
2827 Example:
2829 curl --no-progress-meter -o store https://example.com
2830 See also -v, --verbose and -s, --silent. Added in 7.67.0.
2832 --no-sessionid
2834 (TLS) Disable curl's use of SSL session-ID caching. By default
2835 all transfers are done using the cache. Note that while nothing
2836 should ever get hurt by attempting to reuse SSL session-IDs,
2837 there seem to be broken SSL implementations in the wild that may
2838 require you to disable this in order for you to succeed.
2839 Note that this is the negated option name documented. You can
2841 thus use --sessionid to enforce session-ID caching.
2842 Providing --no-sessionid multiple times has no extra effect.
2844 Disable it again with --sessionid.
2845 Example:
2847 curl --no-sessionid https://example.com
2848 See also -k, --insecure.
2850 --noproxy <no-proxy-list>
2852 Comma-separated list of hosts for which not to use a proxy, if
2853 one is specified. The only wildcard is a single * character,
2854 which matches all hosts, and effectively disables the proxy.
2855 Each name in this list is matched as either a domain which con‐
2856 tains the hostname, or the hostname itself. For example, lo‐
2857 cal.com would match local.com, local.com:80, and www.local.com,
2858 but not www.notlocal.com.
2859 Since 7.53.0, This option overrides the environment variables
2861 that disable the proxy ('no_proxy' and 'NO_PROXY'). If there's
2862 an environment variable disabling a proxy, you can set the no‐
2863 proxy list to "" to override it.
2864 Since 7.86.0, IP addresses specified to this option can be pro‐
2866 vided using CIDR notation: an appended slash and number speci‐
2867 fies the number of "network bits" out of the address to use in
2868 the comparison. For example "192.168.0.0/16" would match all ad‐
2869 dresses starting with "192.168".
2870 If --noproxy is provided several times, the last set value will
2872 be used.
2873 Example:
2875 curl --noproxy "www.example" https://example.com
2876 See also -x, --proxy.
2878 --ntlm-wb
2880 (HTTP) Enables NTLM much in the style --ntlm does, but hand over
2881 the authentication to the separate binary ntlmauth application
2882 that is executed when needed.
2883 Providing --ntlm-wb multiple times has no extra effect.
2885 Example:
2887 curl --ntlm-wb -u user:password https://example.com
2888 See also --ntlm and --proxy-ntlm.
2890 --ntlm (HTTP) Enables NTLM authentication. The NTLM authentication
2892 method was designed by Microsoft and is used by IIS web servers.
2893 It is a proprietary protocol, reverse-engineered by clever peo‐
2894 ple and implemented in curl based on their efforts. This kind of
2895 behavior should not be endorsed, you should encourage everyone
2896 who uses NTLM to switch to a public and documented authentica‐
2897 tion method instead, such as Digest.
2898 If you want to enable NTLM for your proxy authentication, then
2900 use --proxy-ntlm.
2901 If this option is used several times, only the first one is
2903 used.
2904 Providing --ntlm multiple times has no extra effect.
2906 Example:
2908 curl --ntlm -u user:password https://example.com
2909 See also --proxy-ntlm. --ntlm requires that the underlying
2911 libcurl was built to support TLS. This option is mutually exclu‐
2912 sive to --basic and --negotiate and --digest and --anyauth.
2913 --oauth2-bearer <token>
2915 (IMAP LDAP POP3 SMTP HTTP) Specify the Bearer Token for OAUTH
2916 2.0 server authentication. The Bearer Token is used in conjunc‐
2917 tion with the user name which can be specified as part of the
2918 --url or -u, --user options.
2919 The Bearer Token and user name are formatted according to RFC
2921 6750.
2922 If --oauth2-bearer is provided several times, the last set value
2924 will be used.
2925 Example:
2927 curl --oauth2-bearer "mF_9.B5f-4.1JqM" https://example.com
2928 See also --basic, --ntlm and --digest. Added in 7.33.0.
2930 --output-dir <dir>
2932 This option specifies the directory in which files should be
2933 stored, when -O, --remote-name or -o, --output are used.
2934 The given output directory is used for all URLs and output op‐
2936 tions on the command line, up until the first -:, --next.
2937 If the specified target directory does not exist, the operation
2939 will fail unless --create-dirs is also used.
2940 If --output-dir is provided several times, the last set value
2942 will be used.
2943 Example:
2945 curl --output-dir "tmp" -O https://example.com
2946 See also -O, --remote-name and -J, --remote-header-name. Added
2948 in 7.73.0.
2949 -o, --output <file>
2951 Write output to <file> instead of stdout. If you are using {} or
2952 [] to fetch multiple documents, you should quote the URL and you
2953 can use '#' followed by a number in the <file> specifier. That
2954 variable will be replaced with the current string for the URL
2955 being fetched. Like in:
2956 curl "http://{one,two}.example.com" -o "file_#1.txt"
2958 or use several variables like:
2960 curl "http://{site,host}.host[1-5].com" -o "#1_#2"
2962 You may use this option as many times as the number of URLs you
2964 have. For example, if you specify two URLs on the same command
2965 line, you can use it like this:
2966 curl -o aa example.com -o bb example.net
2968 and the order of the -o options and the URLs does not matter,
2970 just that the first -o is for the first URL and so on, so the
2971 above command line can also be written as
2972 curl example.com example.net -o aa -o bb
2974 See also the --create-dirs option to create the local directo‐
2976 ries dynamically. Specifying the output as '-' (a single dash)
2977 will force the output to be done to stdout.
2978 To suppress response bodies, you can redirect output to
2980 /dev/null:
2981 curl example.com -o /dev/null
2983 Or for Windows use nul:
2985 curl example.com -o nul
2987 -o, --output can be used several times in a command line
2989 Examples:
2991 curl -o file https://example.com
2992 curl "http://{one,two}.example.com" -o "file_#1.txt"
2993 curl "http://{site,host}.host[1-5].com" -o "#1_#2"
2994 curl -o file https://example.com -o file2 https://example.net
2995 See also -O, --remote-name, --remote-name-all and -J, --remote-
2997 header-name.
2998 --parallel-immediate
3000 When doing parallel transfers, this option will instruct curl
3001 that it should rather prefer opening up more connections in par‐
3002 allel at once rather than waiting to see if new transfers can be
3003 added as multiplexed streams on another connection.
3004 This option is global and does not need to be specified for each
3006 use of --next.
3007 Providing --parallel-immediate multiple times has no extra ef‐
3009 fect. Disable it again with --no-parallel-immediate.
3010 Example:
3012 curl --parallel-immediate -Z https://example.com -o file1 https://example.com -o file2
3013 See also -Z, --parallel and --parallel-max. Added in 7.68.0.
3015 --parallel-max <num>
3017 When asked to do parallel transfers, using -Z, --parallel, this
3018 option controls the maximum amount of transfers to do simultane‐
3019 ously.
3020 This option is global and does not need to be specified for each
3022 use of -:, --next.
3023 The default is 50.
3025 If --parallel-max is provided several times, the last set value
3027 will be used.
3028 Example:
3030 curl --parallel-max 100 -Z https://example.com ftp://example.com/
3031 See also -Z, --parallel. Added in 7.66.0.
3033 -Z, --parallel
3035 Makes curl perform its transfers in parallel as compared to the
3036 regular serial manner.
3037 This option is global and does not need to be specified for each
3039 use of --next.
3040 Providing -Z, --parallel multiple times has no extra effect.
3042 Disable it again with --no-parallel.
3043 Example:
3045 curl --parallel https://example.com -o file1 https://example.com -o file2
3046 See also -:, --next and -v, --verbose. Added in 7.66.0.
3048 --pass <phrase>
3050 (SSH TLS) Passphrase for the private key.
3051 If --pass is provided several times, the last set value will be
3053 used.
3054 Example:
3056 curl --pass secret --key file https://example.com
3057 See also --key and -u, --user.
3059 --path-as-is
3061 Tell curl to not handle sequences of /../ or /./ in the given
3062 URL path. Normally curl will squash or merge them according to
3063 standards but with this option set you tell it not to do that.
3064 Providing --path-as-is multiple times has no extra effect. Dis‐
3066 able it again with --no-path-as-is.
3067 Example:
3069 curl --path-as-is https://example.com/../../etc/passwd
3070 See also --request-target. Added in 7.42.0.
3072 --pinnedpubkey <hashes>
3074 (TLS) Tells curl to use the specified public key file (or
3075 hashes) to verify the peer. This can be a path to a file which
3076 contains a single public key in PEM or DER format, or any number
3077 of base64 encoded sha256 hashes preceded by 'sha256//' and sepa‐
3078 rated by ';'.
3079 When negotiating a TLS or SSL connection, the server sends a
3081 certificate indicating its identity. A public key is extracted
3082 from this certificate and if it does not exactly match the pub‐
3083 lic key provided to this option, curl will abort the connection
3084 before sending or receiving any data.
3085 PEM/DER support:
3087 7.39.0: OpenSSL, GnuTLS and GSKit
3089 7.43.0: NSS and wolfSSL
3091 7.47.0: mbedtls
3093 sha256 support:
3095 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL
3097 7.47.0: mbedtls
3099 Other SSL backends not supported.
3101 If --pinnedpubkey is provided several times, the last set value
3103 will be used.
3104 Examples:
3106 curl --pinnedpubkey keyfile https://example.com
3107 curl --pinnedpubkey 'sha256//ce118b51897f4452dc' https://example.com
3108 See also --hostpubsha256. Added in 7.39.0.
3110 --post301
3112 (HTTP) Tells curl to respect RFC 7231/6.4.2 and not convert POST
3113 requests into GET requests when following a 301 redirection. The
3114 non-RFC behavior is ubiquitous in web browsers, so curl does the
3115 conversion by default to maintain consistency. However, a server
3116 may require a POST to remain a POST after such a redirection.
3117 This option is meaningful only when using -L, --location.
3118 Providing --post301 multiple times has no extra effect. Disable
3120 it again with --no-post301.
3121 Example:
3123 curl --post301 --location -d "data" https://example.com
3124 See also --post302, --post303 and -L, --location.
3126 --post302
3128 (HTTP) Tells curl to respect RFC 7231/6.4.3 and not convert POST
3129 requests into GET requests when following a 302 redirection. The
3130 non-RFC behavior is ubiquitous in web browsers, so curl does the
3131 conversion by default to maintain consistency. However, a server
3132 may require a POST to remain a POST after such a redirection.
3133 This option is meaningful only when using -L, --location.
3134 Providing --post302 multiple times has no extra effect. Disable
3136 it again with --no-post302.
3137 Example:
3139 curl --post302 --location -d "data" https://example.com
3140 See also --post301, --post303 and -L, --location.
3142 --post303
3144 (HTTP) Tells curl to violate RFC 7231/6.4.4 and not convert POST
3145 requests into GET requests when following 303 redirections. A
3146 server may require a POST to remain a POST after a 303 redirect‐
3147 ion. This option is meaningful only when using -L, --location.
3148 Providing --post303 multiple times has no extra effect. Disable
3150 it again with --no-post303.
3151 Example:
3153 curl --post303 --location -d "data" https://example.com
3154 See also --post302, --post301 and -L, --location.
3156 --preproxy [protocol://]host[:port]
3158 Use the specified SOCKS proxy before connecting to an HTTP or
3159 HTTPS -x, --proxy. In such a case curl first connects to the
3160 SOCKS proxy and then connects (through SOCKS) to the HTTP or
3161 HTTPS proxy. Hence pre proxy.
3162 The pre proxy string should be specified with a protocol:// pre‐
3164 fix to specify alternative proxy protocols. Use socks4://,
3165 socks4a://, socks5:// or socks5h:// to request the specific
3166 SOCKS version to be used. No protocol specified will make curl
3167 default to SOCKS4.
3168 If the port number is not specified in the proxy string, it is
3170 assumed to be 1080.
3171 User and password that might be provided in the proxy string are
3173 URL decoded by curl. This allows you to pass in special charac‐
3174 ters such as @ by using %40 or pass in a colon with %3a.
3175 If --preproxy is provided several times, the last set value will
3177 be used.
3178 Example:
3180 curl --preproxy socks5://proxy.example -x http://http.example https://example.com
3181 See also -x, --proxy and --socks5. Added in 7.52.0.
3183 -#, --progress-bar
3185 Make curl display transfer progress as a simple progress bar in‐
3186 stead of the standard, more informational, meter.
3187 This progress bar draws a single line of '#' characters across
3189 the screen and shows a percentage if the transfer size is known.
3190 For transfers without a known size, there will be space ship
3191 (-=o=-) that moves back and forth but only while data is being
3192 transferred, with a set of flying hash sign symbols on top.
3193 This option is global and does not need to be specified for each
3195 use of --next.
3196 Providing -#, --progress-bar multiple times has no extra effect.
3198 Disable it again with --no-progress-bar.
3199 Example:
3201 curl -# -O https://example.com
3202 See also --styled-output.
3204 --proto-default <protocol>
3206 Tells curl to use protocol for any URL missing a scheme name.
3207 An unknown or unsupported protocol causes error CURLE_UNSUP‐
3209 PORTED_PROTOCOL (1).
3210 This option does not change the default proxy protocol (http).
3212 Without this option set, curl guesses protocol based on the host
3214 name, see --url for details.
3215 If --proto-default is provided several times, the last set value
3217 will be used.
3218 Example:
3220 curl --proto-default https ftp.example.com
3221 See also --proto and --proto-redir. Added in 7.45.0.
3223 --proto-redir <protocols>
3225 Tells curl to limit what protocols it may use on redirect. Pro‐
3226 tocols denied by --proto are not overridden by this option. See
3227 --proto for how protocols are represented.
