{
    "content": [
        {
            "type": "text",
            "text": "# curl (man)\n\n**Summary:** curl - transfer a URL\n\n## Flags\n\n| Flag | Long | Arg | Description |\n|------|------|-----|-------------|\n| — | --abstract-unix-socket | <path> | (HTTP) Connect through an abstract Unix domain socket, instead of using the network. Note: netstat shows the path of an  |\n| — | --alt-svc | — | (HTTPS) This option enables the alt-svc parser in curl. If the file name points to an existing alt-svc cache file, that  |\n| — | --anyauth | — | (HTTP) Tells curl to figure out authentication method by itself, and use the most se‐ cure one the remote site claims to |\n| -a | --append | — | (FTP SFTP) When used in an upload, this makes curl append to the target file instead of overwriting it. If the remote fi |\n| — | --basic | — | (HTTP) Tells curl to use HTTP Basic authentication with the remote host. This is the default and this option is usually  |\n| — | --cacert | <file> | (TLS) Tells curl to use the specified certificate file to verify the peer. The file may contain multiple CA certificates |\n| — | --capath | <dir> | (TLS) Tells curl to use the specified certificate directory to verify the peer. Multi‐ ple paths can be provided by sepa |\n| — | --cert-status | — | (TLS) Tells curl to verify the status of the server certificate by using the Certifi‐ cate Status Request (aka. OCSP sta |\n| — | --cert-type | <type> | (TLS) Tells curl what type the provided client certificate is using. PEM, DER, ENG and P12 are recognized types. If not  |\n| — | --ciphers | — | (TLS) Specifies which ciphers to use in the connection. The list of ciphers must spec‐ ify valid ciphers. Read up on SSL |\n| — | --compressed-ssh | — | (SCP SFTP) Enables built-in SSH compression. This is a request, not an order; the server may or may not do it. Example:  |\n| — | --compressed | — | (HTTP) Request a compressed response using one of the algorithms curl supports, and automatically decompress the content |\n| -K | --config | <file> | Specify a text file to read curl arguments from. The command line arguments found in the text file will be used as if th |\n| — | --connect-timeout | — | Maximum time in seconds that you allow curl's connection to take. This only limits the connection phase, so if curl conn |\n| — | --connect-to | <HOST1:PORT1:HOST2:PORT2> | For a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead. This op‐ tion is suitable to direct request |\n| -C | --continue-at | <offset> | Continue/Resume a previous file transfer at the given offset. The given offset is the exact number of bytes that will be |\n| -c | --cookie-jar | <filename> | (HTTP) Specify to which file you want curl to write all cookies after a completed op‐ eration. Curl writes all cookies f |\n| -b | --cookie | <data|filename> | (HTTP) Pass the data to the HTTP server in the Cookie header. It is supposedly the data previously received from the ser |\n| — | --create-dirs | — | When used in conjunction with the -o, --output option, curl will create the necessary local directory hierarchy as neede |\n| — | --create-file-mode | <mode> | (SFTP SCP FILE) When curl is used to create files remotely using one of the supported protocols, this option allows the  |\n| — | --crlfile | <file> | (TLS) Provide a file using PEM format with a Certificate Revocation List that may specify peer certificates that are to  |\n| — | --curves | — | (TLS) Tells curl to request specific curves to use during SSL session establishment according to RFC 8422, 5.1. Multiple |\n| — | --data-ascii | <data> | (HTTP) This is just an alias for -d, --data. Example: curl --data-ascii @file https://example.com See also --data-binary |\n| — | --data-binary | <data> | (HTTP) This posts data exactly as specified with no extra processing whatsoever. If you start the data with the letter @ |\n| — | --data-raw | <data> | (HTTP) This posts data similarly to -d, --data but without the special interpretation of the @ character. Examples: curl |\n| — | --data-urlencode | <data> | (HTTP) This posts data, similar to the other -d, --data options with the exception that this performs URL-encoding. To b |\n| -d | --data | <data> | (HTTP MQTT) Sends the specified data in a POST request to the HTTP server, in the same way that a browser does when a us |\n| — | --delegation | <LEVEL> | (GSS/kerberos) Set LEVEL to tell the server what it is allowed to delegate when it comes to user credentials. none Do no |\n| — | --digest | — | (HTTP) Enables HTTP Digest authentication. This is an authentication scheme that pre‐ vents the password from being sent |\n| — | --disable-eprt | — | (FTP) Tell curl to disable the use of the EPRT and LPRT commands when doing active FTP transfers. Curl will normally alw |\n| — | --disable-epsv | — | (FTP) Tell curl to disable the use of the EPSV command when doing passive FTP trans‐ fers. Curl will normally always fir |\n| -q | --disable | — | If used as the first parameter on the command line, the curlrc config file will not be read and used. See the -K, --conf |\n| — | --disallow-username-in-url | — | (HTTP) This tells curl to exit if passed a url containing a username. This is probably most useful when the URL is being |\n| — | --dns-interface | <interface> | (DNS) Tell curl to send outgoing DNS requests through <interface>. This option is a counterpart to --interface (which do |\n| — | --dns-ipv4-addr | <address> | (DNS) Tell curl to bind to <ip-address> when making IPv4 DNS requests, so that the DNS requests originate from this addr |\n| — | --dns-ipv6-addr | <address> | (DNS) Tell curl to bind to <ip-address> when making IPv6 DNS requests, so that the DNS requests originate from this addr |\n| — | --dns-servers | <addresses> | Set the list of DNS servers to be used instead of the system default. The list of IP addresses should be separated with  |\n| — | --doh-cert-status | — | Same as --cert-status but used for DoH (DNS-over-HTTPS). Example: curl --doh-cert-status --doh-url https://doh.example h |\n| — | --doh-insecure | — | Same as -k, --insecure but used for DoH (DNS-over-HTTPS). Example: curl --doh-insecure --doh-url https://doh.example htt |\n| — | --doh-url | <URL> | Specifies which DNS-over-HTTPS (DoH) server to use to resolve hostnames, instead of using the default name resolver mech |\n| -D | --dump-header | <filename> | (HTTP FTP) Write the received protocol headers to the specified file. If no headers are received, the use of this option |\n| — | --egd-file | <file> | (TLS) Specify the path name to the Entropy Gathering Daemon socket. The socket is used to seed the random engine for SSL |\n| — | --engine | <name> | (TLS) Select the OpenSSL crypto engine to use for cipher operations. Use --engine list to print a list of build-time sup |\n| — | --etag-compare | <file> | (HTTP) This option makes a conditional HTTP request for the specific ETag read from the given file by sending a custom I |\n| — | --etag-save | <file> | (HTTP) This option saves an HTTP ETag to the specified file. An ETag is a caching re‐ lated header, usually returned in  |\n| — | --expect100-timeout | <seconds> | (HTTP) Maximum time in seconds that you allow curl to wait for a 100-continue response when curl emits an Expects: 100-c |\n| — | --fail-early | — | Fail and exit on the first detected transfer error. When curl is used to do multiple transfers on the command line, it w |\n| — | --fail-with-body | — | (HTTP) Return an error on server errors where the HTTP response code is 400 or greater). In normal cases when an HTTP se |\n| -f | --fail | — | (HTTP) Fail silently (no output at all) on server errors. This is mostly done to en‐ able scripts etc to better deal wit |\n| — | --false-start | — | (TLS) Tells curl to use false start during the TLS handshake. False start is a mode where a TLS client will start sendin |\n| — | --form-escape | — | (HTTP) Tells curl to pass on names of multipart form fields and files using backslash- escaping instead of percent-encod |\n| — | --form-string | <name=string> | (HTTP SMTP IMAP) Similar to -F, --form except that the value string for the named pa‐ rameter is used literally. Leading |\n| -F | --form | <name=content> | (HTTP SMTP IMAP) For HTTP protocol family, this lets curl emulate a filled-in form in which a user has pressed the submi |\n| — | --ftp-account | <data> | (FTP) When an FTP server asks for \"account data\" after user name and password has been provided, this data is sent off u |\n| — | --ftp-alternative-to-user | <command> | (FTP) If authenticating with the USER and PASS commands fails, send this command. When connecting to Tumbleweed's Secure |\n| — | --ftp-create-dirs | — | (FTP SFTP) When an FTP or SFTP URL/operation uses a path that does not currently exist on the server, the standard behav |\n| — | --ftp-method | <method> | (FTP) Control what method curl should use to reach a file on an FTP(S) server. The method argument should be one of the  |\n| — | --ftp-pasv | — | (FTP) Use passive mode for the data connection. Passive is the internal default behav‐ ior, but using this option can be |\n| -P | --ftp-port | <address> | (FTP) Reverses the default initiator/listener roles when connecting with FTP. This op‐ tion makes curl use active mode.  |\n| — | --ftp-pret | — | (FTP) Tell curl to send a PRET command before PASV (and EPSV). Certain FTP servers, mainly drftpd, require this non-stan |\n| — | --ftp-skip-pasv-ip | — | (FTP) Tell curl to not use the IP address the server suggests in its response to curl's PASV command when curl connects  |\n| — | --ftp-ssl-ccc-mode | <active/passive> | (FTP) Sets the CCC mode. The passive mode will not initiate the shutdown, but instead wait for the server to do it, and  |\n| — | --ftp-ssl-ccc | — | (FTP) Use CCC (Clear Command Channel) Shuts down the SSL/TLS layer after authenticat‐ ing. The rest of the control chann |\n| — | --ftp-ssl-control | — | (FTP) Require SSL/TLS for the FTP login, clear for transfer. Allows secure authenti‐ cation, but non-encrypted data tran |\n| -G | --get | — | When used, this option will make all data specified with -d, --data, --data-binary or --data-urlencode to be used in an  |\n| -g | --globoff | — | This option switches off the \"URL globbing parser\". When you set this option, you can specify URLs that contain the lett |\n| — | --happy-eyeballs-timeout-ms | <milliseconds> | Happy Eyeballs is an algorithm that attempts to connect to both IPv4 and IPv6 ad‐ dresses for dual-stack hosts, giving I |\n| — | --haproxy-protocol | — | (HTTP) Send a HAProxy PROXY protocol v1 header at the beginning of the connection. This is used by some load balancers a |\n| -I | --head | — | (HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the command HEAD which this uses to get nothing but the hea |\n| -H | --header | <header/@file> | (HTTP) Extra header to include in the request when sending HTTP to a server. You may specify any number of extra headers |\n| -h | --help | <category> | Usage help. This lists all commands of the <category>. If no arg was provided, curl will display the most important comm |\n| — | --hostpubmd5 | <md5> | (SFTP SCP) Pass a string containing 32 hexadecimal digits. The string should be the 128 bit MD5 checksum of the remote h |\n| — | --hostpubsha256 | <sha256> | (SFTP SCP) Pass a string containing a Base64-encoded SHA256 hash of the remote host's public key. Curl will refuse the c |\n| — | --hsts | — | (HTTPS) This option enables HSTS for the transfer. If the file name points to an ex‐ isting HSTS cache file, that will b |\n| — | --http2-prior-knowledge | — | (HTTP) Tells curl to issue its non-TLS HTTP requests using HTTP/2 without HTTP/1.1 Up‐ grade. It requires prior knowledg |\n| — | --http2 | — | (HTTP) Tells curl to use HTTP version 2. For HTTPS, this means curl will attempt to negotiate HTTP/2 in the TLS handshak |\n| — | --http3 | — | (HTTP) WARNING: this option is experimental. Do not use in production. Tells curl to use HTTP version 3 directly to the  |\n| — | --ignore-content-length | — | (FTP HTTP) For HTTP, Ignore the Content-Length header. This is particularly useful for servers running Apache 1.x, which |\n| -i | --include | — | Include the HTTP response headers in the output. The HTTP response headers can include things like server name, cookies, |\n| -k | --insecure | — | (TLS SFTP SCP) By default, every secure connection curl makes is verified to be secure before the transfer takes place.  |\n| — | --interface | <name> | Perform an operation using a specified interface. You can enter interface name, IP ad‐ dress or host name. An example co |\n| -j | --junk-session-cookies | — | (HTTP) When curl is told to read cookies from a given file, this option will make it discard all \"session cookies\". This |\n| — | --keepalive-time | <seconds> | This option sets the time a connection needs to remain idle before sending keepalive probes and the time between individ |\n| — | --key-type | <type> | (TLS) Private key file type. Specify which type your --key provided private key is. DER, PEM, and ENG are supported. If  |\n| — | --key | <key> | (TLS SSH) Private key file name. Allows you to provide your private key in this sepa‐ rate file. For SSH, if not specifi |\n| — | --krb | <level> | (FTP) Enable Kerberos authentication and use. The level must be entered and should be one of 'clear', 'safe', 'confident |\n| — | --libcurl | <file> | Append this option to any ordinary curl command line, and you will get libcurl-using C source code written to the file t |\n| — | --limit-rate | <speed> | Specify the maximum transfer rate you want curl to use - for both downloads and up‐ loads. This feature is useful if you |\n| -l | --list-only | — | (FTP POP3) (FTP) When listing an FTP directory, this switch forces a name-only view. This is especially useful if the us |\n| — | --local-port | <num/range> | Set a preferred single number or range (FROM-TO) of local port numbers to use for the connection(s). Note that port numb |\n| — | --location-trusted | — | (HTTP) Like -L, --location, but will allow sending the name + password to all hosts that the site may redirect to. This  |\n| -L | --location | — | (HTTP) If the server reports that the requested page has moved to a different location (indicated with a Location: heade |\n| — | --login-options | <options> | (IMAP POP3 SMTP) Specify the login options to use during server authentication. You can use login options to specify pro |\n| — | --mail-auth | <address> | (SMTP) Specify a single address. This will be used to specify the authentication ad‐ dress (identity) of a submitted mes |\n| — | --mail-from | <address> | (SMTP) Specify a single address that the given mail should get sent from. Example: curl --mail-from user@example.com -T  |\n| — | --mail-rcpt-allowfails | — | (SMTP) When sending data to multiple recipients, by default curl will abort SMTP con‐ versation if at least one of the r |\n| — | --mail-rcpt | <address> | (SMTP) Specify a single email address, user name or mailing list name. Repeat this op‐ tion several times to send to mul |\n| -M | --manual | — | Manual. Display the huge help text. Example: curl --manual See also -v, --verbose, --libcurl and --trace. |\n| — | --max-filesize | <bytes> | (FTP HTTP MQTT) Specify the maximum size (in bytes) of a file to download. If the file requested is larger than this val |\n| — | --max-redirs | <num> | (HTTP) Set maximum number of redirections to follow. When -L, --location is used, to prevent curl from following too man |\n| -m | --max-time | — | Maximum time in seconds that you allow the whole operation to take. This is useful for preventing your batch jobs from h |\n| — | --metalink | — | This option was previously used to specify a metalink resource. Metalink support has been disabled in curl since 7.78.0  |\n| — | --negotiate | — | (HTTP) Enables Negotiate (SPNEGO) authentication. This option requires a library built with GSS-API or SSPI support. Use |\n| — | --netrc-file | <filename> | This option is similar to -n, --netrc, except that you provide the path (absolute or relative) to the netrc file that cu |\n| — | --netrc-optional | — | Similar to -n, --netrc, but this option makes the .netrc usage optional and not manda‐ tory as the -n, --netrc option do |\n| -n | --netrc | — | Makes curl scan the .netrc (netrc on Windows) file in the user's home directory for login name and password. This is typ |\n| — | --no-alpn | — | (HTTPS) Disable the ALPN TLS extension. ALPN is enabled by default if libcurl was built with an SSL library that support |\n| -N | --no-buffer | — | Disables the buffering of the output stream. In normal work situations, curl will use a standard buffered output stream  |\n| — | --no-keepalive | — | Disables the use of keepalive messages on the TCP connection. curl otherwise enables them by default. Note that this is  |\n| — | --no-npn | — | (HTTPS) Disable the NPN TLS extension. NPN is enabled by default if libcurl was built with an SSL library that supports  |\n| — | --no-progress-meter | — | Option to switch off the progress meter output without muting or otherwise affecting warning and informational messages  |\n| — | --no-sessionid | — | (TLS) Disable curl's use of SSL session-ID caching. By default all transfers are done using the cache. Note that while n |\n| — | --noproxy | <no-proxy-list> | Comma-separated list of hosts for which not to use a proxy, if one is specified. The only wildcard is a single * charact |\n| — | --ntlm-wb | — | (HTTP) Enables NTLM much in the style --ntlm does, but hand over the authentication to the separate binary ntlmauth appl |\n| — | --oauth2-bearer | <token> | (IMAP POP3 SMTP HTTP) Specify the Bearer Token for OAUTH 2.0 server authentication. The Bearer Token is used in conjunct |\n| — | --output-dir | <dir> | This option specifies the directory in which files should be stored, when -O, --re‐ mote-name or -o, --output are used.  |\n| -o | --output | <file> | Write output to <file> instead of stdout. If you are using {} or [] to fetch multiple documents, you should quote the UR |\n| — | --parallel-immediate | — | When doing parallel transfers, this option will instruct curl that it should rather prefer opening up more connections i |\n| — | --parallel-max | <num> | When asked to do parallel transfers, using -Z, --parallel, this option controls the maximum amount of transfers to do si |\n| -Z | --parallel | — | Makes curl perform its transfers in parallel as compared to the regular serial manner. This option is global and does no |\n| — | --pass | <phrase> | (SSH TLS) Passphrase for the private key. If this option is used several times, the last one will be used. Example: curl |\n| — | --path-as-is | — | Tell curl to not handle sequences of /../ or /./ in the given URL path. Normally curl will squash or merge them accordin |\n| — | --pinnedpubkey | <hashes> | (TLS) Tells curl to use the specified public key file (or hashes) to verify the peer. This can be a path to a file which |\n| — | --post301 | — | (HTTP) Tells curl to respect RFC 7231/6.4.2 and not convert POST requests into GET re‐ quests when following a 301 redir |\n| — | --post302 | — | (HTTP) Tells curl to respect RFC 7231/6.4.3 and not convert POST requests into GET re‐ quests when following a 302 redir |\n| — | --post303 | — | (HTTP) Tells curl to violate RFC 7231/6.4.4 and not convert POST requests into GET re‐ quests when following 303 redirec |\n| — | --proto-default | <protocol> | Tells curl to use protocol for any URL missing a scheme name. An unknown or unsupported protocol causes error CURLEUNSUP |\n| — | --proto-redir | <protocols> | Tells curl to limit what protocols it may use on redirect. Protocols denied by --proto are not overridden by this option |\n| — | --proto | <protocols> | Tells curl to limit what protocols it may use for transfers. Protocols are evaluated left to right, are comma separated, |\n| — | --proxy-anyauth | — | Tells curl to pick a suitable authentication method when communicating with the given HTTP proxy. This might cause an ex |\n| — | --proxy-basic | — | Tells curl to use HTTP Basic authentication when communicating with the given proxy. Use --basic for enabling HTTP Basic |\n| — | --proxy-cacert | <file> | Same as --cacert but used in HTTPS proxy context. Example: curl --proxy-cacert CA-file.txt -x https://proxy https://exam |\n| — | --proxy-capath | <dir> | Same as --capath but used in HTTPS proxy context. Example: curl --proxy-capath /local/directory -x https://proxy https:/ |\n| — | --proxy-cert-type | <type> | Same as --cert-type but used in HTTPS proxy context. Example: curl --proxy-cert-type PEM --proxy-cert file -x https://pr |\n| — | --proxy-ciphers | <list> | Same as --ciphers but used in HTTPS proxy context. Example: curl --proxy-ciphers ECDHE-ECDSA-AES256-CCM8 -x https://prox |\n| — | --proxy-crlfile | <file> | Same as --crlfile but used in HTTPS proxy context. Example: curl --proxy-crlfile rejects.txt -x https://proxy https://ex |\n| — | --proxy-digest | — | Tells curl to use HTTP Digest authentication when communicating with the given proxy. Use --digest for enabling HTTP Dig |\n| — | --proxy-header | <header/@file> | (HTTP) Extra header to include in the request when sending HTTP to a proxy. You may specify any number of extra headers. |\n| — | --proxy-insecure | — | Same as -k, --insecure but used in HTTPS proxy context. Example: curl --proxy-insecure -x https://proxy https://example. |\n| — | --proxy-key-type | <type> | Same as --key-type but used in HTTPS proxy context. Example: curl --proxy-key-type DER --proxy-key here -x https://proxy |\n| — | --proxy-key | <key> | Same as --key but used in HTTPS proxy context. Example: curl --proxy-key here -x https://proxy https://example.com See a |\n| — | --proxy-negotiate | — | Tells curl to use HTTP Negotiate (SPNEGO) authentication when communicating with the given proxy. Use --negotiate for en |\n| — | --proxy-ntlm | — | Tells curl to use HTTP NTLM authentication when communicating with the given proxy. Use --ntlm for enabling NTLM with a  |\n| — | --proxy-pass | <phrase> | Same as --pass but used in HTTPS proxy context. Example: curl --proxy-pass secret --proxy-key here -x https://proxy http |\n| — | --proxy-pinnedpubkey | <hashes> | (TLS) Tells curl to use the specified public key file (or hashes) to verify the proxy. This can be a path to a file whic |\n| — | --proxy-service-name | <name> | This option allows you to change the service name for proxy negotiation. Example: curl --proxy-service-name \"shrubbery\"  |\n| — | --proxy-ssl-allow-beast | — | Same as --ssl-allow-beast but used in HTTPS proxy context. Example: curl --proxy-ssl-allow-beast -x https://proxy https: |\n| — | --proxy-ssl-auto-client-cert | — | Same as --ssl-auto-client-cert but used in HTTPS proxy context. Example: curl --proxy-ssl-auto-client-cert -x https://pr |\n| — | --proxy-tls13-ciphers | — | (TLS) Specifies which cipher suites to use in the connection to your HTTPS proxy when it negotiates TLS 1.3. The list of |\n| — | --proxy-tlsauthtype | <type> | Same as --tlsauthtype but used in HTTPS proxy context. Example: curl --proxy-tlsauthtype SRP -x https://proxy https://ex |\n| — | --proxy-tlspassword | <string> | Same as --tlspassword but used in HTTPS proxy context. Example: curl --proxy-tlspassword passwd -x https://proxy https:/ |\n| — | --proxy-tlsuser | <name> | Same as --tlsuser but used in HTTPS proxy context. Example: curl --proxy-tlsuser smith -x https://proxy https://example. |\n| — | --proxy-tlsv1 | — | Same as -1, --tlsv1 but used in HTTPS proxy context. Example: curl --proxy-tlsv1 -x https://proxy https://example.com Se |\n| -U | --proxy-user | <user:password> | Specify the user name and password to use for proxy authentication. If you use a Windows SSPI-enabled curl binary and do |\n| -p | --proxytunnel | — | When an HTTP proxy is used -x, --proxy, this option will make curl tunnel through the proxy. The tunnel approach is made |\n| — | --pubkey | <key> | (SFTP SCP) Public key file name. Allows you to provide your public key in this sepa‐ rate file. If this option is used s |\n| -Q | --quote | <command> | (FTP SFTP) Send an arbitrary command to the remote FTP or SFTP server. Quote commands are sent BEFORE the transfer takes |\n| — | --random-file | <file> | Specify the path name to file containing what will be considered as random data. The data may be used to seed the random |\n| -r | --range | <range> | (HTTP FTP SFTP FILE) Retrieve a byte range (i.e. a partial document) from an HTTP/1.1, FTP or SFTP server or a local FIL |\n| -e | --referer | <URL> | (HTTP) Sends the \"Referrer Page\" information to the HTTP server. This can also be set with the -H, --header flag of cour |\n| -J | --remote-header-name | — | (HTTP) This option tells the -O, --remote-name option to use the server-specified Con‐ tent-Disposition filename instead |\n| — | --remote-name-all | — | This option changes the default action for all given URLs to be dealt with as if -O, --remote-name were used for each on |\n| -O | --remote-name | — | Write output to a local file named like the remote file we get. (Only the file part of the remote file is used, the path |\n| -R | --remote-time | — | When used, this will make curl attempt to figure out the timestamp of the remote file, and if that is available make the |\n| — | --request-target | <path> | (HTTP) Tells curl to use an alternative \"target\" (path) instead of using the path as provided in the URL. Particularly u |\n| -X | --request | <method> | (HTTP) Specifies a custom request method to use when communicating with the HTTP server. The specified request method wi |\n| — | --retry-all-errors | — | Retry on any error. This option is used together with --retry. This option is the \"sledgehammer\" of retrying. Do not use |\n| — | --retry-connrefused | — | In addition to the other conditions, consider ECONNREFUSED as a transient error too for --retry. This option is used tog |\n| — | --retry-delay | <seconds> | Make curl sleep this amount of time before each retry when a transfer has failed with a transient error (it changes the  |\n| — | --retry-max-time | <seconds> | The retry timer is reset before the first transfer attempt. Retries will be done as usual (see --retry) as long as the t |\n| — | --retry | <num> | If a transient error is returned when curl tries to perform a transfer, it will retry this number of times before giving |\n| — | --sasl-authzid | <identity> | Use this authorisation identity (authzid), during SASL PLAIN authentication, in addi‐ tion to the authentication identit |\n| — | --sasl-ir | — | Enable initial response in SASL authentication. Example: curl --sasl-ir imap://example.com/ See also --sasl-authzid. Add |\n| — | --service-name | <name> | This option allows you to change the service name for SPNEGO. Examples: --negotiate --service-name sockd would use sockd |\n| -S | --show-error | — | When used with -s, --silent, it makes curl show an error message if it fails. This option is global and does not need to |\n| -s | --silent | — | Silent or quiet mode. Do not show progress meter or error messages. Makes Curl mute. It will still output the data you a |\n| — | --socks5-basic | — | Tells curl to use username/password authentication when connecting to a SOCKS5 proxy. The username/password authenticati |\n| — | --socks5-gssapi-nec | — | As part of the GSS-API negotiation a protection mode is negotiated. RFC 1961 says in section 4.3/4.4 it should be protec |\n| — | --socks5-gssapi-service | <name> | The default service name for a socks server is rcmd/server-fqdn. This option allows you to change it. Examples: --socks5 |\n| — | --socks5-gssapi | — | Tells curl to use GSS-API authentication when connecting to a SOCKS5 proxy. The GSS- API authentication is enabled by de |\n| -Y | --speed-limit | <speed> | If a download is slower than this given speed (in bytes per second) for speed-time seconds it gets aborted. speed-time i |\n| -y | --speed-time | <seconds> | If a download is slower than speed-limit bytes per second during a speed-time period, the download gets aborted. If spee |\n| — | --ssl-allow-beast | — | This option tells curl to not work around a security flaw in the SSL3 and TLS1.0 pro‐ tocols known as BEAST. If this opt |\n| — | --ssl-auto-client-cert | — | Tell libcurl to automatically locate and use a client certificate for authentication, when requested by the server. This |\n| — | --ssl-no-revoke | — | (Schannel) This option tells curl to disable certificate revocation checks. WARNING: this option loosens the SSL securit |\n| — | --ssl-reqd | — | (FTP IMAP POP3 SMTP LDAP) Require SSL/TLS for the connection. Terminates the connec‐ tion if the server does not support |\n| — | --ssl-revoke-best-effort | — | (Schannel) This option tells curl to ignore certificate revocation checks when they failed due to missing/offline distri |\n| — | --stderr | <file> | Redirect all writes to stderr to the specified file instead. If the file name is a plain '-', it is instead written to s |\n| — | --styled-output | — | Enables the automatic use of bold font styles when writing HTTP headers to the termi‐ nal. Use --no-styled-output to swi |\n| — | --suppress-connect-headers | — | When -p, --proxytunnel is used and a CONNECT request is made do not output proxy CON‐ NECT response headers. This option |\n| — | --tcp-fastopen | — | Enable use of TCP Fast Open (RFC7413). Example: curl --tcp-fastopen https://example.com See also --false-start. Added in |\n| — | --tcp-nodelay | — | Turn on the TCPNODELAY option. See the curleasysetopt(3) man page for details about this option. Since 7.50.2, curl sets |\n| -t | --telnet-option | <opt=val> | Pass options to the telnet protocol. Supported options are: TTYPE=<term> Sets the terminal type. XDISPLOC=<X display> Se |\n| — | --tftp-blksize | <value> | (TFTP) Set TFTP BLKSIZE option (must be >512). This is the block size that curl will try to use when transferring data t |\n| — | --tftp-no-options | — | (TFTP) Tells curl not to send TFTP options requests. This option improves interop with some legacy servers that do not a |\n| -z | --time-cond | <time> | (HTTP FTP) Request a file that has been modified later than the given time and date, or one that has been modified befor |\n| — | --tls-max | <VERSION> | (SSL) VERSION defines maximum supported TLS version. The minimum acceptable version is set by tlsv1.0, tlsv1.1, tlsv1.2  |\n| — | --tls13-ciphers | — | (TLS) Specifies which cipher suites to use in the connection if it negotiates TLS 1.3. The list of ciphers suites must s |\n| — | --tlsauthtype | <type> | Set TLS authentication type. Currently, the only supported option is \"SRP\", for TLS- SRP (RFC 5054). If --tlsuser and -- |\n| — | --tlspassword | <string> | Set password for use with the TLS authentication method specified with --tlsauthtype. Requires that --tlsuser also be se |\n| — | --tlsuser | <name> | Set username for use with the TLS authentication method specified with --tlsauthtype. Requires that --tlspassword also i |\n| — | --tr-encoding | — | (HTTP) Request a compressed Transfer-Encoding response using one of the algorithms curl supports, and uncompress the dat |\n| — | --trace-ascii | <file> | Enables a full trace dump of all incoming and outgoing data, including descriptive in‐ formation, to the given output fi |\n| — | --trace-time | — | Prepends a time stamp to each trace or verbose line that curl displays. This option is global and does not need