3228 Example, allow only HTTP and HTTPS on redirect:
3230 curl --proto-redir -all,http,https http://example.com
3232 By default curl will only allow HTTP, HTTPS, FTP and FTPS on re‐
3234 direct (since 7.65.2). Specifying all or +all enables all proto‐
3235 cols on redirects, which is not good for security.
3236 If --proto-redir is provided several times, the last set value
3238 will be used.
3239 Example:
3241 curl --proto-redir =http,https https://example.com
3242 See also --proto.
3244 --proto <protocols>
3246 Tells curl to limit what protocols it may use for transfers.
3247 Protocols are evaluated left to right, are comma separated, and
3248 are each a protocol name or 'all', optionally prefixed by zero
3249 or more modifiers. Available modifiers are:
3250 + Permit this protocol in addition to protocols already permit‐
3252 ted (this is the default if no modifier is used).
3253 - Deny this protocol, removing it from the list of protocols
3255 already permitted.
3256 = Permit only this protocol (ignoring the list already permit‐
3258 ted), though subject to later modification by subsequent en‐
3259 tries in the comma separated list.
3260 For example:
3262 --proto -ftps uses the default protocols, but disables ftps
3264 --proto -all,https,+http
3266 only enables http and https
3267 --proto =http,https
3269 also only enables http and https
3270 Unknown and disabled protocols produce a warning. This allows
3272 scripts to safely rely on being able to disable potentially dan‐
3273 gerous protocols, without relying upon support for that protocol
3274 being built into curl to avoid an error.
3275 This option can be used multiple times, in which case the effect
3277 is the same as concatenating the protocols into one instance of
3278 the option.
3279 If --proto is provided several times, the last set value will be
3281 used.
3282 Example:
3284 curl --proto =http,https,sftp https://example.com
3285 See also --proto-redir and --proto-default.
3287 --proxy-anyauth
3289 Tells curl to pick a suitable authentication method when commu‐
3290 nicating with the given HTTP proxy. This might cause an extra
3291 request/response round-trip.
3292 Providing --proxy-anyauth multiple times has no extra effect.
3294 Example:
3296 curl --proxy-anyauth --proxy-user user:passwd -x proxy https://example.com
3297 See also -x, --proxy, --proxy-basic and --proxy-digest.
3299 --proxy-basic
3301 Tells curl to use HTTP Basic authentication when communicating
3302 with the given proxy. Use --basic for enabling HTTP Basic with a
3303 remote host. Basic is the default authentication method curl
3304 uses with proxies.
3305 Providing --proxy-basic multiple times has no extra effect.
3307 Example:
3309 curl --proxy-basic --proxy-user user:passwd -x proxy https://example.com
3310 See also -x, --proxy, --proxy-anyauth and --proxy-digest.
3312 --proxy-cacert <file>
3314 Same as --cacert but used in HTTPS proxy context.
3315 If --proxy-cacert is provided several times, the last set value
3317 will be used.
3318 Example:
3320 curl --proxy-cacert CA-file.txt -x https://proxy https://example.com
3321 See also --proxy-capath, --cacert, --capath and -x, --proxy.
3323 Added in 7.52.0.
3324 --proxy-capath <dir>
3326 Same as --capath but used in HTTPS proxy context.
3327 If --proxy-capath is provided several times, the last set value
3329 will be used.
3330 Example:
3332 curl --proxy-capath /local/directory -x https://proxy https://example.com
3333 See also --proxy-cacert, -x, --proxy and --capath. Added in
3335 7.52.0.
3336 --proxy-cert-type <type>
3338 Same as --cert-type but used in HTTPS proxy context.
3339 If --proxy-cert-type is provided several times, the last set
3341 value will be used.
3342 Example:
3344 curl --proxy-cert-type PEM --proxy-cert file -x https://proxy https://example.com
3345 See also --proxy-cert. Added in 7.52.0.
3347 --proxy-cert <cert[:passwd]>
3349 Same as -E, --cert but used in HTTPS proxy context.
3350 If --proxy-cert is provided several times, the last set value
3352 will be used.
3353 Example:
3355 curl --proxy-cert file -x https://proxy https://example.com
3356 See also --proxy-cert-type. Added in 7.52.0.
3358 --proxy-ciphers <list>
3360 Same as --ciphers but used in HTTPS proxy context.
3361 If --proxy-ciphers is provided several times, the last set value
3363 will be used.
3364 Example:
3366 curl --proxy-ciphers ECDHE-ECDSA-AES256-CCM8 -x https://proxy https://example.com
3367 See also --ciphers, --curves and -x, --proxy. Added in 7.52.0.
3369 --proxy-crlfile <file>
3371 Same as --crlfile but used in HTTPS proxy context.
3372 If --proxy-crlfile is provided several times, the last set value
3374 will be used.
3375 Example:
3377 curl --proxy-crlfile rejects.txt -x https://proxy https://example.com
3378 See also --crlfile and -x, --proxy. Added in 7.52.0.
3380 --proxy-digest
3382 Tells curl to use HTTP Digest authentication when communicating
3383 with the given proxy. Use --digest for enabling HTTP Digest with
3384 a remote host.
3385 Providing --proxy-digest multiple times has no extra effect.
3387 Example:
3389 curl --proxy-digest --proxy-user user:passwd -x proxy https://example.com
3390 See also -x, --proxy, --proxy-anyauth and --proxy-basic.
3392 --proxy-header <header/@file>
3394 (HTTP) Extra header to include in the request when sending HTTP
3395 to a proxy. You may specify any number of extra headers. This is
3396 the equivalent option to -H, --header but is for proxy communi‐
3397 cation only like in CONNECT requests when you want a separate
3398 header sent to the proxy to what is sent to the actual remote
3399 host.
3400 curl will make sure that each header you add/replace is sent
3402 with the proper end-of-line marker, you should thus not add that
3403 as a part of the header content: do not add newlines or carriage
3404 returns, they will only mess things up for you.
3405 Headers specified with this option will not be included in re‐
3407 quests that curl knows will not be sent to a proxy.
3408 Starting in 7.55.0, this option can take an argument in @file‐
3410 name style, which then adds a header for each line in the input
3411 file. Using @- will make curl read the header file from stdin.
3412 This option can be used multiple times to add/replace/remove
3414 multiple headers.
3415 --proxy-header can be used several times in a command line
3417 Examples:
3419 curl --proxy-header "X-First-Name: Joe" -x http://proxy https://example.com
3420 curl --proxy-header "User-Agent: surprise" -x http://proxy https://example.com
3421 curl --proxy-header "Host:" -x http://proxy https://example.com
3422 See also -x, --proxy. Added in 7.37.0.
3424 --proxy-insecure
3426 Same as -k, --insecure but used in HTTPS proxy context.
3427 Providing --proxy-insecure multiple times has no extra effect.
3429 Disable it again with --no-proxy-insecure.
3430 Example:
3432 curl --proxy-insecure -x https://proxy https://example.com
3433 See also -x, --proxy and -k, --insecure. Added in 7.52.0.
3435 --proxy-key-type <type>
3437 Same as --key-type but used in HTTPS proxy context.
3438 If --proxy-key-type is provided several times, the last set
3440 value will be used.
3441 Example:
3443 curl --proxy-key-type DER --proxy-key here -x https://proxy https://example.com
3444 See also --proxy-key and -x, --proxy. Added in 7.52.0.
3446 --proxy-key <key>
3448 Same as --key but used in HTTPS proxy context.
3449 If --proxy-key is provided several times, the last set value
3451 will be used.
3452 Example:
3454 curl --proxy-key here -x https://proxy https://example.com
3455 See also --proxy-key-type and -x, --proxy. Added in 7.52.0.
3457 --proxy-negotiate
3459 Tells curl to use HTTP Negotiate (SPNEGO) authentication when
3460 communicating with the given proxy. Use --negotiate for enabling
3461 HTTP Negotiate (SPNEGO) with a remote host.
3462 Providing --proxy-negotiate multiple times has no extra effect.
3464 Example:
3466 curl --proxy-negotiate --proxy-user user:passwd -x proxy https://example.com
3467 See also --proxy-anyauth and --proxy-basic.
3469 --proxy-ntlm
3471 Tells curl to use HTTP NTLM authentication when communicating
3472 with the given proxy. Use --ntlm for enabling NTLM with a remote
3473 host.
3474 Providing --proxy-ntlm multiple times has no extra effect.
3476 Example:
3478 curl --proxy-ntlm --proxy-user user:passwd -x http://proxy https://example.com
3479 See also --proxy-negotiate and --proxy-anyauth.
3481 --proxy-pass <phrase>
3483 Same as --pass but used in HTTPS proxy context.
3484 If --proxy-pass is provided several times, the last set value
3486 will be used.
3487 Example:
3489 curl --proxy-pass secret --proxy-key here -x https://proxy https://example.com
3490 See also -x, --proxy and --proxy-key. Added in 7.52.0.
3492 --proxy-pinnedpubkey <hashes>
3494 (TLS) Tells curl to use the specified public key file (or
3495 hashes) to verify the proxy. This can be a path to a file which
3496 contains a single public key in PEM or DER format, or any number
3497 of base64 encoded sha256 hashes preceded by 'sha256//' and sepa‐
3498 rated by ';'.
3499 When negotiating a TLS or SSL connection, the server sends a
3501 certificate indicating its identity. A public key is extracted
3502 from this certificate and if it does not exactly match the pub‐
3503 lic key provided to this option, curl will abort the connection
3504 before sending or receiving any data.
3505 If --proxy-pinnedpubkey is provided several times, the last set
3507 value will be used.
3508 Examples:
3510 curl --proxy-pinnedpubkey keyfile https://example.com
3511 curl --proxy-pinnedpubkey 'sha256//ce118b51897f4452dc' https://example.com
3512 See also --pinnedpubkey and -x, --proxy. Added in 7.59.0.
3514 --proxy-service-name <name>
3516 This option allows you to change the service name for proxy ne‐
3517 gotiation.
3518 If --proxy-service-name is provided several times, the last set
3520 value will be used.
3521 Example:
3523 curl --proxy-service-name "shrubbery" -x proxy https://example.com
3524 See also --service-name and -x, --proxy. Added in 7.43.0.
3526 --proxy-ssl-allow-beast
3528 Same as --ssl-allow-beast but used in HTTPS proxy context.
3529 Providing --proxy-ssl-allow-beast multiple times has no extra
3531 effect. Disable it again with --no-proxy-ssl-allow-beast.
3532 Example:
3534 curl --proxy-ssl-allow-beast -x https://proxy https://example.com
3535 See also --ssl-allow-beast and -x, --proxy. Added in 7.52.0.
3537 --proxy-ssl-auto-client-cert
3539 Same as --ssl-auto-client-cert but used in HTTPS proxy context.
3540 Providing --proxy-ssl-auto-client-cert multiple times has no ex‐
3542 tra effect. Disable it again with --no-proxy-ssl-auto-client-
3543 cert.
3544 Example:
3546 curl --proxy-ssl-auto-client-cert -x https://proxy https://example.com
3547 See also --ssl-auto-client-cert and -x, --proxy. Added in
3549 7.77.0.
3550 --proxy-tls13-ciphers <ciphersuite list>
3552 (TLS) Specifies which cipher suites to use in the connection to
3553 your HTTPS proxy when it negotiates TLS 1.3. The list of ciphers
3554 suites must specify valid ciphers. Read up on TLS 1.3 cipher
3555 suite details on this URL:
3556 https://curl.se/docs/ssl-ciphers.html
3558 This option is currently used only when curl is built to use
3560 OpenSSL 1.1.1 or later. If you are using a different SSL backend
3561 you can try setting TLS 1.3 cipher suites by using the --proxy-
3562 ciphers option.
3563 If --proxy-tls13-ciphers is provided several times, the last set
3565 value will be used.
3566 Example:
3568 curl --proxy-tls13-ciphers TLS_AES_128_GCM_SHA256 -x proxy https://example.com
3569 See also --tls13-ciphers and --curves. Added in 7.61.0.
3571 --proxy-tlsauthtype <type>
3573 Same as --tlsauthtype but used in HTTPS proxy context.
3574 If --proxy-tlsauthtype is provided several times, the last set
3576 value will be used.
3577 Example:
3579 curl --proxy-tlsauthtype SRP -x https://proxy https://example.com
3580 See also -x, --proxy and --proxy-tlsuser. Added in 7.52.0.
3582 --proxy-tlspassword <string>
3584 Same as --tlspassword but used in HTTPS proxy context.
3585 If --proxy-tlspassword is provided several times, the last set
3587 value will be used.
3588 Example:
3590 curl --proxy-tlspassword passwd -x https://proxy https://example.com
3591 See also -x, --proxy and --proxy-tlsuser. Added in 7.52.0.
3593 --proxy-tlsuser <name>
3595 Same as --tlsuser but used in HTTPS proxy context.
3596 If --proxy-tlsuser is provided several times, the last set value
3598 will be used.
3599 Example:
3601 curl --proxy-tlsuser smith -x https://proxy https://example.com
3602 See also -x, --proxy and --proxy-tlspassword. Added in 7.52.0.
3604 --proxy-tlsv1
3606 Same as -1, --tlsv1 but used in HTTPS proxy context.
3607 Providing --proxy-tlsv1 multiple times has no extra effect.
3609 Example:
3611 curl --proxy-tlsv1 -x https://proxy https://example.com
3612 See also -x, --proxy. Added in 7.52.0.
3614 -U, --proxy-user <user:password>
3616 Specify the user name and password to use for proxy authentica‐
3617 tion.