to be sp |\n| — | --trace | <file> | Enables a full trace dump of all incoming and outgoing data, including descriptive in‐ formation, to the given output fi |\n| — | --unix-socket | <path> | (HTTP) Connect through this Unix domain socket, instead of using the network. Example: curl --unix-socket socket-path ht |\n| -T | --upload-file | <file> | This transfers the specified local file to the remote URL. If there is no file part in the specified URL, curl will appe |\n| — | --url | <url> | Specify a URL to fetch. This option is mostly handy when you want to specify URL(s) in a config file. If the given URL i |\n| -B | --use-ascii | — | (FTP LDAP) Enable ASCII transfer. For FTP, this can also be enforced by using a URL that ends with \";type=A\". This optio |\n| -A | --user-agent | <name> | (HTTP) Specify the User-Agent string to send to the HTTP server. To encode blanks in the string, surround the string wit |\n| -u | --user | <user:password> | Specify the user name and password to use for server authentication. Overrides -n, --netrc and --netrc-optional. If you  |\n| -v | --verbose | — | Makes curl verbose during the operation. Useful for debugging and seeing what's going on \"under the hood\". A line starti |\n| -V | --version | — | Displays information about curl and the libcurl version it uses. The first line includes the full version of curl, libcu |\n| -w | --write-out | <format> | Make curl display information on stdout after a completed transfer. The format is a string that may contain plain text m |\n| — | --xattr | — | When saving output to a file, this option tells curl to store certain file metadata in extended file attributes. Current |\n\n## See Also\n\n- ftp(1)\n- wget(1)\n\n## Section Outline\n\n- **NAME** (2 lines)\n- **SYNOPSIS** (1 lines) — 1 subsections\n  - curl [options / URLs] (1 lines)\n- **DESCRIPTION** (11 lines)\n- **URL** (51 lines)\n- **OUTPUT** (8 lines)\n- **PROTOCOLS** (53 lines)\n- **PROGRESS METER** (18 lines)\n- **OPTIONS** (14 lines) — 215 subsections\n  - --abstract-unix-socket <path> (9 lines)\n  - --alt-svc <file name> (15 lines)\n  - --anyauth (17 lines)\n  - -a, --append (26 lines)\n  - --basic (12 lines)\n  - --cacert <file> (33 lines)\n  - --capath <dir> (15 lines)\n  - --cert-status (14 lines)\n  - --cert-type <type> (55 lines)\n  - --ciphers <list of ciphers> (12 lines)\n  - --compressed-ssh (8 lines)\n  - --compressed (12 lines)\n  - -K, --config <file> (67 lines)\n  - --connect-timeout <fractional seconds> (12 lines)\n  - --connect-to <HOST1:PORT1:HOST2:PORT2> (19 lines)\n  - -C, --continue-at <offset> (16 lines)\n  - -c, --cookie-jar <filename> (22 lines)\n  - -b, --cookie <data|filename> (34 lines)\n  - --create-dirs (14 lines)\n  - --create-file-mode <mode> (22 lines)\n  - --crlfile <file> (10 lines)\n  - --curves <algorithm list> (15 lines)\n  - --data-ascii <data> (7 lines)\n  - --data-binary <data> (19 lines)\n  - --data-raw <data> (9 lines)\n  - --data-urlencode <data> (38 lines)\n  - -d, --data <data> (28 lines)\n  - --delegation <LEVEL> (17 lines)\n  - --digest (12 lines)\n  - --disable-eprt (20 lines)\n  - --disable-epsv (18 lines)\n  - -q, --disable (9 lines)\n  - --disallow-username-in-url (8 lines)\n  - --dns-interface <interface> (10 lines)\n  - --dns-ipv4-addr <address> (11 lines)\n  - --dns-ipv6-addr <address> (11 lines)\n  - --dns-servers <addresses> (12 lines)\n  - --doh-cert-status (7 lines)\n  - --doh-insecure (7 lines)\n  - --doh-url <URL> (14 lines)\n  - -D, --dump-header <filename> (13 lines)\n  - --egd-file <file> (8 lines)\n  - --engine <name> (9 lines)\n  - --etag-compare <file> (14 lines)\n  - --etag-save <file> (10 lines)\n  - --expect100-timeout <seconds> (10 lines)\n  - --fail-early (22 lines)\n  - --fail-with-body (13 lines)\n  - -f, --fail (15 lines)\n  - --false-start (12 lines)\n  - --form-escape (8 lines)\n  - --form-string <name=string> (11 lines)\n  - -F, --form <name=content> (122 lines)\n  - --ftp-account <data> (10 lines)\n  - --ftp-alternative-to-user <command> (10 lines)\n  - --ftp-create-dirs (9 lines)\n  - --ftp-method <method> (23 lines)\n  - --ftp-pasv (15 lines)\n  - -P, --ftp-port <address> (34 lines)\n  - --ftp-pret (9 lines)\n  - --ftp-skip-pasv-ip (13 lines)\n  - --ftp-ssl-ccc-mode <active/passive> (9 lines)\n  - --ftp-ssl-ccc (9 lines)\n  - --ftp-ssl-control (9 lines)\n  - -G, --get (18 lines)\n  - -g, --globoff (10 lines)\n  - --happy-eyeballs-timeout-ms <milliseconds> (18 lines)\n  - --haproxy-protocol (12 lines)\n  - -I, --head (9 lines)\n  - -H, --header <header/@file> (38 lines)\n  - -h, --help <category> (10 lines)\n  - --hostpubmd5 <md5> (9 lines)\n  - --hostpubsha256 <sha256> (8 lines)\n  - --hsts <file name> (47 lines)\n  - --http2-prior-knowledge (12 lines)\n  - --http2 (15 lines)\n  - --http3 (17 lines)\n  - --ignore-content-length (14 lines)\n  - -i, --include (10 lines)\n  - -k, --insecure (21 lines)\n  - --interface <name> (34 lines)\n  - -j, --junk-session-cookies (10 lines)\n  - --keepalive-time <seconds> (14 lines)\n  - --key-type <type> (10 lines)\n  - --key <key> (17 lines)\n  - --krb <level> (12 lines)\n  - --libcurl <file> (13 lines)\n  - --limit-rate <speed> (26 lines)\n  - -l, --list-only (22 lines)\n  - --local-port <num/range> (10 lines)\n  - --location-trusted (10 lines)\n  - -L, --location (25 lines)\n  - --login-options <options> (14 lines)\n  - --mail-auth <address> (8 lines)\n  - --mail-from <address> (7 lines)\n  - --mail-rcpt-allowfails (16 lines)\n  - --mail-rcpt <address> (16 lines)\n  - -M, --manual (7 lines)\n  - --max-filesize <bytes> (15 lines)\n  - --max-redirs <num> (11 lines)\n  - -m, --max-time <fractional seconds> (13 lines)\n  - --metalink (8 lines)\n  - --negotiate (16 lines)\n  - --netrc-file <filename> (12 lines)\n  - --netrc-optional (8 lines)\n  - -n, --netrc (39 lines)\n  - --no-alpn (10 lines)\n  - -N, --no-buffer (13 lines)\n  - --no-keepalive (11 lines)\n  - --no-npn (10 lines)\n  - --no-progress-meter (11 lines)\n  - --no-sessionid (13 lines)\n  - --noproxy <no-proxy-list> (15 lines)\n  - --ntlm-wb (24 lines)\n  - --oauth2-bearer <token> (13 lines)\n  - --output-dir <dir> (16 lines)\n  - -o, --output <file> (40 lines)\n  - --parallel-immediate (11 lines)\n  - --parallel-max <num> (12 lines)\n  - -Z, --parallel (9 lines)\n  - --pass <phrase> (9 lines)\n  - --path-as-is (9 lines)\n  - --pinnedpubkey <hashes> (34 lines)\n  - --post301 (11 lines)\n  - --post302 (11 lines)\n  - --post303 (48 lines)\n  - --proto-default <protocol> (14 lines)\n  - --proto-redir <protocols> (16 lines)\n  - --proto <protocols> (34 lines)\n  - --proxy-anyauth (8 lines)\n  - --proxy-basic (9 lines)\n  - --proxy-cacert <file> (7 lines)\n  - --proxy-capath <dir> (7 lines)\n  - --proxy-cert-type <type> (15 lines)\n  - --proxy-ciphers <list> (7 lines)\n  - --proxy-crlfile <file> (7 lines)\n  - --proxy-digest (8 lines)\n  - --proxy-header <header/@file> (25 lines)\n  - --proxy-insecure (7 lines)\n  - --proxy-key-type <type> (7 lines)\n  - --proxy-key <key> (7 lines)\n  - --proxy-negotiate (8 lines)\n  - --proxy-ntlm (8 lines)\n  - --proxy-pass <phrase> (7 lines)\n  - --proxy-pinnedpubkey <hashes> (18 lines)\n  - --proxy-service-name <name> (7 lines)\n  - --proxy-ssl-allow-beast (7 lines)\n  - --proxy-ssl-auto-client-cert (7 lines)\n  - --proxy-tls13-ciphers <ciphersuite list> (17 lines)\n  - --proxy-tlsauthtype <type> (7 lines)\n  - --proxy-tlspassword <string> (7 lines)\n  - --proxy-tlsuser <name> (7 lines)\n  - --proxy-tlsv1 (7 lines)\n  - -U, --proxy-user <user:password> (71 lines)\n  - -p, --proxytunnel (13 lines)\n  - --pubkey <key> (15 lines)\n  - -Q, --quote <command> (72 lines)\n  - --random-file <file> (9 lines)\n  - -r, --range <range> (45 lines)\n  - -e, --referer <URL> (15 lines)\n  - -J, --remote-header-name (19 lines)\n  - --remote-name-all (9 lines)\n  - -O, --remote-name (23 lines)\n  - -R, --remote-time (8 lines)\n  - --request-target <path> (10 lines)\n  - -X, --request <method> (71 lines)\n  - --retry-all-errors (27 lines)\n  - --retry-connrefused (8 lines)\n  - --retry-delay <seconds> (12 lines)\n  - --retry-max-time <seconds> (13 lines)\n  - --retry <num> (21 lines)\n  - --sasl-authzid <identity> (13 lines)\n  - --sasl-ir (7 lines)\n  - --service-name <name> (9 lines)\n  - -S, --show-error (9 lines)\n  - -s, --silent (53 lines)\n  - --socks5-basic (9 lines)\n  - --socks5-gssapi-nec (10 lines)\n  - --socks5-gssapi-service <name> (12 lines)\n  - --socks5-gssapi (51 lines)\n  - -Y, --speed-limit <speed> (10 lines)\n  - -y, --speed-time <seconds> (14 lines)\n  - --ssl-allow-beast (12 lines)\n  - --ssl-auto-client-cert (11 lines)\n  - --ssl-no-revoke (8 lines)\n  - --ssl-reqd (13 lines)\n  - --ssl-revoke-best-effort (48 lines)\n  - --stderr <file> (12 lines)\n  - --styled-output (10 lines)\n  - --suppress-connect-headers (10 lines)\n  - --tcp-fastopen (7 lines)\n  - --tcp-nodelay (11 lines)\n  - -t, --telnet-option <opt=val> (13 lines)\n  - --tftp-blksize <value> (11 lines)\n  - --tftp-no-options (10 lines)\n  - -z, --time-cond <time> (19 lines)\n  - --tls-max <VERSION> (25 lines)\n  - --tls13-ciphers <ciphersuite list> (17 lines)\n  - --tlsauthtype <type> (10 lines)\n  - --tlspassword <string> (10 lines)\n  - --tlsuser <name> (73 lines)\n  - --tr-encoding (8 lines)\n  - --trace-ascii <file> (17 lines)\n  - --trace-time (9 lines)\n  - --trace <file> (14 lines)\n  - --unix-socket <path> (7 lines)\n  - -T, --upload-file <file> (28 lines)\n  - --url <url> (20 lines)\n  - -B, --use-ascii (9 lines)\n  - -A, --user-agent <name> (15 lines)\n  - -u, --user <user:password> (35 lines)\n  - -v, --verbose (20 lines)\n  - -V, --version (91 lines)\n  - -w, --write-out <format> (153 lines)\n  - --xattr (10 lines)\n- **FILES** (3 lines)\n- **ENVIRONMENT** (95 lines)\n- **PROXY PROTOCOL PREFIXES** (26 lines)\n- **EXIT CODES** (193 lines)\n- **BUGS** (3 lines)\n- **AUTHORS / CONTRIBUTORS** (3 lines)\n- **WWW** (2 lines)\n- **SEE ALSO** (5 lines)\n\n## Full Content\n\n### NAME\n\ncurl - transfer a URL\n\n### SYNOPSIS\n\n#### curl [options / URLs]\n\n### DESCRIPTION\n\ncurl  is a tool for transferring data from or to a server. It supports these protocols: DICT,\nFILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT,  POP3,  POP3S,\nRTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET or TFTP. The command is designed\nto work without user interaction.\n\ncurl offers a busload of useful tricks like proxy support, user authentication,  FTP  upload,\nHTTP  post,  SSL  connections, cookies, file transfer resume and more. As you will see below,\nthe number of features will make your head spin.\n\ncurl is powered by libcurl for all transfer-related features. See libcurl(3) for details.\n\n### URL\n\nThe URL syntax is protocol-dependent. You find a detailed description in RFC 3986.\n\nYou can specify multiple URLs or parts of URLs by writing part sets within braces and quoting\nthe URL as in:\n\n\"http://site.{one,two,three}.com\"\n\nor you can get sequences of alphanumeric series by using [] as in:\n\n\"ftp://ftp.example.com/file[1-100].txt\"\n\n\"ftp://ftp.example.com/file[001-100].txt\"    (with leading zeros)\n\n\"ftp://ftp.example.com/file[a-z].txt\"\n\nNested sequences are not supported, but you can use several ones next to each other:\n\n\"http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html\"\n\nYou  can specify any amount of URLs on the command line. They will be fetched in a sequential\nmanner in the specified order. You can specify command line options and URLs mixed and in any\norder on the command line.\n\nYou can specify a step counter for the ranges to get every Nth number or letter:\n\n\"http://example.com/file[1-100:10].txt\"\n\n\"http://example.com/file[a-z:2].txt\"\n\nWhen  using  [] or {} sequences when invoked from a command line prompt, you probably have to\nput the full URL within double quotes to avoid the shell from interfering with it. This  also\ngoes for other characters treated special, like for example '&', '?' and '*'.\n\nProvide  the  IPv6  zone  index  in the URL with an escaped percentage sign and the interface\nname. Like in\n\n\"http://[fe80::3%25eth0]/\"\n\nIf you specify URL without protocol:// prefix, curl will attempt to guess what  protocol  you\nmight  want.  It  will  then default to HTTP but try other protocols based on often-used host\nname prefixes. For example, for host names starting with \"ftp.\" curl will assume you want  to\nspeak FTP.\n\ncurl will do its best to use what you pass to it as a URL. It is not trying to validate it as\na syntactically correct URL by any means but is fairly liberal with what it accepts.\n\ncurl will attempt to re-use connections for multiple file transfers,  so  that  getting  many\nfiles  from  the same server will not do multiple connects / handshakes. This improves speed.\nOf course this is only done on files specified on a single command line and  cannot  be  used\nbetween separate curl invocations.\n\n### OUTPUT\n\nIf  not  told otherwise, curl writes the received data to stdout. It can be instructed to in‐\nstead save that data into a local file, using the -o, --output or -O, --remote-name  options.\nIf  curl  is given multiple URLs to transfer on the command line, it similarly needs multiple\noptions for where to save them.\n\ncurl does not parse or otherwise \"understand\" the content it gets or  writes  as  output.  It\ndoes no encoding or decoding, unless explicitly asked to with dedicated command line options.\n\n### PROTOCOLS\n\ncurl supports numerous protocols, or put in URL terms: schemes. Your particular build may not\nsupport them all.\n\nDICT   Lets you lookup words using online dictionaries.\n\nFILE   Read or write local files. curl does not support accessing file:// URL  remotely,  but\nwhen running on Microsoft Windows using the native UNC approach will work.\n\nFTP(S) curl  supports  the  File  Transfer  Protocol with a lot of tweaks and levers. With or\nwithout using TLS.\n\nGOPHER(S)\nRetrieve files.\n\nHTTP(S)\ncurl supports HTTP with numerous options and variations. It  can  speak  HTTP  version\n0.9,  1.0,  1.1,  2  and 3 depending on build options and the correct command line op‐\ntions.\n\nIMAP(S)\nUsing the mail reading protocol, curl can \"download\" emails for you. With  or  without\nusing TLS.\n\nLDAP(S)\ncurl can do directory lookups for you, with or without TLS.\n\nMQTT   curl  supports  MQTT  version  3.  Downloading over MQTT equals \"subscribe\" to a topic\nwhile uploading/posting equals \"publish\" on a topic. MQTT over TLS  is  not  supported\n(yet).\n\nPOP3(S)\nDownloading from a pop3 server means getting a mail. With or without using TLS.\n\nRTMP(S)\nThe  Realtime  Messaging Protocol is primarily used to server streaming media and curl\ncan download it.\n\nRTSP   curl supports RTSP 1.0 downloads.\n\nSCP    curl supports SSH version 2 scp transfers.\n\nSFTP   curl supports SFTP (draft 5) done over SSH version 2.\n\nSMB(S) curl supports SMB version 1 for upload and download.\n\nSMTP(S)\nUploading contents to an SMTP server means sending an email. With or without TLS.\n\nTELNET Telling curl to fetch a telnet URL starts an interactive session where it  sends  what\nit reads on stdin and outputs what the server sends it.\n\nTFTP   curl can do TFTP downloads and uploads.\n\n### PROGRESS METER\n\ncurl  normally  displays  a progress meter during operations, indicating the amount of trans‐\nferred data, transfer speeds and estimated time left, etc. The progress meter displays number\nof bytes and the speeds are in bytes per second. The suffixes (k, M, G, T, P) are 1024 based.\nFor example 1k is 1024 bytes. 1M is 1048576 bytes.