3618 If you use a Windows SSPI-enabled curl binary and do either Ne‐
3620 gotiate or NTLM authentication then you can tell curl to select
3621 the user name and password from your environment by specifying a
3622 single colon with this option: "-U :".
3623 On systems where it works, curl will hide the given option argu‐
3625 ment from process listings. This is not enough to protect cre‐
3626 dentials from possibly getting seen by other users on the same
3627 system as they will still be visible for a moment before
3628 cleared. Such sensitive data should be retrieved from a file in‐
3629 stead or similar and never used in clear text in a command line.
3630 If -U, --proxy-user is provided several times, the last set
3632 value will be used.
3633 Example:
3635 curl --proxy-user name:pwd -x proxy https://example.com
3636 See also --proxy-pass.
3638 -x, --proxy [protocol://]host[:port]
3640 Use the specified proxy.
3641 The proxy string can be specified with a protocol:// prefix. No
3643 protocol specified or http:// will be treated as HTTP proxy. Use
3644 socks4://, socks4a://, socks5:// or socks5h:// to request a spe‐
3645 cific SOCKS version to be used.
3646 Unix domain sockets are supported for socks proxy. Set localhost
3649 for the host part. e.g. socks5h://localhost/path/to/socket.sock
3650 HTTPS proxy support via https:// protocol prefix was added in
3652 7.52.0 for OpenSSL, GnuTLS and NSS.
3653 Unrecognized and unsupported proxy protocols cause an error
3655 since 7.52.0. Prior versions may ignore the protocol and use
3656 http:// instead.
3657 If the port number is not specified in the proxy string, it is
3659 assumed to be 1080.
3660 This option overrides existing environment variables that set
3662 the proxy to use. If there's an environment variable setting a
3663 proxy, you can set proxy to "" to override it.
3664 All operations that are performed over an HTTP proxy will trans‐
3666 parently be converted to HTTP. It means that certain protocol
3667 specific operations might not be available. This is not the case
3668 if you can tunnel through the proxy, as one with the -p, --prox‐
3669 ytunnel option.
3670 User and password that might be provided in the proxy string are
3672 URL decoded by curl. This allows you to pass in special charac‐
3673 ters such as @ by using %40 or pass in a colon with %3a.
3674 The proxy host can be specified the same way as the proxy envi‐
3676 ronment variables, including the protocol prefix (http://) and
3677 the embedded user + password.
3678 When a proxy is used, the active FTP mode as set with -P, --ftp-
3680 port, cannot be used.
3681 If -x, --proxy is provided several times, the last set value
3683 will be used.
3684 Example:
3686 curl --proxy http://proxy.example https://example.com
3687 See also --socks5 and --proxy-basic.
3689 --proxy1.0 <host[:port]>
3691 Use the specified HTTP 1.0 proxy. If the port number is not
3692 specified, it is assumed at port 1080.
3693 The only difference between this and the HTTP proxy option -x,
3695 --proxy, is that attempts to use CONNECT through the proxy will
3696 specify an HTTP 1.0 protocol instead of the default HTTP 1.1.
3697 Providing --proxy1.0 multiple times has no extra effect.
3699 Example:
3701 curl --proxy1.0 -x http://proxy https://example.com
3702 See also -x, --proxy, --socks5 and --preproxy.
3704 -p, --proxytunnel
3706 When an HTTP proxy is used -x, --proxy, this option will make
3707 curl tunnel through the proxy. The tunnel approach is made with
3708 the HTTP proxy CONNECT request and requires that the proxy al‐
3709 lows direct connect to the remote port number curl wants to tun‐
3710 nel through to.
3711 To suppress proxy CONNECT response headers when curl is set to
3713 output headers use --suppress-connect-headers.
3714 Providing -p, --proxytunnel multiple times has no extra effect.
3716 Disable it again with --no-proxytunnel.
3717 Example:
3719 curl --proxytunnel -x http://proxy https://example.com
3720 See also -x, --proxy.
3722 --pubkey <key>
3724 (SFTP SCP) Public key file name. Allows you to provide your pub‐
3725 lic key in this separate file.
3726 (As of 7.39.0, curl attempts to automatically extract the public
3728 key from the private key file, so passing this option is gener‐
3729 ally not required. Note that this public key extraction requires
3730 libcurl to be linked against a copy of libssh2 1.2.8 or higher
3731 that is itself linked against OpenSSL.)
3732 If --pubkey is provided several times, the last set value will
3734 be used.
3735 Example:
3737 curl --pubkey file.pub sftp://example.com/
3738 See also --pass.
3740 -Q, --quote <command>
3742 (FTP SFTP) Send an arbitrary command to the remote FTP or SFTP
3743 server. Quote commands are sent BEFORE the transfer takes place
3744 (just after the initial PWD command in an FTP transfer, to be
3745 exact). To make commands take place after a successful transfer,
3746 prefix them with a dash '-'.
3747 (FTP only) To make commands be sent after curl has changed the
3749 working directory, just before the file transfer command(s),
3750 prefix the command with a '+'. This is not performed when a di‐
3751 rectory listing is performed.
3752 You may specify any number of commands.
3754 By default curl will stop at first failure. To make curl con‐
3756 tinue even if the command fails, prefix the command with an as‐
3757 terisk (*). Otherwise, if the server returns failure for one of
3758 the commands, the entire operation will be aborted.
3759 You must send syntactically correct FTP commands as RFC 959 de‐
3761 fines to FTP servers, or one of the commands listed below to
3762 SFTP servers.
3763 This option can be used multiple times.
3765 SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP
3767 quote commands itself before sending them to the server. File
3768 names may be quoted shell-style to embed spaces or special char‐
3769 acters. Following is the list of all supported SFTP quote com‐
3770 mands:
3771 atime date file
3773 The atime command sets the last access time of the file
3774 named by the file operand. The <date expression> can be
3775 all sorts of date strings, see the curl_getdate(3) man
3776 page for date expression details. (Added in 7.73.0)
3777 chgrp group file
3779 The chgrp command sets the group ID of the file named by
3780 the file operand to the group ID specified by the group
3781 operand. The group operand is a decimal integer group ID.
3782 chmod mode file
3784 The chmod command modifies the file mode bits of the
3785 specified file. The mode operand is an octal integer mode
3786 number.
3787 chown user file
3789 The chown command sets the owner of the file named by the
3790 file operand to the user ID specified by the user oper‐
3791 and. The user operand is a decimal integer user ID.
3792 ln source_file target_file
3794 The ln and symlink commands create a symbolic link at the
3795 target_file location pointing to the source_file loca‐
3796 tion.
3797 mkdir directory_name
3799 The mkdir command creates the directory named by the di‐
3800 rectory_name operand.
3801 mtime date file
3803 The mtime command sets the last modification time of the
3804 file named by the file operand. The <date expression> can
3805 be all sorts of date strings, see the curl_getdate(3) man
3806 page for date expression details. (Added in 7.73.0)
3807 pwd The pwd command returns the absolute pathname of the cur‐
3809 rent working directory.
3810 rename source target
3812 The rename command renames the file or directory named by
3813 the source operand to the destination path named by the
3814 target operand.
3815 rm file
3817 The rm command removes the file specified by the file op‐
3818 erand.
3819 rmdir directory
3821 The rmdir command removes the directory entry specified
3822 by the directory operand, provided it is empty.
3823 symlink source_file target_file
3825 See ln.
3826 -Q, --quote can be used several times in a command line
3828 Example:
3830 curl --quote "DELE file" ftp://example.com/foo
3831 See also -X, --request.
3833 --random-file <file>
3835 Deprecated option. This option is ignored by curl since 7.84.0.
3836 Prior to that it only had an effect on curl if built to use old
3837 versions of OpenSSL.
3838 Specify the path name to file containing what will be considered
3840 as random data. The data may be used to seed the random engine
3841 for SSL connections.
3842 If --random-file is provided several times, the last set value
3844 will be used.
3845 Example:
3847 curl --random-file rubbish https://example.com
3848 See also --egd-file.
3850 -r, --range <range>
3852 (HTTP FTP SFTP FILE) Retrieve a byte range (i.e. a partial docu‐
3853 ment) from an HTTP/1.1, FTP or SFTP server or a local FILE.
3854 Ranges can be specified in a number of ways.
3855 0-499 specifies the first 500 bytes
3857 500-999 specifies the second 500 bytes
3859 -500 specifies the last 500 bytes
3861 9500- specifies the bytes from offset 9500 and forward
3863 0-0,-1 specifies the first and last byte only(*)(HTTP)
3865 100-199,500-599
3867 specifies two separate 100-byte ranges(*) (HTTP)
3868 (*) = NOTE that this will cause the server to reply with a mul‐
3870 tipart response, which will be returned as-is by curl! Parsing
3871 or otherwise transforming this response is the responsibility of
3872 the caller.
3873 Only digit characters (0-9) are valid in the 'start' and 'stop'
3875 fields of the 'start-stop' range syntax. If a non-digit charac‐
3876 ter is given in the range, the server's response will be unspec‐
3877 ified, depending on the server's configuration.
3878 You should also be aware that many HTTP/1.1 servers do not have
3880 this feature enabled, so that when you attempt to get a range,
3881 you will instead get the whole document.
3882 FTP and SFTP range downloads only support the simple 'start-
3884 stop' syntax (optionally with one of the numbers omitted). FTP
3885 use depends on the extended FTP command SIZE.
3886 If -r, --range is provided several times, the last set value
3888 will be used.
3889 Example:
3891 curl --range 22-44 https://example.com
3892 See also -C, --continue-at and -a, --append.
3894 --rate <max request rate>
3896 Specify the maximum transfer frequency you allow curl to use -
3897 in number of transfer starts per time unit (sometimes called re‐
3898 quest rate). Without this option, curl will start the next
3899 transfer as fast as possible.
3900 If given several URLs and a transfer completes faster than the
3902 allowed rate, curl will wait until the next transfer is started
3903 to maintain the requested rate. This option has no effect when
3904 -Z, --parallel is used.
3905 The request rate is provided as "N/U" where N is an integer num‐
3907 ber and U is a time unit. Supported units are 's' (second), 'm'
3908 (minute), 'h' (hour) and 'd' /(day, as in a 24 hour unit). The
3909 default time unit, if no "/U" is provided, is number of trans‐
3910 fers per hour.
3911 If curl is told to allow 10 requests per minute, it will not
3913 start the next request until 6 seconds have elapsed since the
3914 previous transfer was started.
3915 This function uses millisecond resolution. If the allowed fre‐
3917 quency is set more than 1000 per second, it will instead run un‐
3918 restricted.
3919 When retrying transfers, enabled with --retry, the separate
3921 retry delay logic is used and not this setting.
3922 This option is global and does not need to be specified for each
3924 use of --next.
3925 If --rate is provided several times, the last set value will be
3927 used.
3928 Examples:
3930 curl --rate 2/s https://example.com ...
3931 curl --rate 3/h https://example.com ...
3932 curl --rate 14/m https://example.com ...
3933 See also --limit-rate and --retry-delay. Added in 7.84.0.
3935 --raw (HTTP) When used, it disables all internal HTTP decoding of con‐
3937 tent or transfer encodings and instead makes them passed on un‐
3938 altered, raw.
3939 Providing --raw multiple times has no extra effect. Disable it
3941 again with --no-raw.
3942 Example:
3944 curl --raw https://example.com
3945 See also --tr-encoding.
3947 -e, --referer <URL>
3949 (HTTP) Sends the "Referrer Page" information to the HTTP server.
3950 This can also be set with the -H, --header flag of course. When
3951 used with -L, --location you can append ";auto" to the -e,
3952 --referer URL to make curl automatically set the previous URL
3953 when it follows a Location: header. The ";auto" string can be
3954 used alone, even if you do not set an initial -e, --referer.
3955 If -e, --referer is provided several times, the last set value
3957 will be used.
3958 Examples:
3960 curl --referer "https://fake.example" https://example.com
3961 curl --referer "https://fake.example;auto" -L https://example.com
3962 curl --referer ";auto" -L https://example.com
3963 See also -A, --user-agent and -H, --header.
3965 -J, --remote-header-name
3967 (HTTP) This option tells the -O, --remote-name option to use the
3968 server-specified Content-Disposition filename instead of ex‐
3969 tracting a filename from the URL. If the server-provided file
3970 name contains a path, that will be stripped off before the file
3971 name is used.
3972 The file is saved in the current directory, or in the directory
3974 specified with --output-dir.
3975 If the server specifies a file name and a file with that name
3977 already exists in the destination directory, it will not be
3978 overwritten and an error will occur - unless you allow it by us‐
3979 ing the --clobber option. If the server does not specify a file
3980 name then this option has no effect.
3981 There's no attempt to decode %-sequences (yet) in the provided
3983 file name, so this option may provide you with rather unexpected
3984 file names.
3985 This feature uses the name from the "filename" field, it does
3987 not yet support the "filename*" field (filenames with explicit
3988 character sets).
3989 WARNING: Exercise judicious use of this option, especially on
3991 Windows. A rogue server could send you the name of a DLL or
3992 other file that could be loaded automatically by Windows or some
3993 third party software.
3994 Providing -J, --remote-header-name multiple times has no extra
3996 effect. Disable it again with --no-remote-header-name.
3997 Example:
3999 curl -OJ https://example.com/file
4000 See also -O, --remote-name.
4002 --remote-name-all
4004 This option changes the default action for all given URLs to be
4005 dealt with as if -O, --remote-name were used for each one. So if
4006 you want to disable that for a specific URL after --remote-name-
4007 all has been used, you must use "-o -" or --no-remote-name.
4008 Providing --remote-name-all multiple times has no extra effect.
4010 Disable it again with --no-remote-name-all.
4011 Example:
4013 curl --remote-name-all ftp://example.com/file1 ftp://example.com/file2
4014 See also -O, --remote-name.
4016 -O, --remote-name
4018 Write output to a local file named like the remote file we get.
4019 (Only the file part of the remote file is used, the path is cut
4020 off.)
4021 The file will be saved in the current working directory. If you
4023 want the file saved in a different directory, make sure you
4024 change the current working directory before invoking curl with
4025 this option or use --output-dir.
4026 The remote file name to use for saving is extracted from the
4028 given URL, nothing else, and if it already exists it will be
4029 overwritten. If you want the server to be able to choose the
4030 file name refer to -J, --remote-header-name which can be used in
4031 addition to this option. If the server chooses a file name and
4032 that name already exists it will not be overwritten.
4033 There is no URL decoding done on the file name. If it has %20 or
4035 other URL encoded parts of the name, they will end up as-is as
4036 file name.
4037 You may use this option as many times as the number of URLs you
4039 have.
4040 -O, --remote-name can be used several times in a command line
4042 Example:
4044 curl -O https://example.com/filename
4045 See also --remote-name-all, --output-dir and -J, --remote-
4047 header-name.
4048 -R, --remote-time
4050 When used, this will make curl attempt to figure out the time‐
4051 stamp of the remote file, and if that is available make the lo‐
4052 cal file get that same timestamp.
4053 Providing -R, --remote-time multiple times has no extra effect.
4055 Disable it again with --no-remote-time.
4056 Example:
4058 curl --remote-time -o foo https://example.com
4059 See also -O, --remote-name and -z, --time-cond.
4061 --remove-on-error
4063 When curl returns an error when told to save output in a local
4064 file, this option removes that saved file before exiting. This
4065 prevents curl from leaving a partial file in the case of an er‐
4066 ror during transfer.
4067 If the output is not a file, this option has no effect.
4069 Providing --remove-on-error multiple times has no extra effect.
4071 Disable it again with --no-remove-on-error.
4072 Example:
4074 curl --remove-on-error -o output https://example.com
4075 See also -f, --fail. Added in 7.83.0.
4077 --request-target <path>
4079 (HTTP) Tells curl to use an alternative "target" (path) instead
4080 of using the path as provided in the URL. Particularly useful
4081 when wanting to issue HTTP requests without leading slash or
4082 other data that does not follow the regular URL pattern, like
4083 "OPTIONS *".
4084 If --request-target is provided several times, the last set
4086 value will be used.
4087 Example:
4089 curl --request-target "*" -X OPTIONS https://example.com
4090 See also -X, --request. Added in 7.55.0.
4092 -X, --request <method>
4094 (HTTP) Specifies a custom request method to use when communicat‐
4095 ing with the HTTP server. The specified request method will be
4096 used instead of the method otherwise used (which defaults to
4097 GET). Read the HTTP 1.1 specification for details and explana‐
4098 tions. Common additional HTTP requests include PUT and DELETE,
4099 but related technologies like WebDAV offers PROPFIND, COPY, MOVE
4100 and more.
4101 Normally you do not need this option. All sorts of GET, HEAD,
4103 POST and PUT requests are rather invoked by using dedicated com‐
4104 mand line options.
4105 This option only changes the actual word used in the HTTP re‐
4107 quest, it does not alter the way curl behaves. So for example if
4108 you want to make a proper HEAD request, using -X HEAD will not
4109 suffice. You need to use the -I, --head option.
4110 The method string you set with -X, --request will be used for
4112 all requests, which if you for example use -L, --location may
4113 cause unintended side-effects when curl does not change request
4114 method according to the HTTP 30x response codes - and similar.
4115 (FTP) Specifies a custom FTP command to use instead of LIST when
4117 doing file lists with FTP.
4118 (POP3) Specifies a custom POP3 command to use instead of LIST or
4120 RETR.
4121 (IMAP) Specifies a custom IMAP command to use instead of LIST.
4124 (Added in 7.30.0)
4125 (SMTP) Specifies a custom SMTP command to use instead of HELP or
4127 VRFY. (Added in 7.34.0)
4128 If -X, --request is provided several times, the last set value
4130 will be used.
4131 Examples:
4133 curl -X "DELETE" https://example.com
4134 curl -X NLST ftp://example.com/
4135 See also --request-target.
4137 --resolve <[+]host:port:addr[,addr]...>
4139 Provide a custom address for a specific host and port pair. Us‐
4140 ing this, you can make the curl requests(s) use a specified ad‐
4141 dress and prevent the otherwise normally resolved address to be
4142 used. Consider it a sort of /etc/hosts alternative provided on
4143 the command line. The port number should be the number used for
4144 the specific protocol the host will be used for. It means you
4145 need several entries if you want to provide address for the same
4146 host but different ports.
4147 By specifying '*' as host you can tell curl to resolve any host
4149 and specific port pair to the specified address. Wildcard is re‐
4150 solved last so any --resolve with a specific host and port will
4151 be used first.
4152 The provided address set by this option will be used even if -4,
4154 --ipv4 or -6, --ipv6 is set to make curl use another IP version.
4155 By prefixing the host with a '+' you can make the entry time out
4157 after curl's default timeout (1 minute). Note that this will
4158 only make sense for long running parallel transfers with a lot
4159 of files. In such cases, if this option is used curl will try to
4160 resolve the host as it normally would once the timeout has ex‐
4161 pired.
4162 Support for providing the IP address within [brackets] was added
4164 in 7.57.0.
4165 Support for providing multiple IP addresses per entry was added
4167 in 7.59.0.
4168 Support for resolving with wildcard was added in 7.64.0.
4170 Support for the '+' prefix was was added in 7.75.0.
4172 This option can be used many times to add many host names to re‐
4174 solve.
4175 --resolve can be used several times in a command line
4177 Example:
4179 curl --resolve example.com:443:127.0.0.1 https://example.com
4180 See also --connect-to and --alt-svc.
4182 --retry-all-errors
4184 Retry on any error. This option is used together with --retry.
4185 This option is the "sledgehammer" of retrying. Do not use this
4187 option by default (eg in curlrc), there may be unintended conse‐
4188 quences such as sending or receiving duplicate data. Do not use
4189 with redirected input or output. You'd be much better off han‐
4190 dling your unique problems in shell script. Please read the ex‐
4191 ample below.
4192 WARNING: For server compatibility curl attempts to retry failed
4194 flaky transfers as close as possible to how they were started,
4195 but this is not possible with redirected input or output. For
4196 example, before retrying it removes output data from a failed
4197 partial transfer that was written to an output file. However
4198 this is not true of data redirected to a | pipe or > file, which
4199 are not reset. We strongly suggest you do not parse or record
4200 output via redirect in combination with this option, since you
4201 may receive duplicate data.
4202 By default curl will not error on an HTTP response code that in‐
4204 dicates an HTTP error, if the transfer was successful. For exam‐
4205 ple, if a server replies 404 Not Found and the reply is fully
4206 received then that is not an error. When --retry is used then
4207 curl will retry on some HTTP response codes that indicate tran‐
4208 sient HTTP errors, but that does not include most 4xx response
4209 codes such as 404. If you want to retry on all response codes
4210 that indicate HTTP errors (4xx and 5xx) then combine with -f,
4211 --fail.
4212 Providing --retry-all-errors multiple times has no extra effect.
4214 Disable it again with --no-retry-all-errors.
4215 Example:
4217 curl --retry 5 --retry-all-errors https://example.com
4218 See also --retry. Added in 7.71.0.
4220 --retry-connrefused
4222 In addition to the other conditions, consider ECONNREFUSED as a
4223 transient error too for --retry. This option is used together
4224 with --retry.
4225 Providing --retry-connrefused multiple times has no extra ef‐
4227 fect. Disable it again with --no-retry-connrefused.
4228 Example:
4230 curl --retry-connrefused --retry 7 https://example.com
4231 See also --retry and --retry-all-errors. Added in 7.52.0.
4233 --retry-delay <seconds>
4235 Make curl sleep this amount of time before each retry when a
4236 transfer has failed with a transient error (it changes the de‐
4237 fault backoff time algorithm between retries). This option is
4238 only interesting if --retry is also used. Setting this delay to
4239 zero will make curl use the default backoff time.
4240 If --retry-delay is provided several times, the last set value
4242 will be used.
4243 Example:
4245 curl --retry-delay 5 --retry 7 https://example.com
4246 See also --retry.
4248 --retry-max-time <seconds>
4250 The retry timer is reset before the first transfer attempt. Re‐
4251 tries will be done as usual (see --retry) as long as the timer
4252 has not reached this given limit. Notice that if the timer has
4253 not reached the limit, the request will be made and while per‐
4254 forming, it may take longer than this given time period. To
4255 limit a single request's maximum time, use -m, --max-time. Set
4256 this option to zero to not timeout retries.
4257 If --retry-max-time is provided several times, the last set
4259 value will be used.
4260 Example:
4262 curl --retry-max-time 30 --retry 10 https://example.com
4263 See also --retry.
4265 --retry <num>
4267 If a transient error is returned when curl tries to perform a
4268 transfer, it will retry this number of times before giving up.
4269 Setting the number to 0 makes curl do no retries (which is the
4270 default). Transient error means either: a timeout, an FTP 4xx
4271 response code or an HTTP 408, 429, 500, 502, 503 or 504 response
4272 code.
4273 When curl is about to retry a transfer, it will first wait one
4275 second and then for all forthcoming retries it will double the
4276 waiting time until it reaches 10 minutes which then will be the
4277 delay between the rest of the retries. By using --retry-delay
4278 you disable this exponential backoff algorithm. See also
4279 --retry-max-time to limit the total time allowed for retries.
4280 Since curl 7.66.0, curl will comply with the Retry-After: re‐
4282 sponse header if one was present to know when to issue the next
4283 retry.
4284 If --retry is provided several times, the last set value will be
4286 used.
4287 Example:
4289 curl --retry 7 https://example.com
4290 See also --retry-max-time.
4292 --sasl-authzid <identity>
4294 Use this authorization identity (authzid), during SASL PLAIN au‐
4295 thentication, in addition to the authentication identity (auth‐
4296 cid) as specified by -u, --user.
4297 If the option is not specified, the server will derive the au‐
4299 thzid from the authcid, but if specified, and depending on the
4300 server implementation, it may be used to access another user's
4301 inbox, that the user has been granted access to, or a shared
4302 mailbox for example.
4303 If --sasl-authzid is provided several times, the last set value
4305 will be used.
4306 Example:
4308 curl --sasl-authzid zid imap://example.com/
4309 See also --login-options. Added in 7.66.0.
4311 --sasl-ir
4313 Enable initial response in SASL authentication.
4314 Providing --sasl-ir multiple times has no extra effect. Disable
4316 it again with --no-sasl-ir.
4317 Example:
4319 curl --sasl-ir imap://example.com/
4320 See also --sasl-authzid. Added in 7.31.0.
4322 --service-name <name>
4324 This option allows you to change the service name for SPNEGO.
4325 Examples: --negotiate --service-name sockd would use
4327 sockd/server-name.
4328 If --service-name is provided several times, the last set value
4330 will be used.
4331 Example:
4333 curl --service-name sockd/server https://example.com
4334 See also --negotiate and --proxy-service-name. Added in 7.43.0.
4336 -S, --show-error
4338 When used with -s, --silent, it makes curl show an error message
4339 if it fails.
4340 This option is global and does not need to be specified for each
4342 use of --next.
4343 Providing -S, --show-error multiple times has no extra effect.
4345 Disable it again with --no-show-error.
4346 Example:
4348 curl --show-error --silent https://example.com
4349 See also --no-progress-meter.
4351 -s, --silent
4353 Silent or quiet mode. Do not show progress meter or error mes‐
4354 sages. Makes Curl mute. It will still output the data you ask
4355 for, potentially even to the terminal/stdout unless you redirect
4356 it.
4357 Use -S, --show-error in addition to this option to disable
4359 progress meter but still show error messages.
4360 Providing -s, --silent multiple times has no extra effect. Dis‐
4362 able it again with --no-silent.
4363 Example:
4365 curl -s https://example.com
4366 See also -v, --verbose, --stderr and --no-progress-meter.
4368 --socks4 <host[:port]>
4370 Use the specified SOCKS4 proxy. If the port number is not speci‐
4371 fied, it is assumed at port 1080. Using this socket type make
4372 curl resolve the host name and passing the address on to the
4373 proxy.
4374 To specify proxy on a unix domain socket, use localhost for
4376 host, e.g. socks4://localhost/path/to/socket.sock
4377 This option overrides any previous use of -x, --proxy, as they
4379 are mutually exclusive.
4380 This option is superfluous since you can specify a socks4 proxy
4382 with -x, --proxy using a socks4:// protocol prefix.
4383 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
4385 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
4386 such a case curl first connects to the SOCKS proxy and then con‐
4387 nects (through SOCKS) to the HTTP or HTTPS proxy.
4388 If --socks4 is provided several times, the last set value will
4390 be used.