\n\ncurl displays this data to the terminal by default, so if you invoke curl to do an  operation\nand it is about to write data to the terminal, it disables the progress meter as otherwise it\nwould mess up the output mixing progress meter and response data.\n\nIf you want a progress meter for HTTP POST or PUT requests, you need to redirect the response\noutput to a file, using shell redirect (>), -o, --output or similar.\n\nThis  does  not  apply to FTP upload as that operation does not spit out any response data to\nthe terminal.\n\nIf you prefer a progress \"bar\" instead of the  regular  meter,  -#,  --progress-bar  is  your\nfriend. You can also disable the progress meter completely with the -s, --silent option.\n\n### OPTIONS\n\nOptions start with one or two dashes. Many of the options require an additional value next to\nthem.\n\nThe short \"single-dash\" form of the options, -d for example, may be used with  or  without  a\nspace  between  it and its value, although a space is a recommended separator. The long \"dou‐\nble-dash\" form, -d, --data for example, requires a space between it and its value.\n\nShort version options that do not need any additional values can be used immediately next  to\neach other, like for example you can specify all the options -O, -L and -v at once as -OLv.\n\nIn  general,  all boolean options are enabled with --option and yet again disabled with --no-\noption. That is, you use the same option name but prefix it with \"no-\". However, in this list\nwe mostly only list and show the --option version of them.\n\n#### --abstract-unix-socket <path>\n\n(HTTP)  Connect  through an abstract Unix domain socket, instead of using the network.\nNote: netstat shows the path of an abstract socket  prefixed  with  '@',  however  the\n<path> argument should not have this leading character.\n\nExample:\ncurl --abstract-unix-socket socketpath https://example.com\n\nSee also --unix-socket. Added in 7.53.0.\n\n#### --alt-svc <file name>\n\n(HTTPS)  This option enables the alt-svc parser in curl. If the file name points to an\nexisting alt-svc cache file, that will be used. After a completed transfer, the  cache\nwill be saved to the file name again if it has been modified.\n\nSpecify a \"\" file name (zero length) to avoid loading/saving and make curl just handle\nthe cache in memory.\n\nIf this option is used several times, curl will load contents from all the  files  but\nthe last one will be used for saving.\n\nExample:\ncurl --alt-svc svc.txt https://example.com\n\nSee also --resolve and --connect-to. Added in 7.64.1.\n\n#### --anyauth\n\n(HTTP)  Tells curl to figure out authentication method by itself, and use the most se‐\ncure one the remote site claims to support. This is done by first doing a request  and\nchecking  the  response-headers,  thus  possibly inducing an extra network round-trip.\nThis is used instead of setting a specific authentication method,  which  you  can  do\nwith --basic, --digest, --ntlm, and --negotiate.\n\nUsing  --anyauth is not recommended if you do uploads from stdin, since it may require\ndata to be sent twice and then the client must be able to rewind. If the  need  should\narise when uploading from stdin, the upload operation will fail.\n\nUsed together with -u, --user.\n\nExample:\ncurl --anyauth --user me:pwd https://example.com\n\nSee also --proxy-anyauth, --basic and --digest.\n\n#### -a, --append\n\n(FTP  SFTP)  When used in an upload, this makes curl append to the target file instead\nof overwriting it. If the remote file does not exist, it will be  created.  Note  that\nthis flag is ignored by some SFTP servers (including OpenSSH).\n\nExample:\ncurl --upload-file local --append ftp://example.com/\n\nSee also -r, --range and -C, --continue-at.\n\n--aws-sigv4 <provider1[:provider2[:region[:service]]]>\nUse AWS V4 signature authentication in the transfer.\n\nThe provider argument is a string that is used by the algorithm when creating outgoing\nauthentication headers.\n\nThe region argument is a string that points to a geographic area of a  resources  col‐\nlection (region-code) when the region name is omitted from the endpoint.\n\nThe  service  argument is a string that points to a function provided by a cloud (ser‐\nvice-code) when the service name is omitted from the endpoint.\n\nExample:\ncurl --aws-sigv4 \"aws:amz:east-2:es\" --user \"key:secret\" https://example.com\n\nSee also --basic and -u, --user. Added in 7.75.0.\n\n#### --basic\n\n(HTTP) Tells curl to use HTTP Basic authentication with the remote host. This  is  the\ndefault  and  this option is usually pointless, unless you use it to override a previ‐\nously set option that sets a different authentication method (such  as  --ntlm,  --di‐\ngest, or --negotiate).\n\nUsed together with -u, --user.\n\nExample:\ncurl -u name:password --basic https://example.com\n\nSee also --proxy-basic.\n\n#### --cacert <file>\n\n(TLS)  Tells  curl  to use the specified certificate file to verify the peer. The file\nmay contain multiple CA certificates. The certificate(s) must be in PEM  format.  Nor‐\nmally  curl  is built to use a default file for this, so this option is typically used\nto alter that default file.\n\ncurl recognizes the environment variable named 'CURLCABUNDLE' if it is set, and uses\nthe given path as a path to a CA cert bundle. This option overrides that variable.\n\nThe  windows  version of curl will automatically look for a CA certs file named 'curl-\nca-bundle.crt', either in the same directory as curl.exe, or in  the  Current  Working\nDirectory, or in any folder along your PATH.\n\nIf  curl  is  built  against  the  NSS  SSL  library, the NSS PEM PKCS#11 module (lib‐\nnsspem.so) needs to be available for this option to work properly.\n\n(iOS and macOS only) If curl is built against Secure Transport, then  this  option  is\nsupported for backward compatibility with other SSL engines, but it should not be set.\nIf the option is not set, then curl will use the certificates in the system  and  user\nKeychain  to  verify  the  peer, which is the preferred method of verifying the peer's\ncertificate chain.\n\n(Schannel only) This option is supported for Schannel  in  Windows  7  or  later  with\nlibcurl  7.60 or later. This option is supported for backward compatibility with other\nSSL engines; instead it is recommended to use Windows' store of root certificates (the\ndefault for Schannel).\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --cacert CA-file.txt https://example.com\n\nSee also --capath and -k, --insecure.\n\n#### --capath <dir>\n\n(TLS) Tells curl to use the specified certificate directory to verify the peer. Multi‐\nple paths can be provided by separating them with \":\" (e.g.  \"path1:path2:path3\"). The\ncertificates  must  be in PEM format, and if curl is built against OpenSSL, the direc‐\ntory must have been processed using the crehash utility supplied with OpenSSL.  Using\n--capath  can allow OpenSSL-powered curl to make SSL-connections much more efficiently\nthan using --cacert if the --cacert file contains many CA certificates.\n\nIf this option is set, the default capath value will be ignored, and  if  it  is  used\nseveral times, the last one will be used.\n\nExample:\ncurl --capath /local/directory https://example.com\n\nSee also --cacert and -k, --insecure.\n\n#### --cert-status\n\n(TLS)  Tells curl to verify the status of the server certificate by using the Certifi‐\ncate Status Request (aka. OCSP stapling) TLS extension.\n\nIf this option is enabled and the server sends an invalid (e.g. expired) response,  if\nthe  response suggests that the server certificate has been revoked, or no response at\nall is received, the verification fails.\n\nThis is currently only implemented in the OpenSSL, GnuTLS and NSS backends.\n\nExample:\ncurl --cert-status https://example.com\n\nSee also --pinnedpubkey. Added in 7.41.0.\n\n#### --cert-type <type>\n\n(TLS) Tells curl what type the provided client certificate is using. PEM, DER, ENG and\nP12 are recognized types. If not specified, PEM is assumed.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --cert-type PEM --cert file https://example.com\n\nSee also -E, --cert, --key and --key-type.\n\n-E, --cert <certificate[:password]>\n(TLS) Tells curl to use the specified client certificate file when getting a file with\nHTTPS, FTPS or another SSL-based protocol. The certificate must be in  PKCS#12  format\nif  using  Secure  Transport, or PEM format if using any other engine. If the optional\npassword is not specified, it will be queried for on the terminal. Note that this  op‐\ntion  assumes  a \"certificate\" file that is the private key and the client certificate\nconcatenated! See -E, --cert and --key to specify them independently.\n\nIf curl is built against the NSS SSL library then this option can tell curl the  nick‐\nname  of  the  certificate  to  use within the NSS database defined by the environment\nvariable SSLDIR (or by default /etc/pki/nssdb). If the NSS PEM PKCS#11  module  (lib‐\nnsspem.so)  is  available then PEM files may be loaded. If you want to use a file from\nthe current directory, please precede it with \"./\" prefix, in order to avoid confusion\nwith  a nickname. If the nickname contains \":\", it needs to be preceded by \"\\\" so that\nit is not recognized as password delimiter. If the nickname contains \"\\\", it needs  to\nbe escaped as \"\\\\\" so that it is not recognized as an escape character.\n\nIf  curl  is built against OpenSSL library, and the engine pkcs11 is available, then a\nPKCS#11 URI (RFC 7512) can be used to specify a certificate located in a  PKCS#11  de‐\nvice.  A  string  beginning  with \"pkcs11:\" will be interpreted as a PKCS#11 URI. If a\nPKCS#11 URI is provided, then the --engine option will be set as \"pkcs11\" if none  was\nprovided and the --cert-type option will be set as \"ENG\" if none was provided.\n\n(iOS  and  macOS only) If curl is built against Secure Transport, then the certificate\nstring can either be the name of a certificate/private key in the system or user  key‐\nchain,  or  the  path to a PKCS#12-encoded certificate and private key. If you want to\nuse a file from the current directory, please precede it with \"./\" prefix, in order to\navoid confusion with a nickname.\n\n(Schannel  only)  Client certificates must be specified by a path expression to a cer‐\ntificate store. (Loading PFX is not supported; you can import it to  a  store  first).\nYou  can use \"<store location>\\<store name>\\<thumbprint>\" to refer to a certificate in\nthe      system      certificates       store,       for       example,       \"Curren‐\ntUser\\MY\\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a\".  Thumbprint is usually a SHA-1 hex\nstring which you can see in certificate details. Following store  locations  are  sup‐\nported:  CurrentUser,  LocalMachine, CurrentService, Services, CurrentUserGroupPolicy,\nLocalMachineGroupPolicy, LocalMachineEnterprise.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --cert certfile --key keyfile https://example.com\n\nSee also --cert-type, --key and --key-type.\n\n#### --ciphers <list of ciphers>\n\n(TLS) Specifies which ciphers to use in the connection. The list of ciphers must spec‐\nify valid ciphers. Read up on SSL cipher list details on this URL:\n\nhttps://curl.se/docs/ssl-ciphers.html\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --ciphers ECDHE-ECDSA-AES256-CCM8 https://example.com\n\nSee also --tlsv1.3.\n\n#### --compressed-ssh\n\n(SCP  SFTP)  Enables  built-in  SSH compression.  This is a request, not an order; the\nserver may or may not do it.\n\nExample:\ncurl --compressed-ssh sftp://example.com/\n\nSee also --compressed. Added in 7.56.0.\n\n#### --compressed\n\n(HTTP) Request a compressed response using one of the algorithms  curl  supports,  and\nautomatically decompress the content. Headers are not modified.\n\nIf  this option is used and the server sends an unsupported encoding, curl will report\nan error. This is a request, not an order; the server may or may not deliver data com‐\npressed.\n\nExample:\ncurl --compressed https://example.com\n\nSee also --compressed-ssh.\n\n#### -K, --config <file>\n\nSpecify  a  text file to read curl arguments from. The command line arguments found in\nthe text file will be used as if they were provided on the command line.\n\nOptions and their parameters must be specified on the same line in the file, separated\nby whitespace, colon, or the equals sign. Long option names can optionally be given in\nthe config file without the initial double dashes and if so, the colon or equals char‐\nacters  can  be used as separators. If the option is specified with one or two dashes,\nthere can be no colon or equals character between the option and its parameter.\n\nIf the parameter contains whitespace (or starts with : or =), the  parameter  must  be\nenclosed  within  quotes.  Within  double  quotes,  the following escape sequences are\navailable: \\\\, \\\", \\t, \\n, \\r and \\v. A backslash preceding any other  letter  is  ig‐\nnored.\n\nIf  the first column of a config line is a '#' character, the rest of the line will be\ntreated as a comment.\n\nOnly write one option per physical line in the config file.\n\nSpecify the filename to -K, --config as '-' to make curl read the file from stdin.\n\nNote that to be able to specify a URL in the config file, you need to specify it using\nthe --url option, and not by simply writing the URL on its own line. So, it could look\nsimilar to this:\n\nurl = \"https://curl.se/docs/\"\n\n# --- Example file ---\n# this is a comment\nurl = \"example.com\"\noutput = \"curlhere.html\"\nuser-agent = \"superagent/1.0\"\n\n# and fetch another URL too\nurl = \"example.com/docs/manpage.html\"\n-O\nreferer = \"http://nowhereatall.example.com/\"\n# --- End of example file ---\n\nWhen curl is invoked, it (unless -q, --disable is used) checks for  a  default  config\nfile  and uses it if found, even when -K, --config is used. The default config file is\nchecked for in the following places in this order:\n\n1) \"$CURLHOME/.curlrc\"\n\n2) \"$XDGCONFIGHOME/.curlrc\" (Added in 7.73.0)\n\n3) \"$HOME/.curlrc\"\n\n4) Windows: \"%USERPROFILE%\\.curlrc\"\n\n5) Windows: \"%APPDATA%\\.curlrc\"\n\n6) Windows: \"%USERPROFILE%\\Application Data\\.curlrc\"\n\n7) Non-windows: use getpwuid to find the home directory\n\n8) On windows, if it finds no .curlrc file in the sequence described above, it  checks\nfor one in the same dir the curl executable is placed.\n\nThis option can be used multiple times to load multiple config files.\n\nExample:\ncurl --config file.txt https://example.com\n\nSee also -q, --disable.\n\n#### --connect-timeout <fractional seconds>\n\nMaximum  time  in  seconds that you allow curl's connection to take.  This only limits\nthe connection phase, so if curl connects within the given period it will  continue  -\nif not it will exit.  Since version 7.32.0, this option accepts decimal values.\n\nIf this option is used several times, the last one will be used.\n\nExamples:\ncurl --connect-timeout 20 https://example.com\ncurl --connect-timeout 3.14 https://example.com\n\nSee also -m, --max-time.\n\n#### --connect-to <HOST1:PORT1:HOST2:PORT2>\n\nFor a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead.  This op‐\ntion is suitable to direct requests at a specific server, e.g. at a  specific  cluster\nnode  in  a cluster of servers. This option is only used to establish the network con‐\nnection. It does NOT affect the hostname/port that is used for TLS/SSL (e.g. SNI, cer‐\ntificate  verification)  or  for the application protocols. \"HOST1\" and \"PORT1\" may be\nthe empty string, meaning \"any host/port\". \"HOST2\" and \"PORT2\" may also be  the  empty\nstring, meaning \"use the request's original host/port\".