4391 Example:
4393 curl --socks4 hostname:4096 https://example.com
4394 See also --socks4a, --socks5 and --socks5-hostname.
4396 --socks4a <host[:port]>
4398 Use the specified SOCKS4a proxy. If the port number is not spec‐
4399 ified, it is assumed at port 1080. This asks the proxy to re‐
4400 solve the host name.
4401 To specify proxy on a unix domain socket, use localhost for
4403 host, e.g. socks4a://localhost/path/to/socket.sock
4404 This option overrides any previous use of -x, --proxy, as they
4406 are mutually exclusive.
4407 This option is superfluous since you can specify a socks4a proxy
4409 with -x, --proxy using a socks4a:// protocol prefix.
4410 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
4412 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
4413 such a case curl first connects to the SOCKS proxy and then con‐
4414 nects (through SOCKS) to the HTTP or HTTPS proxy.
4415 If --socks4a is provided several times, the last set value will
4417 be used.
4418 Example:
4420 curl --socks4a hostname:4096 https://example.com
4421 See also --socks4, --socks5 and --socks5-hostname.
4423 --socks5-basic
4425 Tells curl to use username/password authentication when connect‐
4426 ing to a SOCKS5 proxy. The username/password authentication is
4427 enabled by default. Use --socks5-gssapi to force GSS-API au‐
4428 thentication to SOCKS5 proxies.
4429 Providing --socks5-basic multiple times has no extra effect.
4431 Example:
4433 curl --socks5-basic --socks5 hostname:4096 https://example.com
4434 See also --socks5. Added in 7.55.0.
4436 --socks5-gssapi-nec
4438 As part of the GSS-API negotiation a protection mode is negoti‐
4439 ated. RFC 1961 says in section 4.3/4.4 it should be protected,
4440 but the NEC reference implementation does not. The option
4441 --socks5-gssapi-nec allows the unprotected exchange of the pro‐
4442 tection mode negotiation.
4443 Providing --socks5-gssapi-nec multiple times has no extra ef‐
4445 fect. Disable it again with --no-socks5-gssapi-nec.
4446 Example:
4448 curl --socks5-gssapi-nec --socks5 hostname:4096 https://example.com
4449 See also --socks5.
4451 --socks5-gssapi-service <name>
4453 The default service name for a socks server is rcmd/server-fqdn.
4454 This option allows you to change it.
4455 Examples: --socks5 proxy-name --socks5-gssapi-service sockd
4457 would use sockd/proxy-name --socks5 proxy-name --socks5-gssapi-
4458 service sockd/real-name would use sockd/real-name for cases
4459 where the proxy-name does not match the principal name.
4460 If --socks5-gssapi-service is provided several times, the last
4462 set value will be used.
4463 Example:
4465 curl --socks5-gssapi-service sockd --socks5 hostname:4096 https://example.com
4466 See also --socks5.
4468 --socks5-gssapi
4470 Tells curl to use GSS-API authentication when connecting to a
4471 SOCKS5 proxy. The GSS-API authentication is enabled by default
4472 (if curl is compiled with GSS-API support). Use --socks5-basic
4473 to force username/password authentication to SOCKS5 proxies.
4474 Providing --socks5-gssapi multiple times has no extra effect.
4476 Disable it again with --no-socks5-gssapi.
4477 Example:
4479 curl --socks5-gssapi --socks5 hostname:4096 https://example.com
4480 See also --socks5. Added in 7.55.0.
4482 --socks5-hostname <host[:port]>
4484 Use the specified SOCKS5 proxy (and let the proxy resolve the
4485 host name). If the port number is not specified, it is assumed
4486 at port 1080.
4487 To specify proxy on a unix domain socket, use localhost for
4489 host, e.g. socks5h://localhost/path/to/socket.sock
4490 This option overrides any previous use of -x, --proxy, as they
4492 are mutually exclusive.
4493 This option is superfluous since you can specify a socks5 host‐
4495 name proxy with -x, --proxy using a socks5h:// protocol prefix.
4496 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
4498 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
4499 such a case curl first connects to the SOCKS proxy and then con‐
4500 nects (through SOCKS) to the HTTP or HTTPS proxy.
4501 If --socks5-hostname is provided several times, the last set
4503 value will be used.
4504 Example:
4506 curl --socks5-hostname proxy.example:7000 https://example.com
4507 See also --socks5 and --socks4a.
4509 --socks5 <host[:port]>
4511 Use the specified SOCKS5 proxy - but resolve the host name lo‐
4512 cally. If the port number is not specified, it is assumed at
4513 port 1080.
4514 To specify proxy on a unix domain socket, use localhost for
4516 host, e.g. socks5://localhost/path/to/socket.sock
4517 This option overrides any previous use of -x, --proxy, as they
4519 are mutually exclusive.
4520 This option is superfluous since you can specify a socks5 proxy
4522 with -x, --proxy using a socks5:// protocol prefix.
4523 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
4525 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
4526 such a case curl first connects to the SOCKS proxy and then con‐
4527 nects (through SOCKS) to the HTTP or HTTPS proxy.
4528 This option (as well as --socks4) does not work with IPV6, FTPS
4530 or LDAP.
4531 If --socks5 is provided several times, the last set value will
4533 be used.
4534 Example:
4536 curl --socks5 proxy.example:7000 https://example.com
4537 See also --socks5-hostname and --socks4a.
4539 -Y, --speed-limit <speed>
4541 If a transfer is slower than this given speed (in bytes per sec‐
4542 ond) for speed-time seconds it gets aborted. speed-time is set
4543 with -y, --speed-time and is 30 if not set.
4544 If -Y, --speed-limit is provided several times, the last set
4546 value will be used.
4547 Example:
4549 curl --speed-limit 300 --speed-time 10 https://example.com
4550 See also -y, --speed-time, --limit-rate and -m, --max-time.
4552 -y, --speed-time <seconds>
4554 If a transfer runs slower than speed-limit bytes per second dur‐
4555 ing a speed-time period, the transfer is aborted. If speed-time
4556 is used, the default speed-limit will be 1 unless set with -Y,
4557 --speed-limit.
4558 This option controls transfers (in both directions) but will not
4560 affect slow connects etc. If this is a concern for you, try the
4561 --connect-timeout option.
4562 If -y, --speed-time is provided several times, the last set
4564 value will be used.
4565 Example:
4567 curl --speed-limit 300 --speed-time 10 https://example.com
4568 See also -Y, --speed-limit and --limit-rate.
4570 --ssl-allow-beast
4572 This option tells curl to not work around a security flaw in the
4573 SSL3 and TLS1.0 protocols known as BEAST. If this option is not
4574 used, the SSL layer may use workarounds known to cause interop‐
4575 erability problems with some older SSL implementations.
4576 WARNING: this option loosens the SSL security, and by using this
4578 flag you ask for exactly that.
4579 Providing --ssl-allow-beast multiple times has no extra effect.
4581 Disable it again with --no-ssl-allow-beast.
4582 Example:
4584 curl --ssl-allow-beast https://example.com
4585 See also --proxy-ssl-allow-beast and -k, --insecure.
4587 --ssl-auto-client-cert
4589 Tell libcurl to automatically locate and use a client certifi‐
4590 cate for authentication, when requested by the server. This op‐
4591 tion is only supported for Schannel (the native Windows SSL li‐
4592 brary). Prior to 7.77.0 this was the default behavior in libcurl
4593 with Schannel. Since the server can request any certificate that
4594 supports client authentication in the OS certificate store it
4595 could be a privacy violation and unexpected.
4596 Providing --ssl-auto-client-cert multiple times has no extra ef‐
4598 fect. Disable it again with --no-ssl-auto-client-cert.
4599 Example:
4601 curl --ssl-auto-client-cert https://example.com
4602 See also --proxy-ssl-auto-client-cert. Added in 7.77.0.
4604 --ssl-no-revoke
4606 (Schannel) This option tells curl to disable certificate revoca‐
4607 tion checks. WARNING: this option loosens the SSL security, and
4608 by using this flag you ask for exactly that.
4609 Providing --ssl-no-revoke multiple times has no extra effect.
4611 Disable it again with --no-ssl-no-revoke.
4612 Example:
4614 curl --ssl-no-revoke https://example.com
4615 See also --crlfile. Added in 7.44.0.
4617 --ssl-reqd
4619 (FTP IMAP POP3 SMTP LDAP) Require SSL/TLS for the connection.
4620 Terminates the connection if the transfer cannot be upgraded to
4621 use SSL/TLS.
4622 This option is handled in LDAP since version 7.81.0. It is fully
4624 supported by the OpenLDAP backend and rejected by the generic
4625 ldap backend if explicit TLS is required.
4626 This option is unnecessary if you use a URL scheme that in it‐
4628 self implies immediate and implicit use of TLS, like for FTPS,
4629 IMAPS, POP3S, SMTPS and LDAPS. Such transfers will always fail
4630 if the TLS handshake does not work.
4631 This option was formerly known as --ftp-ssl-reqd.
4633 Providing --ssl-reqd multiple times has no extra effect. Dis‐
4635 able it again with --no-ssl-reqd.
4636 Example:
4638 curl --ssl-reqd ftp://example.com
4639 See also --ssl and -k, --insecure.
4641 --ssl-revoke-best-effort
4643 (Schannel) This option tells curl to ignore certificate revoca‐
4644 tion checks when they failed due to missing/offline distribution
4645 points for the revocation check lists.
4646 Providing --ssl-revoke-best-effort multiple times has no extra
4648 effect. Disable it again with --no-ssl-revoke-best-effort.
4649 Example:
4651 curl --ssl-revoke-best-effort https://example.com
4652 See also --crlfile and -k, --insecure. Added in 7.70.0.
4654 --ssl (FTP IMAP POP3 SMTP LDAP) Warning: this is considered an inse‐
4656 cure option. Consider using --ssl-reqd instead to be sure curl
4657 upgrades to a secure connection.
4658 Try to use SSL/TLS for the connection. Reverts to a non-secure
4660 connection if the server does not support SSL/TLS. See also
4661 --ftp-ssl-control and --ssl-reqd for different levels of encryp‐
4662 tion required.
4663 This option is handled in LDAP since version 7.81.0. It is fully
4665 supported by the OpenLDAP backend and ignored by the generic
4666 ldap backend.
4667 Please note that a server may close the connection if the nego‐
4669 tiation does not succeed.
4670 This option was formerly known as --ftp-ssl. That option name
4672 can still be used but will be removed in a future version.
4673 Providing --ssl multiple times has no extra effect. Disable it
4675 again with --no-ssl.
4676 Example:
4678 curl --ssl pop3://example.com/
4679 See also --ssl-reqd, -k, --insecure and --ciphers.
4681 -2, --sslv2
4683 (SSL) This option previously asked curl to use SSLv2, but start‐
4684 ing in curl 7.77.0 this instruction is ignored. SSLv2 is widely
4685 considered insecure (see RFC 6176).
4686 Providing -2, --sslv2 multiple times has no extra effect.
4688 Example:
4690 curl --sslv2 https://example.com
4691 See also --http1.1 and --http2. -2, --sslv2 requires that the
4693 underlying libcurl was built to support TLS. This option is mu‐
4694 tually exclusive to -3, --sslv3 and -1, --tlsv1 and --tlsv1.1
4695 and --tlsv1.2.
4696 -3, --sslv3
4698 (SSL) This option previously asked curl to use SSLv3, but start‐
4699 ing in curl 7.77.0 this instruction is ignored. SSLv3 is widely
4700 considered insecure (see RFC 7568).
4701 Providing -3, --sslv3 multiple times has no extra effect.
4703 Example:
4705 curl --sslv3 https://example.com
4706 See also --http1.1 and --http2. -3, --sslv3 requires that the
4708 underlying libcurl was built to support TLS. This option is mu‐
4709 tually exclusive to -2, --sslv2 and -1, --tlsv1 and --tlsv1.1
4710 and --tlsv1.2.
4711 --stderr <file>
4713 Redirect all writes to stderr to the specified file instead. If
4714 the file name is a plain '-', it is instead written to stdout.
4715 This option is global and does not need to be specified for each
4717 use of --next.
4718 If --stderr is provided several times, the last set value will
4720 be used.
4721 Example:
4723 curl --stderr output.txt https://example.com
4724 See also -v, --verbose and -s, --silent.
4726 --styled-output
4728 Enables the automatic use of bold font styles when writing HTTP
4729 headers to the terminal. Use --no-styled-output to switch them
4730 off.
4731 Styled output requires a terminal that supports bold fonts. This
4733 feature is not present on curl for Windows due to lack of this
4734 capability.
4735 This option is global and does not need to be specified for each
4737 use of --next.
4738 Providing --styled-output multiple times has no extra effect.
4740 Disable it again with --no-styled-output.
4741 Example:
4743 curl --styled-output -I https://example.com
4744 See also -I, --head and -v, --verbose. Added in 7.61.0.
4746 --suppress-connect-headers
4748 When -p, --proxytunnel is used and a CONNECT request is made do
4749 not output proxy CONNECT response headers. This option is meant
4750 to be used with -D, --dump-header or -i, --include which are
4751 used to show protocol headers in the output. It has no effect on
4752 debug options such as -v, --verbose or --trace, or any statis‐
4753 tics.
4754 Providing --suppress-connect-headers multiple times has no extra
4756 effect. Disable it again with --no-suppress-connect-headers.