\n\nA  \"host\"  specified  to this option is compared as a string, so it needs to match the\nname used in request URL. It can be either numerical such as \"127.0.0.1\" or  the  full\nhost name such as \"example.org\".\n\nThis option can be used many times to add many connect rules.\n\nExample:\ncurl --connect-to example.com:443:example.net:8443 https://example.com\n\nSee also --resolve and -H, --header. Added in 7.49.0.\n\n#### -C, --continue-at <offset>\n\nContinue/Resume  a previous file transfer at the given offset. The given offset is the\nexact number of bytes that will be skipped, counting from the beginning of the  source\nfile before it is transferred to the destination. If used with uploads, the FTP server\ncommand SIZE will not be used by curl.\n\nUse \"-C -\" to tell curl to automatically find out where/how to resume the transfer. It\nthen uses the given output/input files to figure that out.\n\nIf this option is used several times, the last one will be used.\n\nExamples:\ncurl -C - https://example.com\ncurl -C 400 https://example.com\n\nSee also -r, --range.\n\n#### -c, --cookie-jar <filename>\n\n(HTTP)  Specify to which file you want curl to write all cookies after a completed op‐\neration. Curl writes all cookies from its in-memory cookie storage to the  given  file\nat  the  end of operations. If no cookies are known, no data will be written. The file\nwill be written using the Netscape cookie file format. If you set the file name  to  a\nsingle dash, \"-\", the cookies will be written to stdout.\n\nThis  command  line  option will activate the cookie engine that makes curl record and\nuse cookies. Another way to activate it is to use the -b, --cookie option.\n\nIf the cookie jar cannot be created or written to, the whole curl operation  will  not\nfail  or  even  report  an  error clearly. Using -v, --verbose will get a warning dis‐\nplayed, but that is the only visible feedback you get about this possibly lethal situ‐\nation.\n\nIf this option is used several times, the last specified file name will be used.\n\nExamples:\ncurl -c store-here.txt https://example.com\ncurl -c store-here.txt -b read-these https://example.com\n\nSee also -b, --cookie.\n\n#### -b, --cookie <data|filename>\n\n(HTTP)  Pass  the  data  to the HTTP server in the Cookie header. It is supposedly the\ndata previously received from the server in a \"Set-Cookie:\" line. The data  should  be\nin the format \"NAME1=VALUE1; NAME2=VALUE2\".\n\nIf  no '=' symbol is used in the argument, it is instead treated as a filename to read\npreviously stored cookie from. This option also activates the cookie engine which will\nmake  curl record incoming cookies, which may be handy if you are using this in combi‐\nnation with the -L, --location option or do multiple URL transfers on the same invoke.\nIf  the  file  name is exactly a minus (\"-\"), curl will instead read the contents from\nstdin.\n\nThe file format of the file to read cookies from should be plain  HTTP  headers  (Set-\nCookie style) or the Netscape/Mozilla cookie file format.\n\nThe file specified with -b, --cookie is only used as input. No cookies will be written\nto the file. To store cookies, use the -c, --cookie-jar option.\n\nIf you use the Set-Cookie file format and do not specify a domain then the  cookie  is\nnot  sent  since  the  domain  will never match. To address this, set a domain in Set-\nCookie line (doing that will include sub-domains) or preferably: use the Netscape for‐\nmat.\n\nThis option can be used multiple times.\n\nUsers  often want to both read cookies from a file and write updated cookies back to a\nfile, so using both -b, --cookie and -c, --cookie-jar in the same command line is com‐\nmon.\n\nExamples:\ncurl -b cookiefile https://example.com\ncurl -b cookiefile -c cookiefile https://example.com\n\nSee also -c, --cookie-jar and -j, --junk-session-cookies.\n\n#### --create-dirs\n\nWhen  used in conjunction with the -o, --output option, curl will create the necessary\nlocal directory hierarchy as needed. This option  creates  the  directories  mentioned\nwith  the  -o, --output option, nothing else. If the --output file name uses no direc‐\ntory, or if the directories it mentions already exist, no directories will be created.\n\nCreated dirs are made with mode 0750 on unix style file systems.\n\nTo create remote directories when using FTP or SFTP, try --ftp-create-dirs.\n\nExample:\ncurl --create-dirs --output local/dir/file https://example.com\n\nSee also --ftp-create-dirs and --output-dir.\n\n#### --create-file-mode <mode>\n\n(SFTP SCP FILE) When curl is used to create files remotely using one of the  supported\nprotocols,  this option allows the user to set which 'mode' to set on the file at cre‐\nation time, instead of the default 0644.\n\nThis option takes an octal number as argument.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --create-file-mode 0777 -T localfile sftp://example.com/new\n\nSee also --ftp-create-dirs. Added in 7.75.0.\n\n--crlf (FTP SMTP) Convert LF to CRLF in upload. Useful for MVS (OS/390).\n\n(SMTP added in 7.40.0)\n\nExample:\ncurl --crlf -T file ftp://example.com/\n\nSee also -B, --use-ascii.\n\n#### --crlfile <file>\n\n(TLS) Provide a file using PEM format with a  Certificate  Revocation  List  that  may\nspecify peer certificates that are to be considered revoked.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --crlfile rejects.txt https://example.com\n\nSee also --cacert and --capath.\n\n#### --curves <algorithm list>\n\n(TLS)  Tells  curl  to request specific curves to use during SSL session establishment\naccording to RFC 8422, 5.1.  Multiple algorithms can be provided  by  separating  them\nwith  \":\"  (e.g.   \"X25519:P-521\").   The  parameter  is  available identically in the\n\"openssl sclient/sserver\" utilities.\n\n--curves allows a OpenSSL powered curl to make SSL-connections with exactly  the  (EC)\ncurve requested by the client, avoiding nontransparent client/server negotiations.\n\nIf this option is set, the default curves list built into openssl will be ignored.\n\nExample:\ncurl --curves X25519 https://example.com\n\nSee also --ciphers. Added in 7.73.0.\n\n#### --data-ascii <data>\n\n(HTTP) This is just an alias for -d, --data.\n\nExample:\ncurl --data-ascii @file https://example.com\n\nSee also --data-binary, --data-raw and --data-urlencode.\n\n#### --data-binary <data>\n\n(HTTP) This posts data exactly as specified with no extra processing whatsoever.\n\nIf you start the data with the letter @, the rest should be a filename. Data is posted\nin a similar manner as -d, --data does, except that newlines and carriage returns  are\npreserved and conversions are never done.\n\nLike -d, --data the default content-type sent to the server is application/x-www-form-\nurlencoded. If you want the data to be treated as arbitrary binary data by the  server\nthen  set  the  content-type  to  octet-stream:  -H  \"Content-Type: application/octet-\nstream\".\n\nIf this option is used several times, the ones following the first will append data as\ndescribed in -d, --data.\n\nExample:\ncurl --data-binary @filename https://example.com\n\nSee also --data-ascii.\n\n#### --data-raw <data>\n\n(HTTP)  This posts data similarly to -d, --data but without the special interpretation\nof the @ character.\n\nExamples:\ncurl --data-raw \"hello\" https://example.com\ncurl --data-raw \"@at@at@\" https://example.com\n\nSee also -d, --data. Added in 7.43.0.\n\n#### --data-urlencode <data>\n\n(HTTP) This posts data, similar to the other -d, --data  options  with  the  exception\nthat this performs URL-encoding.\n\nTo  be CGI-compliant, the <data> part should begin with a name followed by a separator\nand a content specification. The <data> part can be passed to curl using  one  of  the\nfollowing syntaxes:\n\ncontent\nThis will make curl URL-encode the content and pass that on. Just be careful so\nthat the content does not contain any = or @ symbols, as that  will  then  make\nthe syntax match one of the other cases below!\n\n=content\nThis  will  make  curl URL-encode the content and pass that on. The preceding =\nsymbol is not included in the data.\n\nname=content\nThis will make curl URL-encode the content part and pass that on. Note that the\nname part is expected to be URL-encoded already.\n\n@filename\nThis  will  make  curl  load data from the given file (including any newlines),\nURL-encode that data and pass it on in the POST.\n\nname@filename\nThis will make curl load data from the given  file  (including  any  newlines),\nURL-encode  that  data  and pass it on in the POST. The name part gets an equal\nsign appended, resulting in name=urlencoded-file-content. Note that the name is\nexpected to be URL-encoded already.\n\nExamples:\ncurl --data-urlencode name=val https://example.com\ncurl --data-urlencode =encodethis https://example.com\ncurl --data-urlencode name@file https://example.com\ncurl --data-urlencode @fileonly https://example.com\n\nSee also -d, --data and --data-raw.\n\n#### -d, --data <data>\n\n(HTTP MQTT) Sends the specified data in a POST request to the HTTP server, in the same\nway that a browser does when a user has filled in an HTML form and presses the  submit\nbutton. This will cause curl to pass the data to the server using the content-type ap‐\nplication/x-www-form-urlencoded. Compare to -F, --form.\n\n--data-raw is almost the same but does not have a  special  interpretation  of  the  @\ncharacter.  To  post  data purely binary, you should instead use the --data-binary op‐\ntion. To URL-encode the value of a form field you may use --data-urlencode.\n\nIf any of these options is used more than once on the  same  command  line,  the  data\npieces  specified  will  be  merged  with  a  separating  &-symbol.  Thus,  using  '-d\nname=daniel  -d  skill=lousy'  would  generate  a   post   chunk   that   looks   like\n'name=daniel&skill=lousy'.\n\nIf  you  start  the data with the letter @, the rest should be a file name to read the\ndata from, or - if you want curl to read the data from stdin. Posting data from a file\nnamed  'foobar' would thus be done with -d, --data @foobar. When -d, --data is told to\nread from a file like that, carriage returns and newlines will be stripped out. If you\ndo not want the @ character to have a special interpretation use --data-raw instead.\n\nExamples:\ncurl -d \"name=curl\" https://example.com\ncurl -d \"name=curl\" -d \"tool=cmdline\" https://example.com\ncurl -d @filename https://example.com\n\nSee  also  --data-binary,  --data-urlencode  and --data-raw. This option overrides -F,\n--form and -I, --head and -T, --upload-file.\n\n#### --delegation <LEVEL>\n\n(GSS/kerberos) Set LEVEL to tell the server what it is allowed  to  delegate  when  it\ncomes to user credentials.\n\nnone   Do not allow any delegation.\n\npolicy Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos service\nticket, which is a matter of realm policy.\n\nalways Unconditionally allow the server to delegate.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --delegation \"none\" https://example.com\n\nSee also -k, --insecure and --ssl.\n\n#### --digest\n\n(HTTP) Enables HTTP Digest authentication. This is an authentication scheme that  pre‐\nvents  the  password from being sent over the wire in clear text. Use this in combina‐\ntion with the normal -u, --user option to set user name and password.\n\nIf this option is used several times, only the first one is used.\n\nExample:\ncurl -u name:password --digest https://example.com\n\nSee also -u, --user, --proxy-digest and --anyauth. This option overrides  --basic  and\n--ntlm and --negotiate.\n\n#### --disable-eprt\n\n(FTP) Tell curl to disable the use of the EPRT and LPRT commands when doing active FTP\ntransfers. Curl will normally always first attempt to use EPRT, then LPRT before using\nPORT,  but with this option, it will use PORT right away. EPRT and LPRT are extensions\nto the original FTP protocol, and may not work on all servers, but  they  enable  more\nfunctionality in a better way than the traditional PORT command.\n\n--eprt  can  be  used  to  explicitly  enable EPRT again and --no-eprt is an alias for\n--disable-eprt.\n\nIf the server is accessed using IPv6, this option will have no effect as EPRT is  nec‐\nessary then.\n\nDisabling EPRT only changes the active behavior. If you want to switch to passive mode\nyou need to not use -P, --ftp-port or force it with --ftp-pasv.\n\nExample:\ncurl --disable-eprt ftp://example.com/\n\nSee also --disable-epsv and -P, --ftp-port.\n\n#### --disable-epsv\n\n(FTP) Tell curl to disable the use of the EPSV command when doing passive  FTP  trans‐\nfers.  Curl  will normally always first attempt to use EPSV before PASV, but with this\noption, it will not try using EPSV.\n\n--epsv can be used to explicitly enable EPSV again  and  --no-epsv  is  an  alias  for\n--disable-epsv.\n\nIf  the  server  is an IPv6 host, this option will have no effect as EPSV is necessary\nthen.\n\nDisabling EPSV only changes the passive behavior. If you want to switch to active mode\nyou need to use -P, --ftp-port.\n\nExample:\ncurl --disable-epsv ftp://example.com/\n\nSee also --disable-eprt and -P, --ftp-port.\n\n#### -q, --disable\n\nIf used as the first parameter on the command line, the curlrc config file will not be\nread and used. See the -K, --config for details on  the  default  config  file  search\npath.\n\nExample:\ncurl -q https://example.com\n\nSee also -K, --config.\n\n#### --disallow-username-in-url\n\n(HTTP) This tells curl to exit if passed a url containing a username. This is probably\nmost useful when the URL is being provided at run-time or similar.\n\nExample:\ncurl --disallow-username-in-url https://example.com\n\nSee also --proto. Added in 7.61.0.\n\n#### --dns-interface <interface>\n\n(DNS) Tell curl to send outgoing DNS requests through <interface>. This  option  is  a\ncounterpart to --interface (which does not affect DNS). The supplied string must be an\ninterface name (not an address).\n\nExample:\ncurl --dns-interface eth0 https://example.com\n\nSee also --dns-ipv4-addr and --dns-ipv6-addr. --dns-interface requires that the under‐\nlying libcurl was built to support c-ares. Added in 7.33.0.\n\n#### --dns-ipv4-addr <address>\n\n(DNS) Tell curl to bind to <ip-address> when making IPv4 DNS requests, so that the DNS\nrequests originate from this address. The argument should be a single IPv4 address.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --dns-ipv4-addr 10.1.2.3 https://example.com\n\nSee also --dns-interface and --dns-ipv6-addr. --dns-ipv4-addr requires that the under‐\nlying libcurl was built to support c-ares. Added in 7.33.0.\n\n#### --dns-ipv6-addr <address>\n\n(DNS) Tell curl to bind to <ip-address> when making IPv6 DNS requests, so that the DNS\nrequests originate from this address. The argument should be a single IPv6 address.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --dns-ipv6-addr 2a04:4e42::561 https://example.com\n\nSee also --dns-interface and --dns-ipv4-addr. --dns-ipv6-addr requires that the under‐\nlying libcurl was built to support c-ares. Added in 7.33.0.\n\n#### --dns-servers <addresses>\n\nSet  the list of DNS servers to be used instead of the system default.  The list of IP\naddresses should be separated with commas. Port numbers may also optionally  be  given\nas :<port-number> after each IP address.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --dns-servers 192.168.0.1,192.168.0.2 https://example.com\n\nSee also --dns-interface and --dns-ipv4-addr. --dns-servers requires that the underly‐\ning libcurl was built to support c-ares. Added in 7.33.0.\n\n#### --doh-cert-status\n\nSame as --cert-status but used for DoH (DNS-over-HTTPS).\n\nExample:\ncurl --doh-cert-status --doh-url https://doh.example https://example.com\n\nSee also --doh-insecure. Added in 7.76.0.\n\n#### --doh-insecure\n\nSame as -k, --insecure but used for DoH (DNS-over-HTTPS).\n\nExample:\ncurl --doh-insecure --doh-url https://doh.example https://example.com\n\nSee also --doh-url. Added in 7.76.0.\n\n#### --doh-url <URL>\n\nSpecifies which DNS-over-HTTPS (DoH) server to use to resolve  hostnames,  instead  of\nusing the default name resolver mechanism. The URL must be HTTPS.\n\nSome  SSL  options  that  you  set  for your transfer will apply to DoH since the name\nlookups take place over SSL. However, the certificate verification  settings  are  not\ninherited and can be controlled separately via --doh-insecure and --doh-cert-status.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --doh-url https://doh.example https://example.com\n\nSee also --doh-insecure. Added in 7.62.0.\n\n#### -D, --dump-header <filename>\n\n(HTTP  FTP)  Write  the received protocol headers to the specified file. If no headers\nare received, the use of this option will create an empty file.\n\nWhen used in FTP, the FTP server response lines are  considered  being  \"headers\"  and\nthus are saved there.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --dump-header store.txt https://example.com\n\nSee also -o, --output.\n\n#### --egd-file <file>\n\n(TLS) Specify the path name to the Entropy Gathering Daemon socket. The socket is used\nto seed the random engine for SSL connections.\n\nExample:\ncurl --egd-file /random/here https://example.com\n\nSee also --random-file.\n\n#### --engine <name>\n\n(TLS) Select the OpenSSL crypto engine to use for cipher operations. Use --engine list\nto print a list of build-time supported engines. Note that not all (and possibly none)\nof the engines may be available at run-time.\n\nExample:\ncurl --engine flavor https://example.com\n\nSee also --ciphers and --curves.\n\n#### --etag-compare <file>\n\n(HTTP) This option makes a conditional HTTP request for the specific  ETag  read  from\nthe given file by sending a custom If-None-Match header using the stored ETag.\n\nFor  correct  results,  make  sure that the specified file contains only a single line\nwith the desired ETag. An empty file is parsed as an empty ETag.\n\nUse the option --etag-save to first save the ETag from a response, and then  use  this\noption to compare against the saved ETag in a subsequent request.\n\nExample:\ncurl --etag-compare etag.txt https://example.com\n\nSee also --etag-save and -z, --time-cond. Added in 7.68.0.\n\n#### --etag-save <file>\n\n(HTTP)  This option saves an HTTP ETag to the specified file. An ETag is a caching re‐\nlated header, usually returned in a response.\n\nIf no ETag is sent by the server, an empty file is created.\n\nExample:\ncurl --etag-save storetag.txt https://example.com\n\nSee also --etag-compare. Added in 7.68.0.\n\n#### --expect100-timeout <seconds>\n\n(HTTP) Maximum time in seconds that you allow curl to wait for a 100-continue response\nwhen  curl  emits an Expects: 100-continue header in its request. By default curl will\nwait one second. This option accepts decimal values! When curl stops waiting, it  will\ncontinue as if the response has been received.\n\nExample:\ncurl --expect100-timeout 2.5 -T file https://example.com\n\nSee also --connect-timeout. Added in 7.47.0.\n\n#### --fail-early\n\nFail and exit on the first detected transfer error.\n\nWhen curl is used to do multiple transfers on the command line, it will attempt to op‐\nerate on each given URL, one by one. By default, it will ignore errors  if  there  are\nmore URLs given and the last URL's success will determine the error code curl returns.\nSo early failures will be \"hidden\" by subsequent successful transfers.\n\nUsing this option, curl will instead return an error on the first transfer that fails,\nindependent  of  the  amount  of URLs that are given on the command line. This way, no\ntransfer failures go undetected by scripts and similar.\n\nThis option is global and does not need to be specified for each use of -:, --next.\n\nThis option does not imply -f, --fail, which causes  transfers  to  fail  due  to  the\nserver's HTTP status code. You can combine the two options, however note -f, --fail is\nnot global and is therefore contained by -:, --next.\n\nExample:\ncurl --fail-early https://example.com https://two.example\n\nSee also -f, --fail and --fail-with-body. Added in 7.52.0.\n\n#### --fail-with-body\n\n(HTTP) Return an error on server errors  where  the  HTTP  response  code  is  400  or\ngreater).  In normal cases when an HTTP server fails to deliver a document, it returns\nan HTML document stating so (which often also describes why and more). This flag  will\nstill allow curl to output and save that content but also to return error 22.\n\nThis is an alternative option to -f, --fail which makes curl fail for the same circum‐\nstances but without saving the content.\n\nExample:\ncurl --fail-with-body https://example.com\n\nSee also -f, --fail. Added in 7.76.0.\n\n#### -f, --fail\n\n(HTTP) Fail silently (no output at all) on server errors. This is mostly done  to  en‐\nable  scripts  etc  to  better deal with failed attempts. In normal cases when an HTTP\nserver fails to deliver a document, it returns an HTML document stating so (which  of‐\nten also describes why and more). This flag will prevent curl from outputting that and\nreturn error 22.\n\nThis method is not fail-safe and there are  occasions  where  non-successful  response\ncodes  will  slip  through, especially when authentication is involved (response codes\n401 and 407).\n\nExample:\ncurl --fail https://example.com\n\nSee also --fail-with-body.\n\n#### --false-start\n\n(TLS) Tells curl to use false start during the TLS handshake. False start  is  a  mode\nwhere  a  TLS client will start sending application data before verifying the server's\nFinished message, thus saving a round trip when performing a full handshake.\n\nThis is currently only implemented in the NSS and Secure  Transport  (on  iOS  7.0  or\nlater, or OS X 10.9 or later) backends.\n\nExample:\ncurl --false-start https://example.com\n\nSee also --tcp-fastopen. Added in 7.42.0.\n\n#### --form-escape\n\n(HTTP) Tells curl to pass on names of multipart form fields and files using backslash-\nescaping instead of percent-encoding.\n\nExample:\ncurl --form-escape --form 'field\\name=curl' 'file=@load\"this' https://example.com\n\nSee also -F, --form. Added in 7.81.0.\n\n#### --form-string <name=string>\n\n(HTTP SMTP IMAP) Similar to -F, --form except that the value string for the named  pa‐\nrameter  is used literally. Leading '@' and '<' characters, and the ';type=' string in\nthe value have no special meaning. Use this in preference to -F, --form if there's any\npossibility  that the string value may accidentally trigger the '@' or '<' features of\n-F, --form.\n\nExample:\ncurl --form-string \"data\" https://example.com\n\nSee also -F, --form.\n\n#### -F, --form <name=content>\n\n(HTTP SMTP IMAP) For HTTP protocol family, this lets curl emulate a filled-in form  in\nwhich  a  user  has pressed the submit button. This causes curl to POST data using the\nContent-Type multipart/form-data according to RFC 2388.\n\nFor SMTP and IMAP protocols, this is the means to compose a multipart mail message  to\ntransmit.\n\nThis  enables uploading of binary files etc. To force the 'content' part to be a file,\nprefix the file name with an @ sign. To just get the content part from a file,  prefix\nthe file name with the symbol <. The difference between @ and < is then that @ makes a\nfile get attached in the post as a file upload, while the < makes  a  text  field  and\njust get the contents for that text field from a file.\n\nTell  curl  to  read content from stdin instead of a file by using - as filename. This\ngoes for both @ and < constructs. When stdin is used, the contents is buffered in mem‐\nory first by curl to determine its size and allow a possible resend. Defining a part's\ndata from a named non-regular file (such as a named pipe or similar) is  unfortunately\nnot  subject to buffering and will be effectively read at transmission time; since the\nfull size is unknown before the transfer starts, such data is sent as chunks  by  HTTP\nand rejected by IMAP.\n\nExample:  send  an  image  to an HTTP server, where 'profile' is the name of the form-\nfield to which the file portrait.jpg will be the input:\n\ncurl -F profile=@portrait.jpg https://example.com/upload.cgi\n\nExample: send your name and shoe size in two text fields to the server:\n\ncurl -F name=John -F shoesize=11 https://example.com/\n\nExample: send your essay in a text field to the server. Send it as a plain text field,\nbut get the contents for it from a local file:\n\ncurl -F \"story=<hugefile.txt\" https://example.com/\n\nYou  can also tell curl what Content-Type to use by using 'type=', in a manner similar\nto:\n\ncurl -F \"web=@index.html;type=text/html\" example.com\n\nor\n\ncurl -F \"name=daniel;type=text/foo\" example.com\n\nYou can also explicitly change the name field of a file upload part by  setting  file‐\nname=, like this:\n\ncurl -F \"file=@localfile;filename=nameinpost\" example.com\n\nIf filename/path contains ',' or ';', it must be quoted by double-quotes like:\n\ncurl -F \"file=@\\\"local,file\\\";filename=\\\"name;in;post\\\"\" example.com\n\nor\n\ncurl -F 'file=@\"local,file\";filename=\"name;in;post\"' example.com\n\nNote that if a filename/path is quoted by double-quotes, any double-quote or backslash\nwithin the filename must be escaped by backslash.\n\nQuoting must also be applied  to  non-file  data  if  it  contains  semicolons,  lead‐\ning/trailing spaces or leading double quotes:\n\ncurl -F 'colors=\"red; green; blue\";type=text/x-myapp' example.com\n\nYou can add custom headers to the field by setting headers=, like\n\ncurl -F \"submit=OK;headers=\\\"X-submit-type: OK\\\"\" example.com\n\nor\n\ncurl -F \"submit=OK;headers=@headerfile\" example.com\n\nThe  headers=  keyword  may appear more that once and above notes about quoting apply.\nWhen headers are read from a file, Empty lines and lines starting with  '#'  are  com‐\nments and ignored; each header can be folded by splitting between two words and start‐\ning the continuation line with a space; embedded carriage-returns and trailing  spaces\nare stripped.  Here is an example of a header file contents:\n\n# This file contain two headers.\nX-header-1: this is a header\n\n# The following header is folded.\nX-header-2: this is\nanother header\n\nTo support sending multipart mail messages, the syntax is extended as follows:\n- name can be omitted: the equal sign is the first character of the argument,\n-  if  data starts with '(', this signals to start a new multipart: it can be followed\nby a content type specification.\n- a multipart can be terminated with a '=)' argument.\n\nExample: the following command sends an SMTP mime email consisting in an  inline  part\nin two alternative formats: plain text and HTML. It attaches a text file:\n\ncurl -F '=(;type=multipart/alternative' \\\n-F '=plain text message' \\\n-F '= <body>HTML message</body>;type=text/html' \\\n-F '=)' -F '=@textfile.txt' ...  smtp://example.com\n\nData  can  be  encoded for transfer using encoder=. Available encodings are binary and\n8bit that do nothing else  than  adding  the  corresponding  Content-Transfer-Encoding\nheader,  7bit  that only rejects 8-bit characters with a transfer error, quoted-print‐\nable and base64 that encodes data according to  the  corresponding  schemes,  limiting\nlines length to 76 characters.\n\nExample:  send  multipart  mail  with a quoted-printable text message and a base64 at‐\ntached file:\n\ncurl -F '=text message;encoder=quoted-printable' \\\n-F '=@localfile;encoder=base64' ... smtp://example.com\n\nSee further examples and details in the MANUAL.\n\nThis option can be used multiple times.\n\nExample:\ncurl --form \"name=curl\" --form \"file=@loadthis\" https://example.com\n\nSee also -d, --data, --form-string and --form-escape. This option overrides -d, --data\nand -I, --head and -T, --upload-file.\n\n#### --ftp-account <data>\n\n(FTP) When an FTP server asks for \"account data\" after user name and password has been\nprovided, this data is sent off using the ACCT command.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --ftp-account \"mr.robot\" ftp://example.com/\n\nSee also -u, --user.\n\n#### --ftp-alternative-to-user <command>\n\n(FTP) If authenticating with the USER and PASS  commands  fails,  send  this  command.\nWhen  connecting to Tumbleweed's Secure Transport server over FTPS using a client cer‐\ntificate, using \"SITE AUTH\" will tell the server to retrieve  the  username  from  the\ncertificate.\n\nExample:\ncurl --ftp-alternative-to-user \"U53r\" ftp://example.com\n\nSee also --ftp-account and -u, --user.\n\n#### --ftp-create-dirs\n\n(FTP SFTP) When an FTP or SFTP URL/operation uses a path that does not currently exist\non the server, the standard behavior of curl is to fail. Using this option, curl  will\ninstead attempt to create missing directories.\n\nExample:\ncurl --ftp-create-dirs -T file ftp://example.com/remote/path/file\n\nSee also --create-dirs.\n\n#### --ftp-method <method>\n\n(FTP)  Control  what  method  curl should use to reach a file on an FTP(S) server. The\nmethod argument should be one of the following alternatives:\n\nmulticwd\ncurl does a single CWD operation for each path part in the given URL. For  deep\nhierarchies  this  means  many commands. This is how RFC 1738 says it should be\ndone. This is the default but the slowest behavior.\n\nnocwd  curl does no CWD at all. curl will do SIZE, RETR, STOR etc and give a full path\nto the server for all these commands. This is the fastest behavior.\n\nsinglecwd\ncurl  does one CWD with the full target directory and then operates on the file\n\"normally\" (like in the multicwd case). This is somewhat more standards compli‐\nant than 'nocwd' but without the full penalty of 'multicwd'.\n\nExamples:\ncurl --ftp-method multicwd ftp://example.com/dir1/dir2/file\ncurl --ftp-method nocwd ftp://example.com/dir1/dir2/file\ncurl --ftp-method singlecwd ftp://example.com/dir1/dir2/file\n\nSee also -l, --list-only.\n\n#### --ftp-pasv\n\n(FTP) Use passive mode for the data connection. Passive is the internal default behav‐\nior, but using this option can be used to override a previous -P, --ftp-port option.\n\nIf this option is used several times, only the first one is used. Undoing an  enforced\npassive  really is not doable but you must then instead enforce the correct -P, --ftp-\nport again.\n\nPassive mode means that curl will try the EPSV command first  and  then  PASV,  unless\n--disable-epsv is used.\n\nExample:\ncurl --ftp-pasv ftp://example.com/\n\nSee also --disable-epsv.\n\n#### -P, --ftp-port <address>\n\n(FTP) Reverses the default initiator/listener roles when connecting with FTP. This op‐\ntion makes curl use active mode. curl then tells the server to  connect  back  to  the\nclient's specified address and port, while passive mode asks the server to setup an IP\naddress and port for it to connect to. <address> should be one of:\n\ninterface\ne.g. \"eth0\" to specify which interface's IP address you want to use (Unix only)\n\nIP address\ne.g. \"192.168.10.1\" to specify the exact IP address\n\nhost name\ne.g. \"my.host.domain\" to specify the machine\n\n-      make curl pick the same IP address that is already used for the control connec‐\ntion\n\nIf this option is used several times, the last one will be used. Disable the use of PORT with\n--ftp-pasv. Disable the attempt to use the EPRT command instead of PORT by  using  --disable-\neprt. EPRT is really PORT++.