4757 Example:
4759 curl --suppress-connect-headers --include -x proxy https://example.com
4760 See also -D, --dump-header, -i, --include and -p, --proxytunnel.
4762 Added in 7.54.0.
4763 --tcp-fastopen
4765 Enable use of TCP Fast Open (RFC7413).
4766 Providing --tcp-fastopen multiple times has no extra effect.
4768 Disable it again with --no-tcp-fastopen.
4769 Example:
4771 curl --tcp-fastopen https://example.com
4772 See also --false-start. Added in 7.49.0.
4774 --tcp-nodelay
4776 Turn on the TCP_NODELAY option. See the curl_easy_setopt(3) man
4777 page for details about this option.
4778 Since 7.50.2, curl sets this option by default and you need to
4780 explicitly switch it off if you do not want it on.
4781 Providing --tcp-nodelay multiple times has no extra effect.
4783 Disable it again with --no-tcp-nodelay.
4784 Example:
4786 curl --tcp-nodelay https://example.com
4787 See also -N, --no-buffer.
4789 -t, --telnet-option <opt=val>
4791 Pass options to the telnet protocol. Supported options are:
4792 TTYPE=<term> Sets the terminal type.
4794 XDISPLOC=<X display> Sets the X display location.
4796 NEW_ENV=<var,val> Sets an environment variable.
4798 -t, --telnet-option can be used several times in a command line
4800 Example:
4802 curl -t TTYPE=vt100 telnet://example.com/
4803 See also -K, --config.
4805 --tftp-blksize <value>
4807 (TFTP) Set TFTP BLKSIZE option (must be >512). This is the block
4808 size that curl will try to use when transferring data to or from
4809 a TFTP server. By default 512 bytes will be used.
4810 If --tftp-blksize is provided several times, the last set value
4812 will be used.
4813 Example:
4815 curl --tftp-blksize 1024 tftp://example.com/file
4816 See also --tftp-no-options.
4818 --tftp-no-options
4820 (TFTP) Tells curl not to send TFTP options requests.
4821 This option improves interop with some legacy servers that do
4823 not acknowledge or properly implement TFTP options. When this
4824 option is used --tftp-blksize is ignored.
4825 Providing --tftp-no-options multiple times has no extra effect.
4827 Disable it again with --no-tftp-no-options.
4828 Example:
4830 curl --tftp-no-options tftp://192.168.0.1/
4831 See also --tftp-blksize. Added in 7.48.0.
4833 -z, --time-cond <time>
4835 (HTTP FTP) Request a file that has been modified later than the
4836 given time and date, or one that has been modified before that
4837 time. The <date expression> can be all sorts of date strings or
4838 if it does not match any internal ones, it is taken as a file‐
4839 name and tries to get the modification date (mtime) from <file>
4840 instead. See the curl_getdate(3) man pages for date expression
4841 details.
4842 Start the date expression with a dash (-) to make it request for
4844 a document that is older than the given date/time, default is a
4845 document that is newer than the specified date/time.
4846 If -z, --time-cond is provided several times, the last set value
4848 will be used.
4849 Examples:
4851 curl -z "Wed 01 Sep 2021 12:18:00" https://example.com
4852 curl -z "-Wed 01 Sep 2021 12:18:00" https://example.com
4853 curl -z file https://example.com
4854 See also --etag-compare and -R, --remote-time.
4856 --tls-max <VERSION>
4858 (SSL) VERSION defines maximum supported TLS version. The minimum
4859 acceptable version is set by tlsv1.0, tlsv1.1, tlsv1.2 or
4860 tlsv1.3.
4861 If the connection is done without TLS, this option has no ef‐
4863 fect. This includes QUIC-using (HTTP/3) transfers.
4864 default
4867 Use up to recommended TLS version.
4868 1.0 Use up to TLSv1.0.
4870 1.1 Use up to TLSv1.1.
4872 1.2 Use up to TLSv1.2.
4874 1.3 Use up to TLSv1.3.
4876 If --tls-max is provided several times, the last set value will be
4878 used.
4879 Examples:
4881 curl --tls-max 1.2 https://example.com
4882 curl --tls-max 1.3 --tlsv1.2 https://example.com
4883 See also --tlsv1.0, --tlsv1.1, --tlsv1.2 and --tlsv1.3. --tls-max re‐
4885 quires that the underlying libcurl was built to support TLS. Added in
4886 7.54.0.
4887 --tls13-ciphers <ciphersuite list>
4889 (TLS) Specifies which cipher suites to use in the connection if
4890 it negotiates TLS 1.3. The list of ciphers suites must specify
4891 valid ciphers. Read up on TLS 1.3 cipher suite details on this
4892 URL:
4893 https://curl.se/docs/ssl-ciphers.html
4895 This option is currently used only when curl is built to use
4897 OpenSSL 1.1.1 or later. If you are using a different SSL backend
4898 you can try setting TLS 1.3 cipher suites by using the --ciphers
4899 option.
4900 If --tls13-ciphers is provided several times, the last set value
4902 will be used.
4903 Example:
4905 curl --tls13-ciphers TLS_AES_128_GCM_SHA256 https://example.com
4906 See also --ciphers and --curves. Added in 7.61.0.
4908 --tlsauthtype <type>
4910 Set TLS authentication type. Currently, the only supported op‐
4911 tion is "SRP", for TLS-SRP (RFC 5054). If --tlsuser and
4912 --tlspassword are specified but --tlsauthtype is not, then this
4913 option defaults to "SRP". This option works only if the underly‐
4914 ing libcurl is built with TLS-SRP support, which requires
4915 OpenSSL or GnuTLS with TLS-SRP support.
4916 If --tlsauthtype is provided several times, the last set value
4918 will be used.
4919 Example:
4921 curl --tlsauthtype SRP https://example.com
4922 See also --tlsuser.
4924 --tlspassword <string>
4926 Set password for use with the TLS authentication method speci‐
4927 fied with --tlsauthtype. Requires that --tlsuser also be set.
4928 This option does not work with TLS 1.3.
4930 If --tlspassword is provided several times, the last set value
4932 will be used.
4933 Example:
4935 curl --tlspassword pwd --tlsuser user https://example.com
4936 See also --tlsuser.
4938 --tlsuser <name>
4940 Set username for use with the TLS authentication method speci‐
4941 fied with --tlsauthtype. Requires that --tlspassword also is
4942 set.
4943 This option does not work with TLS 1.3.
4945 If --tlsuser is provided several times, the last set value will
4947 be used.
4948 Example:
4950 curl --tlspassword pwd --tlsuser user https://example.com
4951 See also --tlspassword.
4953 --tlsv1.0
4955 (TLS) Forces curl to use TLS version 1.0 or later when connect‐
4956 ing to a remote TLS server.
4957 In old versions of curl this option was documented to allow
4959 _only_ TLS 1.0. That behavior was inconsistent depending on the
4960 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
4961 sion.
4962 Providing --tlsv1.0 multiple times has no extra effect.
4964 Example:
4966 curl --tlsv1.0 https://example.com
4967 See also --tlsv1.3. Added in 7.34.0.
4969 --tlsv1.1
4971 (TLS) Forces curl to use TLS version 1.1 or later when connect‐
4972 ing to a remote TLS server.
4973 In old versions of curl this option was documented to allow
4975 _only_ TLS 1.1. That behavior was inconsistent depending on the
4976 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
4977 sion.
4978 Providing --tlsv1.1 multiple times has no extra effect.
4980 Example:
4982 curl --tlsv1.1 https://example.com
4983 See also --tlsv1.3 and --tls-max. Added in 7.34.0.
4985 --tlsv1.2
4987 (TLS) Forces curl to use TLS version 1.2 or later when connect‐
4988 ing to a remote TLS server.
4989 In old versions of curl this option was documented to allow
4991 _only_ TLS 1.2. That behavior was inconsistent depending on the
4992 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
4993 sion.
4994 Providing --tlsv1.2 multiple times has no extra effect.
4996 Example:
4998 curl --tlsv1.2 https://example.com
4999 See also --tlsv1.3 and --tls-max. Added in 7.34.0.
5001 --tlsv1.3
5003 (TLS) Forces curl to use TLS version 1.3 or later when connect‐
5004 ing to a remote TLS server.
5005 If the connection is done without TLS, this option has no ef‐
5007 fect. This includes QUIC-using (HTTP/3) transfers.
5008 Note that TLS 1.3 is not supported by all TLS backends.
5010 Providing --tlsv1.3 multiple times has no extra effect.
5012 Example:
5014 curl --tlsv1.3 https://example.com
5015 See also --tlsv1.2 and --tls-max. Added in 7.52.0.
5017 -1, --tlsv1
5019 (SSL) Tells curl to use at least TLS version 1.x when negotiat‐
5020 ing with a remote TLS server. That means TLS version 1.0 or
5021 higher
5022 Providing -1, --tlsv1 multiple times has no extra effect.
5024 Example:
5026 curl --tlsv1 https://example.com
5027 See also --http1.1 and --http2. -1, --tlsv1 requires that the
5029 underlying libcurl was built to support TLS. This option is mu‐
5030 tually exclusive to --tlsv1.1 and --tlsv1.2 and --tlsv1.3.
5031 --tr-encoding
5033 (HTTP) Request a compressed Transfer-Encoding response using one
5034 of the algorithms curl supports, and uncompress the data while
5035 receiving it.
5036 Providing --tr-encoding multiple times has no extra effect.
5038 Disable it again with --no-tr-encoding.
5039 Example:
5041 curl --tr-encoding https://example.com
5042 See also --compressed.
5044 --trace-ascii <file>
5046 Enables a full trace dump of all incoming and outgoing data, in‐
5047 cluding descriptive information, to the given output file. Use
5048 "-" as filename to have the output sent to stdout.
5049 This is similar to --trace, but leaves out the hex part and only
5051 shows the ASCII part of the dump. It makes smaller output that
5052 might be easier to read for untrained humans.
5053 This option is global and does not need to be specified for each
5055 use of --next.
5056 If --trace-ascii is provided several times, the last set value
5058 will be used.
5059 Example:
5061 curl --trace-ascii log.txt https://example.com
5062 See also -v, --verbose and --trace. This option is mutually ex‐
5064 clusive to --trace and -v, --verbose.
5065 --trace-time
5067 Prepends a time stamp to each trace or verbose line that curl
5068 displays.
5069 This option is global and does not need to be specified for each
5071 use of --next.
5072 Providing --trace-time multiple times has no extra effect. Dis‐
5074 able it again with --no-trace-time.
5075 Example:
5077 curl --trace-time --trace-ascii output https://example.com
5078 See also --trace and -v, --verbose.
5080 --trace <file>
5082 Enables a full trace dump of all incoming and outgoing data, in‐
5083 cluding descriptive information, to the given output file. Use
5084 "-" as filename to have the output sent to stdout. Use "%" as
5085 filename to have the output sent to stderr.
5086 This option is global and does not need to be specified for each
5088 use of --next.
5089 If --trace is provided several times, the last set value will be
5091 used.
5092 Example:
5094 curl --trace log.txt https://example.com
5095 See also --trace-ascii and --trace-time. This option is mutually
5097 exclusive to -v, --verbose and --trace-ascii.
5098 --unix-socket <path>
5100 (HTTP) Connect through this Unix domain socket, instead of using
5101 the network.
5102 If --unix-socket is provided several times, the last set value
5104 will be used.
5105 Example:
5107 curl --unix-socket socket-path https://example.com
5108 See also --abstract-unix-socket. Added in 7.40.0.
5110 -T, --upload-file <file>
5112 This transfers the specified local file to the remote URL. If
5113 there is no file part in the specified URL, curl will append the
5114 local file name. NOTE that you must use a trailing / on the last
5115 directory to really prove to Curl that there is no file name or
5116 curl will think that your last directory name is the remote file
5117 name to use. That will most likely cause the upload operation to
5118 fail. If this is used on an HTTP(S) server, the PUT command will
5119 be used.
5120 Use the file name "-" (a single dash) to use stdin instead of a
5122 given file. Alternately, the file name "." (a single period)
5123 may be specified instead of "-" to use stdin in non-blocking
5124 mode to allow reading server output while stdin is being up‐
5125 loaded.
5126 You can specify one -T, --upload-file for each URL on the com‐
5128 mand line. Each -T, --upload-file + URL pair specifies what to
5129 upload and to where. curl also supports "globbing" of the -T,
5130 --upload-file argument, meaning that you can upload multiple
5131 files to a single URL by using the same URL globbing style sup‐
5132 ported in the URL.
5133 When uploading to an SMTP server: the uploaded data is assumed
5135 to be RFC 5322 formatted. It has to feature the necessary set of
5136 headers and mail body formatted correctly by the user as curl
5137 will not transcode nor encode it further in any way.
5138 -T, --upload-file can be used several times in a command line
5140 Examples:
5142 curl -T file https://example.com
5143 curl -T "img[1-1000].png" ftp://ftp.example.com/
5144 curl --upload-file "{file1,file2}" https://example.com
5145 See also -G, --get and -I, --head.
5147 --url-query <data>
5149 (all) This option adds a piece of data, usually a name + value
5150 pair, to the end of the URL query part. The syntax is identical
5151 to that used for --data-urlencode with one extension:
5152 If the argument starts with a '+' (plus), the rest of the string
5154 is provided as-is unencoded.
5155 The query part of a URL is the one following the question mark
5157 on the right end.
5158 --url-query can be used several times in a command line
5160 Examples:
5162 curl --url-query name=val https://example.com
5163 curl --url-query =encodethis http://example.net/foo
5164 curl --url-query name@file https://example.com
5165 curl --url-query @fileonly https://example.com
5166 curl --url-query "+name=%20foo" https://example.com
5167 See also --data-urlencode and -G, --get. Added in 7.87.0.
5169 --url <url>
5171 Specify a URL to fetch. This option is mostly handy when you
5172 want to specify URL(s) in a config file.