\n\nYou  can also append \":[start]-[end]\" to the right of the address, to tell curl what TCP port\nrange to use. That means you specify a port range, from a lower to a higher number. A  single\nnumber  works  as  well, but do note that it increases the risk of failure since the port may\nnot be available.\n\n\nExamples:\ncurl -P - ftp:/example.com\ncurl -P eth0 ftp:/example.com\ncurl -P 192.168.0.2 ftp:/example.com\n\nSee also --ftp-pasv and --disable-eprt.\n\n#### --ftp-pret\n\n(FTP) Tell curl to send a PRET command before PASV (and EPSV).  Certain  FTP  servers,\nmainly  drftpd, require this non-standard command for directory listings as well as up\nand downloads in PASV mode.\n\nExample:\ncurl --ftp-pret ftp://example.com/\n\nSee also -P, --ftp-port and --ftp-pasv.\n\n#### --ftp-skip-pasv-ip\n\n(FTP) Tell curl to not use the IP address the  server  suggests  in  its  response  to\ncurl's  PASV  command when curl connects the data connection. Instead curl will re-use\nthe same IP address it already uses for the control connection.\n\nSince curl 7.74.0 this option is enabled by default.\n\nThis option has no effect if PORT, EPRT or EPSV is used instead of PASV.\n\nExample:\ncurl --ftp-skip-pasv-ip ftp://example.com/\n\nSee also --ftp-pasv.\n\n#### --ftp-ssl-ccc-mode <active/passive>\n\n(FTP) Sets the CCC mode. The passive mode will not initiate the shutdown, but  instead\nwait  for the server to do it, and will not reply to the shutdown from the server. The\nactive mode initiates the shutdown and waits for a reply from the server.\n\nExample:\ncurl --ftp-ssl-ccc-mode active --ftp-ssl-ccc ftps://example.com/\n\nSee also --ftp-ssl-ccc.\n\n#### --ftp-ssl-ccc\n\n(FTP) Use CCC (Clear Command Channel) Shuts down the SSL/TLS layer after  authenticat‐\ning.  The  rest  of the control channel communication will be unencrypted. This allows\nNAT routers to follow the FTP transaction. The default mode is passive.\n\nExample:\ncurl --ftp-ssl-ccc ftps://example.com/\n\nSee also --ssl and --ftp-ssl-ccc-mode.\n\n#### --ftp-ssl-control\n\n(FTP) Require SSL/TLS for the FTP login, clear for transfer.  Allows secure  authenti‐\ncation,  but  non-encrypted  data transfers for efficiency.  Fails the transfer if the\nserver does not support SSL/TLS.\n\nExample:\ncurl --ftp-ssl-control ftp://example.com\n\nSee also --ssl.\n\n#### -G, --get\n\nWhen used, this option will make all data specified with -d, --data, --data-binary  or\n--data-urlencode  to  be  used in an HTTP GET request instead of the POST request that\notherwise would be used. The data will be appended to the URL with a '?' separator.\n\nIf used in combination with -I, --head, the POST data will instead be appended to  the\nURL with a HEAD request.\n\nIf  this option is used several times, only the first one is used. This is because un‐\ndoing a GET does not make sense, but you should then instead enforce  the  alternative\nmethod you prefer.\n\nExamples:\ncurl --get https://example.com\ncurl --get -d \"tool=curl\" -d \"age=old\" https://example.com\ncurl --get -I -d \"tool=curl\" https://example.com\n\nSee also -d, --data and -X, --request.\n\n#### -g, --globoff\n\nThis  option switches off the \"URL globbing parser\". When you set this option, you can\nspecify URLs that contain the letters {}[] without having curl itself interpret  them.\nNote  that  these letters are not normal legal URL contents but they should be encoded\naccording to the URI standard.\n\nExample:\ncurl -g \"https://example.com/{[]}}}}\"\n\nSee also -K, --config and -q, --disable.\n\n#### --happy-eyeballs-timeout-ms <milliseconds>\n\nHappy Eyeballs is an algorithm that attempts to connect to  both  IPv4  and  IPv6  ad‐\ndresses for dual-stack hosts, giving IPv6 a head-start of the specified number of mil‐\nliseconds. If the IPv6 address cannot be connected to within that time, then a connec‐\ntion  attempt  is made to the IPv4 address in parallel. The first connection to be es‐\ntablished is the one that is used.\n\nThe range of suggested useful values is limited. Happy Eyeballs RFC 6555 says  \"It  is\nRECOMMENDED  that  connection attempts be paced 150-250 ms apart to balance human fac‐\ntors against network load.\" libcurl currently defaults to 200 ms. Firefox  and  Chrome\ncurrently default to 300 ms.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --happy-eyeballs-timeout-ms 500 https://example.com\n\nSee also -m, --max-time and --connect-timeout. Added in 7.59.0.\n\n#### --haproxy-protocol\n\n(HTTP)  Send  a  HAProxy  PROXY protocol v1 header at the beginning of the connection.\nThis is used by some load balancers and reverse proxies to indicate the client's  true\nIP address and port.\n\nThis  option  is primarily useful when sending test requests to a service that expects\nthis header.\n\nExample:\ncurl --haproxy-protocol https://example.com\n\nSee also -x, --proxy. Added in 7.60.0.\n\n#### -I, --head\n\n(HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the  command  HEAD  which\nthis  uses  to  get  nothing but the header of a document. When used on an FTP or FILE\nfile, curl displays the file size and last modification time only.\n\nExample:\ncurl -I https://example.com\n\nSee also -G, --get, -v, --verbose and --trace-ascii.\n\n#### -H, --header <header/@file>\n\n(HTTP) Extra header to include in the request when sending HTTP to a server.  You  may\nspecify  any number of extra headers. Note that if you should add a custom header that\nhas the same name as one of the internal ones curl  would  use,  your  externally  set\nheader will be used instead of the internal one. This allows you to make even trickier\nstuff than curl would normally do. You should not replace internally set headers with‐\nout  knowing  perfectly well what you are doing. Remove an internal header by giving a\nreplacement without content on the right side of the colon, as in: -H \"Host:\". If  you\nsend  the  custom header with no-value then its header must be terminated with a semi‐\ncolon, such as -H \"X-Custom-Header;\" to send \"X-Custom-Header:\".\n\ncurl will make sure that each header you add/replace is sent with the  proper  end-of-\nline  marker, you should thus not add that as a part of the header content: do not add\nnewlines or carriage returns, they will only mess things up for you.\n\nThis option can take an argument in @filename style, which then adds a header for each\nline in the input file. Using @- will make curl read the header file from stdin. Added\nin 7.55.0.\n\nYou need --proxy-header to send custom headers intended for a  HTTP  proxy.  Added  in\n7.37.0.\n\nPassing  on a \"Transfer-Encoding: chunked\" header when doing a HTTP request with a re‐\nquest body, will make curl send the data using chunked encoding.\n\nWARNING: headers set with this option will be set in all requests - even  after  redi‐\nrects  are  followed,  like when told with -L, --location. This can lead to the header\nbeing sent to other hosts than the original host, so sensitive headers should be  used\nwith caution combined with following redirects.\n\nThis option can be used multiple times to add/replace/remove multiple headers.\n\nExamples:\ncurl -H \"X-First-Name: Joe\" https://example.com\ncurl -H \"User-Agent: yes-please/2000\" https://example.com\ncurl -H \"Host:\" https://example.com\n\nSee also -A, --user-agent and -e, --referer.\n\n#### -h, --help <category>\n\nUsage  help.  This lists all commands of the <category>.  If no arg was provided, curl\nwill display the most important command line arguments.  If  the  argument  \"all\"  was\nprovided,  curl  will  display  all options available.  If the argument \"category\" was\nprovided, curl will display all categories and their meanings.\n\nExample:\ncurl --help all\n\nSee also -v, --verbose.\n\n#### --hostpubmd5 <md5>\n\n(SFTP SCP) Pass a string containing 32 hexadecimal digits. The string  should  be  the\n128  bit MD5 checksum of the remote host's public key, curl will refuse the connection\nwith the host unless the md5sums match.\n\nExample:\ncurl --hostpubmd5 e5c1c49020640a5ab0f2034854c321a8 sftp://example.com/\n\nSee also --hostpubsha256.\n\n#### --hostpubsha256 <sha256>\n\n(SFTP SCP) Pass a string containing a Base64-encoded SHA256 hash of the remote  host's\npublic key. Curl will refuse the connection with the host unless the hashes match.\n\nExample:\ncurl --hostpubsha256 NDVkMTQxMGQ1ODdmMjQ3MjczYjAyOTY5MmRkMjVmNDQ= sftp://example.com/\n\nSee also --hostpubmd5. Added in 7.80.0.\n\n#### --hsts <file name>\n\n(HTTPS)  This  option enables HSTS for the transfer. If the file name points to an ex‐\nisting HSTS cache file, that will be used. After a completed transfer, the cache  will\nbe saved to the file name again if it has been modified.\n\nSpecify a \"\" file name (zero length) to avoid loading/saving and make curl just handle\nHSTS in memory.\n\nIf this option is used several times, curl will load contents from all the  files  but\nthe last one will be used for saving.\n\nExample:\ncurl --hsts cache.txt https://example.com\n\nSee also --proto. Added in 7.74.0.\n\n--http0.9\n(HTTP) Tells curl to be fine with HTTP version 0.9 response.\n\nHTTP/0.9  is  a completely headerless response and therefore you can also connect with\nthis to non-HTTP servers and still get a response since curl will simply transparently\ndowngrade - if allowed.\n\nSince curl 7.66.0, HTTP/0.9 is disabled by default.\n\nExample:\ncurl --http0.9 https://example.com\n\nSee also --http1.1, --http2 and --http3. Added in 7.64.0.\n\n-0, --http1.0\n(HTTP)  Tells  curl  to use HTTP version 1.0 instead of using its internally preferred\nHTTP version.\n\nExample:\ncurl --http1.0 https://example.com\n\nSee also --http0.9 and --http1.1. This option overrides --http1.1 and --http2.\n\n--http1.1\n(HTTP) Tells curl to use HTTP version 1.1.\n\nExample:\ncurl --http1.1 https://example.com\n\nSee also --http1.1 and --http0.9. This option overrides  -0,  --http1.0  and  --http2.\nAdded in 7.33.0.\n\n#### --http2-prior-knowledge\n\n(HTTP) Tells curl to issue its non-TLS HTTP requests using HTTP/2 without HTTP/1.1 Up‐\ngrade. It requires prior knowledge that the  server  supports  HTTP/2  straight  away.\nHTTPS  requests will still do HTTP/2 the standard way with negotiated protocol version\nin the TLS handshake.\n\nExample:\ncurl --http2-prior-knowledge https://example.com\n\nSee also --http2 and --http3. --http2-prior-knowledge  requires  that  the  underlying\nlibcurl was built to support HTTP/2. This option overrides --http1.1 and -0, --http1.0\nand --http2. Added in 7.49.0.\n\n#### --http2\n\n(HTTP) Tells curl to use HTTP version 2.\n\nFor HTTPS, this means curl will attempt to negotiate HTTP/2 in the TLS handshake. curl\ndoes this by default.\n\nFor  HTTP, this means curl will attempt to upgrade the request to HTTP/2 using the Up‐\ngrade: request header.\n\nExample:\ncurl --http2 https://example.com\n\nSee also --http1.1 and --http3. --http2 requires that the underlying libcurl was built\nto   support   HTTP/2.   This   option  overrides  --http1.1  and  -0,  --http1.0  and\n--http2-prior-knowledge. Added in 7.33.0.\n\n#### --http3\n\n(HTTP) WARNING: this option is experimental. Do not use in production.\n\nTells curl to use HTTP version 3 directly to the host and port number used in the URL.\nA  normal  HTTP/3  transaction will be done to a host and then get redirected via Alt-\nSvc, but this option allows a user to circumvent that when you know  that  the  target\nspeaks HTTP/3 on the given host and port.\n\nThis  option will make curl fail if a QUIC connection cannot be established, it cannot\nfall back to a lower HTTP version on its own.\n\nExample:\ncurl --http3 https://example.com\n\nSee also --http1.1 and --http2. --http3 requires that the underlying libcurl was built\nto  support  HTTP/3. This option overrides --http1.1 and -0, --http1.0 and --http2 and\n--http2-prior-knowledge. Added in 7.66.0.\n\n#### --ignore-content-length\n\n(FTP HTTP) For HTTP, Ignore the Content-Length header. This is particularly useful for\nservers  running  Apache  1.x,  which  will  report incorrect Content-Length for files\nlarger than 2 gigabytes.\n\nFor FTP (since 7.46.0), skip the RETR command to figure out the size before  download‐\ning a file.\n\nThis option does not work for HTTP if libcurl was built to use hyper.\n\nExample:\ncurl --ignore-content-length https://example.com\n\nSee also --ftp-skip-pasv-ip.\n\n#### -i, --include\n\nInclude the HTTP response headers in the output. The HTTP response headers can include\nthings like server name, cookies, date of the document, HTTP version and more...\n\nTo view the request headers, consider the -v, --verbose option.\n\nExample:\ncurl -i https://example.com\n\nSee also -v, --verbose.\n\n#### -k, --insecure\n\n(TLS SFTP SCP) By default, every secure connection curl makes is verified to be secure\nbefore the transfer takes place. This option makes curl skip the verification step and\nproceed without checking.\n\nWhen this option is not used for protocols using TLS, curl verifies the  server's  TLS\ncertificate  before  it  continues: that the certificate contains the right name which\nmatches the host name used in the URL and that the certificate has been signed by a CA\ncertificate present in the cert store.  See this online resource for further details:\nhttps://curl.se/docs/sslcerts.html\n\nFor  SFTP  and  SCP,  this  option  makes  curl  skip  the  knownhosts  verification.\nknownhosts is a file normally stored in the user's home directory in the .ssh  subdi‐\nrectory, which contains host names and their public keys.\n\nWARNING: using this option makes the transfer insecure.\n\nExample:\ncurl --insecure https://example.com\n\nSee also --proxy-insecure, --cacert and --capath.\n\n#### --interface <name>\n\nPerform an operation using a specified interface. You can enter interface name, IP ad‐\ndress or host name. An example could look like:\n\ncurl --interface eth0:1 https://www.example.com/\n\nIf this option is used several times, the last one will be used.\n\nOn Linux it can be used to specify  a  VRF,  but  the  binary  needs  to  either  have\nCAPNETRAW  or  to be run as root. More information about Linux VRF: https://www.ker‐\nnel.org/doc/Documentation/networking/vrf.txt\n\nExample:\ncurl --interface eth0 https://example.com\n\nSee also --dns-interface.\n\n-4, --ipv4\nThis option tells curl to resolve names to IPv4 addresses only, and  not  for  example\ntry IPv6.\n\nExample:\ncurl --ipv4 https://example.com\n\nSee also --http1.1 and --http2. This option overrides -6, --ipv6.\n\n-6, --ipv6\nThis  option  tells  curl to resolve names to IPv6 addresses only, and not for example\ntry IPv4.\n\nExample:\ncurl --ipv6 https://example.com\n\nSee also --http1.1 and --http2. This option overrides -4, --ipv4.\n\n#### -j, --junk-session-cookies\n\n(HTTP) When curl is told to read cookies from a given file, this option will  make  it\ndiscard  all  \"session  cookies\". This will basically have the same effect as if a new\nsession is started. Typical browsers always discard  session  cookies  when  they  are\nclosed down.\n\nExample:\ncurl --junk-session-cookies -b cookies.txt https://example.com\n\nSee also -b, --cookie and -c, --cookie-jar.\n\n#### --keepalive-time <seconds>\n\nThis  option  sets the time a connection needs to remain idle before sending keepalive\nprobes and the time between individual keepalive probes. It is currently effective  on\noperating  systems offering the TCPKEEPIDLE and TCPKEEPINTVL socket options (meaning\nLinux, recent AIX, HP-UX and more). This option has no  effect  if  --no-keepalive  is\nused.