5173 If the given URL is missing a scheme name (such as "http://" or
5175 "ftp://" etc) then curl will make a guess based on the host. If
5176 the outermost sub-domain name matches DICT, FTP, IMAP, LDAP,
5177 POP3 or SMTP then that protocol will be used, otherwise HTTP
5178 will be used. Since 7.45.0 guessing can be disabled by setting a
5179 default protocol, see --proto-default for details.
5180 To control where this URL is written, use the -o, --output or
5182 the -O, --remote-name options.
5183 WARNING: On Windows, particular file:// accesses can be con‐
5185 verted to network accesses by the operating system. Beware!
5186 --url can be used several times in a command line
5188 Example:
5190 curl --url https://example.com
5191 See also -:, --next and -K, --config.
5193 -B, --use-ascii
5195 (FTP LDAP) Enable ASCII transfer. For FTP, this can also be en‐
5196 forced by using a URL that ends with ";type=A". This option
5197 causes data sent to stdout to be in text mode for win32 systems.
5198 Providing -B, --use-ascii multiple times has no extra effect.
5200 Disable it again with --no-use-ascii.
5201 Example:
5203 curl -B ftp://example.com/README
5204 See also --crlf and --data-ascii.
5206 -A, --user-agent <name>
5208 (HTTP) Specify the User-Agent string to send to the HTTP server.
5209 To encode blanks in the string, surround the string with single
5210 quote marks. This header can also be set with the -H, --header
5211 or the --proxy-header options.
5212 If you give an empty argument to -A, --user-agent (""), it will
5214 remove the header completely from the request. If you prefer a
5215 blank header, you can set it to a single space (" ").
5216 If -A, --user-agent is provided several times, the last set
5218 value will be used.
5219 Example:
5221 curl -A "Agent 007" https://example.com
5222 See also -H, --header and --proxy-header.
5224 -u, --user <user:password>
5226 Specify the user name and password to use for server authentica‐
5227 tion. Overrides -n, --netrc and --netrc-optional.
5228 If you simply specify the user name, curl will prompt for a
5230 password.
5231 The user name and passwords are split up on the first colon,
5233 which makes it impossible to use a colon in the user name with
5234 this option. The password can, still.
5235 On systems where it works, curl will hide the given option argu‐
5237 ment from process listings. This is not enough to protect cre‐
5238 dentials from possibly getting seen by other users on the same
5239 system as they will still be visible for a moment before
5240 cleared. Such sensitive data should be retrieved from a file in‐
5241 stead or similar and never used in clear text in a command line.
5242 When using Kerberos V5 with a Windows based server you should
5244 include the Windows domain name in the user name, in order for
5245 the server to successfully obtain a Kerberos Ticket. If you do
5246 not, then the initial authentication handshake may fail.
5247 When using NTLM, the user name can be specified simply as the
5249 user name, without the domain, if there is a single domain and
5250 forest in your setup for example.
5251 To specify the domain name use either Down-Level Logon Name or
5253 UPN (User Principal Name) formats. For example, EXAMPLE\user and
5254 user@example.com respectively.
5255 If you use a Windows SSPI-enabled curl binary and perform Ker‐
5257 beros V5, Negotiate, NTLM or Digest authentication then you can
5258 tell curl to select the user name and password from your envi‐
5259 ronment by specifying a single colon with this option: "-u :".
5260 If -u, --user is provided several times, the last set value will
5262 be used.
5263 Example:
5265 curl -u user:secret https://example.com
5266 See also -n, --netrc and -K, --config.
5268 -v, --verbose
5270 Makes curl verbose during the operation. Useful for debugging
5271 and seeing what's going on "under the hood". A line starting
5272 with '>' means "header data" sent by curl, '<' means "header
5273 data" received by curl that is hidden in normal cases, and a
5274 line starting with '*' means additional info provided by curl.
5275 If you only want HTTP headers in the output, -i, --include or
5277 -D, --dump-header might be more suitable options.
5278 If you think this option still does not give you enough details,
5280 consider using --trace or --trace-ascii instead.
5281 This option is global and does not need to be specified for each
5283 use of --next.
5284 Providing -v, --verbose multiple times has no extra effect.
5286 Disable it again with --no-verbose.
5287 Example:
5289 curl --verbose https://example.com
5290 See also -i, --include, -s, --silent, --trace and --trace-ascii.
5292 This option is mutually exclusive to --trace and --trace-ascii.
5293 -V, --version
5295 Displays information about curl and the libcurl version it uses.
5296 The first line includes the full version of curl, libcurl and
5298 other 3rd party libraries linked with the executable.
5299 The second line (starts with "Protocols:") shows all protocols
5301 that libcurl reports to support.
5302 The third line (starts with "Features:") shows specific features
5304 libcurl reports to offer. Available features include:
5305 alt-svc
5307 Support for the Alt-Svc: header is provided.
5308 AsynchDNS
5310 This curl uses asynchronous name resolves. Asynchronous
5311 name resolves can be done using either the c-ares or the
5312 threaded resolver backends.
5313 brotli Support for automatic brotli compression over HTTP(S).
5315 CharConv
5317 curl was built with support for character set conversions
5318 (like EBCDIC)
5319 Debug This curl uses a libcurl built with Debug. This enables
5321 more error-tracking and memory debugging etc. For curl-
5322 developers only!
5323 gsasl The built-in SASL authentication includes extensions to
5325 support SCRAM because libcurl was built with libgsasl.
5326 GSS-API
5328 GSS-API is supported.
5329 HSTS HSTS support is present.
5331 HTTP2 HTTP/2 support has been built-in.
5333 HTTP3 HTTP/3 support has been built-in.
5335 HTTPS-proxy
5337 This curl is built to support HTTPS proxy.
5338 IDN This curl supports IDN - international domain names.
5340 IPv6 You can use IPv6 with this.
5342 Kerberos
5344 Kerberos V5 authentication is supported.
5345 Largefile
5347 This curl supports transfers of large files, files larger
5348 than 2GB.
5349 libz Automatic decompression (via gzip, deflate) of compressed
5351 files over HTTP is supported.
5352 MultiSSL
5354 This curl supports multiple TLS backends.
5355 NTLM NTLM authentication is supported.
5357 NTLM_WB
5359 NTLM delegation to winbind helper is supported.
5360 PSL PSL is short for Public Suffix List and means that this
5362 curl has been built with knowledge about "public suf‐
5363 fixes".
5364 SPNEGO SPNEGO authentication is supported.
5366 SSL SSL versions of various protocols are supported, such as
5368 HTTPS, FTPS, POP3S and so on.
5369 SSPI SSPI is supported.
5371 TLS-SRP
5373 SRP (Secure Remote Password) authentication is supported
5374 for TLS.
5375 TrackMemory
5377 Debug memory tracking is supported.
5378 Unicode
5380 Unicode support on Windows.
5381 UnixSockets
5383 Unix sockets support is provided.
5384 zstd Automatic decompression (via zstd) of compressed files
5386 over HTTP is supported.
5387 Example:
5389 curl --version
5390 See also -h, --help and -M, --manual.
5392 -w, --write-out <format>
5394 Make curl display information on stdout after a completed trans‐
5395 fer. The format is a string that may contain plain text mixed
5396 with any number of variables. The format can be specified as a
5397 literal "string", or you can have curl read the format from a
5398 file with "@filename" and to tell curl to read the format from
5399 stdin you write "@-".
5400 The variables present in the output format will be substituted
5402 by the value or text that curl thinks fit, as described below.
5403 All variables are specified as %{variable_name} and to output a
5404 normal % you just write them as %%. You can output a newline by
5405 using \n, a carriage return with \r and a tab space with \t.
5406 The output will be written to standard output, but this can be
5408 switched to standard error by using %{stderr}.
5409 Output HTTP headers from the most recent request by using
5411 %header{name} where name is the case insensitive name of the
5412 header (without the trailing colon). The header contents are ex‐
5413 actly as sent over the network, with leading and trailing white‐
5414 space trimmed. Added in curl 7.84.0.
5415 NOTE: In Windows the %-symbol is a special symbol used to expand
5417 environment variables. In batch files all occurrences of % must
5418 be doubled when using this option to properly escape. If this
5419 option is used at the command prompt then the % cannot be es‐
5420 caped and unintended expansion is possible.
5421 The variables available are:
5423 certs Output the certificate chain with details. Sup‐
5425 ported only by the OpenSSL, GnuTLS, Schannel,
5426 NSS, GSKit and Secure Transport backends (Added
5427 in 7.88.0)
5428 content_type The Content-Type of the requested document, if
5430 there was any.
5431 errormsg The error message. (Added in 7.75.0)
5433 exitcode The numerical exitcode of the transfer. (Added in
5435 7.75.0)
5436 filename_effective
5438 The ultimate filename that curl writes out to.
5439 This is only meaningful if curl is told to write
5440 to a file with the -O, --remote-name or -o,
5441 --output option. It's most useful in combination
5442 with the -J, --remote-header-name option.
5443 ftp_entry_path The initial path curl ended up in when logging on
5445 to the remote FTP server.
5446 header_json A JSON object with all HTTP response headers from
5448 the recent transfer. Values are provided as ar‐
5449 rays, since in the case of multiple headers there
5450 can be multiple values. (Added in 7.83.0)
5451 The header names provided in lowercase, listed in
5453 order of appearance over the wire. Except for du‐
5454 plicated headers. They are grouped on the first
5455 occurrence of that header, each value is pre‐
5456 sented in the JSON array.
5457 http_code The numerical response code that was found in the
5459 last retrieved HTTP(S) or FTP(s) transfer.
5460 http_connect The numerical code that was found in the last re‐
5462 sponse (from a proxy) to a curl CONNECT request.
5463 http_version The http version that was effectively used.
5465 (Added in 7.50.0)
5466 json A JSON object with all available keys.
5468 local_ip The IP address of the local end of the most re‐
5470 cently done connection - can be either IPv4 or
5471 IPv6.
5472 local_port The local port number of the most recently done
5474 connection.
5475 method The http method used in the most recent HTTP re‐
5477 quest. (Added in 7.72.0)
5478 num_certs Number of server certificates received in the TLS
5480 handshake. Supported only by the OpenSSL, GnuTLS,
5481 Schannel, NSS, GSKit and Secure Transport back‐
5482 ends (Added in 7.88.0)
5483 num_connects Number of new connects made in the recent trans‐
5485 fer.
5486 num_headers The number of response headers in the most recent
5488 request (restarted at each redirect). Note that
5489 the status line IS NOT a header. (Added in
5490 7.73.0)
5491 num_redirects Number of redirects that were followed in the re‐
5493 quest.
5494 onerror The rest of the output is only shown if the
5496 transfer returned a non-zero error (Added in
5497 7.75.0)
5498 proxy_ssl_verify_result
5500 The result of the HTTPS proxy's SSL peer certifi‐
5501 cate verification that was requested. 0 means the
5502 verification was successful. (Added in 7.52.0)
5503 redirect_url When an HTTP request was made without -L, --loca‐
5505 tion to follow redirects (or when --max-redirs is
5506 met), this variable will show the actual URL a
5507 redirect would have gone to.
5508 referer The Referer: header, if there was any. (Added in
5510 7.76.0)
5511 remote_ip The remote IP address of the most recently done
5513 connection - can be either IPv4 or IPv6.
5514 remote_port The remote port number of the most recently done
5516 connection.
5517 response_code The numerical response code that was found in the
5519 last transfer (formerly known as "http_code").
5520 scheme The URL scheme (sometimes called protocol) that
5522 was effectively used. (Added in 7.52.0)
5523 size_download The total amount of bytes that were downloaded.
5525 This is the size of the body/data that was trans‐
5526 ferred, excluding headers.
5527 size_header The total amount of bytes of the downloaded head‐
5529 ers.
5530 size_request The total amount of bytes that were sent in the
5532 HTTP request.
5533 size_upload The total amount of bytes that were uploaded.
5535 This is the size of the body/data that was trans‐
5536 ferred, excluding headers.
5537 speed_download The average download speed that curl measured for
5539 the complete download. Bytes per second.
5540 speed_upload The average upload speed that curl measured for
5542 the complete upload. Bytes per second.
5543 ssl_verify_result
5545 The result of the SSL peer certificate verifica‐
5546 tion that was requested. 0 means the verification
5547 was successful.
5548 stderr From this point on, the -w, --write-out output
5550 will be written to standard error. (Added in
5551 7.63.0)
5552 stdout From this point on, the -w, --write-out output
5554 will be written to standard output. This is the
5555 default, but can be used to switch back after
5556 switching to stderr. (Added in 7.63.0)
5557 time_appconnect
5559 The time, in seconds, it took from the start un‐
5560 til the SSL/SSH/etc connect/handshake to the re‐
5561 mote host was completed.
5562 time_connect The time, in seconds, it took from the start un‐
5564 til the TCP connect to the remote host (or proxy)
5565 was completed.
5566 time_namelookup
5568 The time, in seconds, it took from the start un‐
5569 til the name resolving was completed.
5570 time_pretransfer
5572 The time, in seconds, it took from the start un‐
5573 til the file transfer was just about to begin.
5574 This includes all pre-transfer commands and nego‐
5575 tiations that are specific to the particular pro‐
5576 tocol(s) involved.
5577 time_redirect The time, in seconds, it took for all redirection
5579 steps including name lookup, connect, pretransfer
5580 and transfer before the final transaction was
5581 started. time_redirect shows the complete execu‐
5582 tion time for multiple redirections.
5583 time_starttransfer
5585 The time, in seconds, it took from the start un‐
5586 til the first byte was just about to be trans‐
5587 ferred. This includes time_pretransfer and also
5588 the time the server needed to calculate the re‐
5589 sult.
5590 time_total The total time, in seconds, that the full opera‐
5592 tion lasted.
5593 url The URL that was fetched. (Added in 7.75.0)
5595 urlnum The URL index number of this transfer, 0-indexed.
5597 De-globbed URLs share the same index number as
5598 the origin globbed URL. (Added in 7.75.0)
5599 url_effective The URL that was fetched last. This is most mean‐
5601 ingful if you have told curl to follow location:
5602 headers.
5603 If -w, --write-out is provided several times, the last set value
5605 will be used.
5606 Example:
5608 curl -w '%{http_code}\n' https://example.com
5609 See also -v, --verbose and -I, --head.
5611 --xattr
5613 When saving output to a file, this option tells curl to store
5614 certain file metadata in extended file attributes. Currently,
5615 the URL is stored in the xdg.origin.url attribute and, for HTTP,
5616 the content type is stored in the mime_type attribute. If the
5617 file system does not support extended attributes, a warning is
5618 issued.
5619 Providing --xattr multiple times has no extra effect. Disable
5621 it again with --no-xattr.
5622 Example:
5624 curl --xattr -o storage https://example.com
5625 See also -R, --remote-time, -w, --write-out and -v, --verbose.
5627
5629 ~/.curlrc
5630 Default config file, see -K, --config for details.
5631
5633 The environment variables can be specified in lower case or upper case.
5634 The lower case version has precedence. http_proxy is an exception as it
5635 is only available in lower case.
5636 Using an environment variable to set the proxy has the same effect as
5638 using the -x, --proxy option.
5639 http_proxy [protocol://]<host>[:port]
5642 Sets the proxy server to use for HTTP.
5643 HTTPS_PROXY [protocol://]<host>[:port]
5645 Sets the proxy server to use for HTTPS.
5646 [url-protocol]_PROXY [protocol://]<host>[:port]
5648 Sets the proxy server to use for [url-protocol], where the pro‐
5649 tocol is a protocol that curl supports and as specified in a
5650 URL. FTP, FTPS, POP3, IMAP, SMTP, LDAP, etc.
5651 ALL_PROXY [protocol://]<host>[:port]
5653 Sets the proxy server to use if no protocol-specific proxy is
5654 set.
5655 NO_PROXY <comma-separated list of hosts/domains>
5657 list of host names that should not go through any proxy. If set
5658 to an asterisk '*' only, it matches all hosts. Each name in this
5659 list is matched as either a domain name which contains the host‐
5660 name, or the hostname itself.
5661 This environment variable disables use of the proxy even when
5663 specified with the -x, --proxy option. That is NO_PROXY=di‐
5664 rect.example.com curl -x http://proxy.example.com http://di‐
5665 rect.example.com accesses the target URL directly, and
5666 NO_PROXY=direct.example.com curl -x http://proxy.example.com
5667 http://somewhere.example.com accesses the target URL through the
5668 proxy.
5669 The list of host names can also be include numerical IP ad‐
5671 dresses, and IPv6 versions should then be given without enclos‐
5672 ing brackets.
5673 Since 7.86.0, IP addresses can be specified using CIDR notation:
5675 an appended slash and number specifies the number of "network
5676 bits" out of the address to use in the comparison. For example
5677 "192.168.0.0/16" would match all addresses starting with
5678 "192.168".
5679 APPDATA <dir>
5681 On Windows, this variable is used when trying to find the home
5682 directory. If the primary home variable are all unset.
5683 COLUMNS <terminal width>
5685 If set, the specified number of characters will be used as the
5686 terminal width when the alternative progress-bar is shown. If
5687 not set, curl will try to figure it out using other ways.
5688 CURL_CA_BUNDLE <file>
5690 If set, will be used as the --cacert value.
5691 CURL_HOME <dir>
5693 If set, is the first variable curl checks when trying to find
5694 its home directory. If not set, it continues to check XDG_CON‐
5695 FIG_HOME
5696 CURL_SSL_BACKEND <TLS backend>
5698 If curl was built with support for "MultiSSL", meaning that it
5699 has built-in support for more than one TLS backend, this envi‐
5700 ronment variable can be set to the case insensitive name of the
5701 particular backend to use when curl is invoked. Setting a name
5702 that is not a built-in alternative will make curl stay with the
5703 default.
5704 SSL backend names (case-insensitive): bearssl, gnutls, gskit,
5706 mbedtls, nss, openssl, rustls, schannel, secure-transport, wolf‐
5707 ssl
5708 HOME <dir>
5710 If set, this is used to find the home directory when that is
5711 needed. Like when looking for the default .curlrc. CURL_HOME and
5712 XDG_CONFIG_HOME have preference.
5713 QLOGDIR <directory name>
5715 If curl was built with HTTP/3 support, setting this environment
5716 variable to a local directory will make curl produce qlogs in
5717 that directory, using file names named after the destination
5718 connection id (in hex). Do note that these files can become
5719 rather large. Works with both QUIC backends.
5720 SHELL Used on VMS when trying to detect if using a DCL or a "unix"
5722 shell.
5723 SSL_CERT_DIR <dir>
5725 If set, will be used as the --capath value.
5726 SSL_CERT_FILE <path>
5728 If set, will be used as the --cacert value.
5729 SSLKEYLOGFILE <file name>
5731 If you set this environment variable to a file name, curl will
5732 store TLS secrets from its connections in that file when invoked
5733 to enable you to analyze the TLS traffic in real time using net‐
5734 work analyzing tools such as Wireshark. This works with the fol‐
5735 lowing TLS backends: OpenSSL, libressl, BoringSSL, GnuTLS, NSS
5736 and wolfSSL.
5737 USERPROFILE <dir>
5739 On Windows, this variable is used when trying to find the home
5740 directory. If the other, primary, variable are all unset. If
5741 set, curl will use the path "$USERPROFILE\Application Data".
5742 XDG_CONFIG_HOME <dir>
5744 If CURL_HOME is not set, this variable is checked when looking
5745 for a default .curlrc file.
5746
5748 The proxy string may be specified with a protocol:// prefix to specify
5749 alternative proxy protocols.
5750 If no protocol is specified in the proxy string or if the string does
5752 not match a supported one, the proxy will be treated as an HTTP proxy.
5753 The supported proxy protocol prefixes are as follows:
5755 http://
5757 Makes it use it as an HTTP proxy. The default if no scheme pre‐
5758 fix is used.
5759 https://
5761 Makes it treated as an HTTPS proxy.
5762 socks4://
5764 Makes it the equivalent of --socks4
5765 socks4a://
5767 Makes it the equivalent of --socks4a
5768 socks5://
5770 Makes it the equivalent of --socks5
5771 socks5h://
5773 Makes it the equivalent of --socks5-hostname
5774
5776 There are a bunch of different error codes and their corresponding er‐
5777 ror messages that may appear under error conditions. At the time of
5778 this writing, the exit codes are:
5779 0 Success. The operation completed successfully according to the
5781 instructions.
5782 1 Unsupported protocol. This build of curl has no support for this
5784 protocol.
5785 2 Failed to initialize.
5787 3 URL malformed. The syntax was not correct.
5789 4 A feature or option that was needed to perform the desired re‐
5791 quest was not enabled or was explicitly disabled at build-time.
5792 To make curl able to do this, you probably need another build of
5793 libcurl.
5794 5 Could not resolve proxy. The given proxy host could not be re‐
5796 solved.
5797 6 Could not resolve host. The given remote host could not be re‐
5799 solved.
5800 7 Failed to connect to host.
5802 8 Weird server reply. The server sent data curl could not parse.
5804 9 FTP access denied. The server denied login or denied access to
5806 the particular resource or directory you wanted to reach. Most
5807 often you tried to change to a directory that does not exist on
5808 the server.
5809 10 FTP accept failed. While waiting for the server to connect back
5811 when an active FTP session is used, an error code was sent over
5812 the control connection or similar.
5813 11 FTP weird PASS reply. Curl could not parse the reply sent to the
5815 PASS request.
5816 12 During an active FTP session while waiting for the server to
5818 connect back to curl, the timeout expired.
5819 13 FTP weird PASV reply, Curl could not parse the reply sent to the
5821 PASV request.
5822 14 FTP weird 227 format. Curl could not parse the 227-line the
5824 server sent.
5825 15 FTP cannot use host. Could not resolve the host IP we got in the
5827 227-line.
5828 16 HTTP/2 error. A problem was detected in the HTTP2 framing layer.
5830 This is somewhat generic and can be one out of several problems,
5831 see the error message for details.
5832 17 FTP could not set binary. Could not change transfer method to
5834 binary.
5835 18 Partial file. Only a part of the file was transferred.
5837 19 FTP could not download/access the given file, the RETR (or simi‐
5839 lar) command failed.
5840 21 FTP quote error. A quote command returned error from the server.
5842 22 HTTP page not retrieved. The requested URL was not found or re‐
5844 turned another error with the HTTP error code being 400 or
5845 above. This return code only appears if -f, --fail is used.
5846 23 Write error. Curl could not write data to a local filesystem or
5848 similar.
5849 25 FTP could not STOR file. The server denied the STOR operation,
5851 used for FTP uploading.
5852 26 Read error. Various reading problems.
5854 27 Out of memory. A memory allocation request failed.
5856 28 Operation timeout. The specified time-out period was reached ac‐
5858 cording to the conditions.
5859 30 FTP PORT failed. The PORT command failed. Not all FTP servers
5861 support the PORT command, try doing a transfer using PASV in‐
5862 stead!
5863 31 FTP could not use REST. The REST command failed. This command is
5865 used for resumed FTP transfers.
5866 33 HTTP range error. The range "command" did not work.
5868 34 HTTP post error. Internal post-request generation error.
5870 35 SSL connect error. The SSL handshaking failed.
5872 36 Bad download resume. Could not continue an earlier aborted down‐
5874 load.
5875 37 FILE could not read file. Failed to open the file. Permissions?
5877 38 LDAP cannot bind. LDAP bind operation failed.
5879 39 LDAP search failed.
5881 41 Function not found. A required LDAP function was not found.
5883 42 Aborted by callback. An application told curl to abort the oper‐
5885 ation.
5886 43 Internal error. A function was called with a bad parameter.
5888 45 Interface error. A specified outgoing interface could not be
5890 used.
5891 47 Too many redirects. When following redirects, curl hit the maxi‐
5893 mum amount.
5894 48 Unknown option specified to libcurl. This indicates that you
5896 passed a weird option to curl that was passed on to libcurl and
5897 rejected. Read up in the manual!
5898 49 Malformed telnet option.
5900 52 The server did not reply anything, which here is considered an
5902 error.
5903 53 SSL crypto engine not found.
5905 54 Cannot set SSL crypto engine as default.
5907 55 Failed sending network data.
5909 56 Failure in receiving network data.
5911 58 Problem with the local certificate.
5913 59 Could not use specified SSL cipher.
5915 60 Peer certificate cannot be authenticated with known CA certifi‐
5917 cates.
5918 61 Unrecognized transfer encoding.
5920 63 Maximum file size exceeded.
5922 64 Requested FTP SSL level failed.
5924 65 Sending the data requires a rewind that failed.
5926 66 Failed to initialise SSL Engine.
5928 67 The user name, password, or similar was not accepted and curl
5930 failed to log in.
5931 68 File not found on TFTP server.
5933 69 Permission problem on TFTP server.
5935 70 Out of disk space on TFTP server.
5937 71 Illegal TFTP operation.
5939 72 Unknown TFTP transfer ID.
5941 73 File already exists (TFTP).
5943 74 No such user (TFTP).
5945 77 Problem reading the SSL CA cert (path? access rights?).
5947 78 The resource referenced in the URL does not exist.
5949 79 An unspecified error occurred during the SSH session.
5951 80 Failed to shut down the SSL connection.
5953 82 Could not load CRL file, missing or wrong format.
5955 83 Issuer check failed.
5957 84 The FTP PRET command failed.
5959 85 Mismatch of RTSP CSeq numbers.
5961 86 Mismatch of RTSP Session Identifiers.
5963 87 Unable to parse FTP file list.
5965 88 FTP chunk callback reported error.
5967 89 No connection available, the session will be queued.
5969 90 SSL public key does not matched pinned public key.
5971 91 Invalid SSL certificate status.
5973 92 Stream error in HTTP/2 framing layer.
5975 93 An API function was called from inside a callback.
5977 94 An authentication function returned an error.
5979 95 A problem was detected in the HTTP/3 layer. This is somewhat
5981 generic and can be one out of several problems, see the error
5982 message for details.
5983 96 QUIC connection error. This error may be caused by an SSL li‐
5985 brary error. QUIC is the protocol used for HTTP/3 transfers.
5986 97 Proxy handshake error.
5988 98 A client-side certificate is required to complete the TLS hand‐
5990 shake.
5991 99 Poll or select returned fatal error.
5993 XX More error codes will appear here in future releases. The exist‐
5995 ing ones are meant to never change.
5996
5998 If you experience any problems with curl, submit an issue in the
5999 project's bug tracker on GitHub: https://github.com/curl/curl/issues
6000
6002 Daniel Stenberg is the main author, but the whole list of contributors
6003 is found in the separate THANKS file.
6004
6006 https://curl.se
6007
6009 ftp(1), wget(1)
6010curl 8.0.0 March 18 2023 curl(1)