\n\nIf  this  option is used several times, the last one will be used. If unspecified, the\noption defaults to 60 seconds.\n\nExample:\ncurl --keepalive-time 20 https://example.com\n\nSee also --no-keepalive and -m, --max-time.\n\n#### --key-type <type>\n\n(TLS) Private key file type. Specify which type your --key provided  private  key  is.\nDER, PEM, and ENG are supported. If not specified, PEM is assumed.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --key-type DER --key here https://example.com\n\nSee also --key.\n\n#### --key <key>\n\n(TLS  SSH) Private key file name. Allows you to provide your private key in this sepa‐\nrate file. For SSH, if not specified, curl tries the following  candidates  in  order:\n'~/.ssh/idrsa', '~/.ssh/iddsa', './idrsa', './iddsa'.\n\nIf  curl  is built against OpenSSL library, and the engine pkcs11 is available, then a\nPKCS#11 URI (RFC 7512) can be used to specify a private key located in a  PKCS#11  de‐\nvice.  A  string  beginning  with \"pkcs11:\" will be interpreted as a PKCS#11 URI. If a\nPKCS#11 URI is provided, then the --engine option will be set as \"pkcs11\" if none  was\nprovided and the --key-type option will be set as \"ENG\" if none was provided.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --cert certificate --key here https://example.com\n\nSee also --key-type and -E, --cert.\n\n#### --krb <level>\n\n(FTP)  Enable Kerberos authentication and use. The level must be entered and should be\none of 'clear', 'safe', 'confidential', or 'private'. Should you use a level  that  is\nnot one of these, 'private' will instead be used.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --krb clear ftp://example.com/\n\nSee  also --delegation and --ssl. --krb requires that the underlying libcurl was built\nto support Kerberos.\n\n#### --libcurl <file>\n\nAppend this option to any ordinary curl command line, and you will get libcurl-using C\nsource code written to the file that does the equivalent of what your command-line op‐\neration does!\n\nThis option is global and does not need to be specified for each use of -:, --next.\n\nIf this option is used several times, the last given file name will be used.\n\nExample:\ncurl --libcurl client.c https://example.com\n\nSee also -v, --verbose.\n\n#### --limit-rate <speed>\n\nSpecify the maximum transfer rate you want curl to use - for both  downloads  and  up‐\nloads.  This  feature  is  useful  if  you have a limited pipe and you would like your\ntransfer not to use your entire bandwidth. To make it slower than it  otherwise  would\nbe.\n\nThe  given  speed is measured in bytes/second, unless a suffix is appended.  Appending\n'k' or 'K' will count the number as kilobytes, 'm' or 'M' makes  it  megabytes,  while\n'g'  or 'G' makes it gigabytes. The suffixes (k, M, G, T, P) are 1024 based. For exam‐\nple 1k is 1024. Examples: 200K, 3m and 1G.\n\nThe rate limiting logic works on averaging the transfer speed to no more than the  set\nthreshold over a period of multiple seconds.\n\nIf  you  also  use  the -Y, --speed-limit option, that option will take precedence and\nmight cripple the rate-limiting slightly, to help keeping the speed-limit logic  work‐\ning.\n\nIf this option is used several times, the last one will be used.\n\nExamples:\ncurl --limit-rate 100K https://example.com\ncurl --limit-rate 1000 https://example.com\ncurl --limit-rate 10M https://example.com\n\nSee also -Y, --speed-limit and -y, --speed-time.\n\n#### -l, --list-only\n\n(FTP  POP3)  (FTP) When listing an FTP directory, this switch forces a name-only view.\nThis is especially useful if the user wants to machine-parse the contents  of  an  FTP\ndirectory since the normal directory view does not use a standard look or format. When\nused like this, the option causes an NLST command to be sent to the server instead  of\nLIST.\n\nNote:  Some FTP servers list only files in their response to NLST; they do not include\nsub-directories and symbolic links.\n\n(POP3) When retrieving a specific email from POP3, this switch forces a  LIST  command\nto  be performed instead of RETR. This is particularly useful if the user wants to see\nif a specific message-id exists on the server and what size it is.\n\nNote: When combined with -X, --request, this option can be used to send a UIDL command\ninstead,  so the user may use the email's unique identifier rather than its message-id\nto make the request.\n\nExample:\ncurl --list-only ftp://example.com/dir/\n\nSee also -Q, --quote and -X, --request.\n\n#### --local-port <num/range>\n\nSet a preferred single number or range (FROM-TO) of local port numbers to use for  the\nconnection(s).   Note  that  port numbers by nature are a scarce resource that will be\nbusy at times so setting this range to something too narrow  might  cause  unnecessary\nconnection setup failures.\n\nExample:\ncurl --local-port 1000-3000 https://example.com\n\nSee also -g, --globoff.\n\n#### --location-trusted\n\n(HTTP)  Like  -L,  --location, but will allow sending the name + password to all hosts\nthat the site may redirect to. This may or may not introduce a security breach if  the\nsite redirects you to a site to which you will send your authentication info (which is\nplaintext in the case of HTTP Basic authentication).\n\nExample:\ncurl --location-trusted -u user:password https://example.com\n\nSee also -u, --user.\n\n#### -L, --location\n\n(HTTP) If the server reports that the requested page has moved to a different location\n(indicated  with  a  Location:  header and a 3XX response code), this option will make\ncurl redo the request on the new place. If used together with  -i,  --include  or  -I,\n--head,  headers  from all requested pages will be shown. When authentication is used,\ncurl only sends its credentials to the initial host. If a redirect  takes  curl  to  a\ndifferent  host,  it will not be able to intercept the user+password. See also --loca‐\ntion-trusted on how to change this. You can limit the amount of redirects to follow by\nusing the --max-redirs option.\n\nWhen  curl follows a redirect and if the request is a POST, it will send the following\nrequest with a GET if the HTTP response was 301, 302, or 303. If the response code was\nany  other 3xx code, curl will re-send the following request using the same unmodified\nmethod.\n\nYou can tell curl to not change POST requests to GET after a 30x response by using the\ndedicated options for that: --post301, --post302 and --post303.\n\nThe  method set with -X, --request overrides the method curl would otherwise select to\nuse.\n\nExample:\ncurl -L https://example.com\n\nSee also --resolve and --alt-svc.\n\n#### --login-options <options>\n\n(IMAP POP3 SMTP) Specify the login options to use during server authentication.\n\nYou can use login options to specify protocol specific options that may be used during\nauthentication.  At  present  only IMAP, POP3 and SMTP support login options. For more\ninformation about login options please see RFC 2384, RFC 5092 and  IETF  draft  draft-\nearhart-url-smtp-00.txt\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --login-options 'AUTH=*' imap://example.com\n\nSee also -u, --user. Added in 7.34.0.\n\n#### --mail-auth <address>\n\n(SMTP)  Specify  a single address. This will be used to specify the authentication ad‐\ndress (identity) of a submitted message that is being relayed to another server.\n\nExample:\ncurl --mail-auth user@example.come -T mail smtp://example.com/\n\nSee also --mail-rcpt and --mail-from.\n\n#### --mail-from <address>\n\n(SMTP) Specify a single address that the given mail should get sent from.\n\nExample:\ncurl --mail-from user@example.com -T mail smtp://example.com/\n\nSee also --mail-rcpt and --mail-auth.\n\n#### --mail-rcpt-allowfails\n\n(SMTP) When sending data to multiple recipients, by default curl will abort SMTP  con‐\nversation if at least one of the recipients causes RCPT TO command to return an error.\n\nThe default behavior can be changed by passing --mail-rcpt-allowfails command-line op‐\ntion which will make curl ignore errors and proceed with the remaining  valid  recipi‐\nents.\n\nIf all recipients trigger RCPT TO failures and this flag is specified, curl will still\nabort the SMTP conversation and return the error received from to  the  last  RCPT  TO\ncommand.\n\nExample:\ncurl --mail-rcpt-allowfails --mail-rcpt dest@example.com smtp://example.com\n\nSee also --mail-rcpt. Added in 7.69.0.\n\n#### --mail-rcpt <address>\n\n(SMTP) Specify a single email address, user name or mailing list name. Repeat this op‐\ntion several times to send to multiple recipients.\n\nWhen performing an address verification (VRFY command), the recipient should be speci‐\nfied  as the user name or user name and domain (as per Section 3.5 of RFC5321). (Added\nin 7.34.0)\n\nWhen performing a mailing list expand (EXPN command), the recipient should  be  speci‐\nfied  using  the  mailing  list name, such as \"Friends\" or \"London-Office\".  (Added in\n7.34.0)\n\nExample:\ncurl --mail-rcpt user@example.net smtp://example.com\n\nSee also --mail-rcpt-allowfails.\n\n#### -M, --manual\n\nManual. Display the huge help text.\n\nExample:\ncurl --manual\n\nSee also -v, --verbose, --libcurl and --trace.\n\n#### --max-filesize <bytes>\n\n(FTP HTTP MQTT) Specify the maximum size (in bytes) of a file to download. If the file\nrequested  is larger than this value, the transfer will not start and curl will return\nwith exit code 63.\n\nA size modifier may be used. For example, Appending 'k' or 'K' will count  the  number\nas  kilobytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it gigabytes. Ex‐\namples: 200K, 3m and 1G. (Added in 7.58.0)\n\nNOTE: The file size is not always known prior to download, and for such files this op‐\ntion  has  no  effect  even  if the file transfer ends up being larger than this given\nlimit.  Example:\ncurl --max-filesize 100K https://example.com\n\nSee also --limit-rate.\n\n#### --max-redirs <num>\n\n(HTTP) Set maximum number of redirections to follow. When -L, --location is  used,  to\nprevent  curl  from  following  too many redirects, by default, the limit is set to 50\nredirects. Set this option to -1 to make it unlimited.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --max-redirs 3 --location https://example.com\n\nSee also -L, --location.\n\n#### -m, --max-time <fractional seconds>\n\nMaximum time in seconds that you allow the whole operation to take.   This  is  useful\nfor  preventing  your  batch jobs from hanging for hours due to slow networks or links\ngoing down.  Since 7.32.0, this option accepts decimal values, but the actual  timeout\nwill decrease in accuracy as the specified timeout increases in decimal precision.\n\nIf this option is used several times, the last one will be used.\n\nExamples:\ncurl --max-time 10 https://example.com\ncurl --max-time 2.92 https://example.com\n\nSee also --connect-timeout.\n\n#### --metalink\n\nThis  option  was previously used to specify a metalink resource. Metalink support has\nbeen disabled in curl since 7.78.0 for security reasons.\n\nExample:\ncurl --metalink file https://example.com\n\nSee also -Z, --parallel.\n\n#### --negotiate\n\n(HTTP) Enables Negotiate (SPNEGO) authentication.\n\nThis option requires a library built with GSS-API or SSPI support. Use  -V,  --version\nto see if your curl supports GSS-API/SSPI or SPNEGO.\n\nWhen using this option, you must also provide a fake -u, --user option to activate the\nauthentication code properly. Sending a '-u :' is enough as the user name and password\nfrom the -u, --user option are not actually used.\n\nIf this option is used several times, only the first one is used.\n\nExample:\ncurl --negotiate -u : https://example.com\n\nSee also --basic, --ntlm, --anyauth and --proxy-negotiate.\n\n#### --netrc-file <filename>\n\nThis  option  is similar to -n, --netrc, except that you provide the path (absolute or\nrelative) to the netrc file that curl should use. You can only specify one netrc  file\nper  invocation.  If  several  --netrc-file options are provided, the last one will be\nused.\n\nIt will abide by --netrc-optional if specified.\n\nExample:\ncurl --netrc-file netrc https://example.com\n\nSee also -n, --netrc, -u, --user and -K, --config. This option overrides -n, --netrc.\n\n#### --netrc-optional\n\nSimilar to -n, --netrc, but this option makes the .netrc usage optional and not manda‐\ntory as the -n, --netrc option does.\n\nExample:\ncurl --netrc-optional https://example.com\n\nSee also --netrc-file. This option overrides -n, --netrc.\n\n#### -n, --netrc\n\nMakes  curl  scan the .netrc (netrc on Windows) file in the user's home directory for\nlogin name and password. This is typically used for FTP on Unix. If  used  with  HTTP,\ncurl  will enable user authentication. See netrc(5) and ftp(1) for details on the file\nformat. Curl will not complain if that file does not have the  right  permissions  (it\nshould  be neither world- nor group-readable). The environment variable \"HOME\" is used\nto find the home directory.\n\nA quick and simple example of how to setup a .netrc to allow curl to FTP  to  the  ma‐\nchine host.domain.com with user name 'myself' and password 'secret' could look similar\nto:\n\nmachine host.domain.com\nlogin myself\npassword secret\"\n\nExample:\ncurl --netrc https://example.com\n\nSee also --netrc-file, -K, --config and -u, --user.\n\n-:, --next\nTells curl to use a separate operation for the following URL and  associated  options.\nThis  allows  you  to send several URL requests, each with their own specific options,\nfor example, such as different user names or custom requests for each.\n\n-:, --next will reset all local options and only global ones will  have  their  values\nsurvive over to the operation following the -:, --next instruction. Global options in‐\nclude -v, --verbose, --trace, --trace-ascii and --fail-early.\n\nFor example, you can do both a GET and a POST in a single command line:\n\ncurl www1.example.com --next -d postthis www2.example.com\n\nExamples:\ncurl https://example.com --next -d postthis www2.example.com\ncurl -I https://example.com --next https://example.net/\n\nSee also -Z, --parallel and -K, --config. Added in 7.36.0.\n\n#### --no-alpn\n\n(HTTPS) Disable the ALPN TLS extension. ALPN is enabled  by  default  if  libcurl  was\nbuilt  with an SSL library that supports ALPN. ALPN is used by a libcurl that supports\nHTTP/2 to negotiate HTTP/2 support with the server during https sessions.\n\nExample:\ncurl --no-alpn https://example.com\n\nSee also --no-npn and --http2. --no-alpn requires  that  the  underlying  libcurl  was\nbuilt to support TLS. Added in 7.36.0.\n\n#### -N, --no-buffer\n\nDisables  the buffering of the output stream. In normal work situations, curl will use\na standard buffered output stream that will have the effect that it  will  output  the\ndata in chunks, not necessarily exactly when the data arrives.  Using this option will\ndisable that buffering.\n\nNote that this is the negated option name documented. You can thus use --buffer to en‐\nforce the buffering.\n\nExample:\ncurl --no-buffer https://example.com\n\nSee also -#, --progress-bar.\n\n#### --no-keepalive\n\nDisables  the  use of keepalive messages on the TCP connection. curl otherwise enables\nthem by default.\n\nNote that this is the negated option name documented. You can thus use --keepalive  to\nenforce keepalive.\n\nExample:\ncurl --no-keepalive https://example.com\n\nSee also --keepalive-time.\n\n#### --no-npn\n\n(HTTPS)  Disable the NPN TLS extension. NPN is enabled by default if libcurl was built\nwith an SSL library that supports NPN. NPN is used by a libcurl that  supports  HTTP/2\nto negotiate HTTP/2 support with the server during https sessions.\n\nExample:\ncurl --no-npn https://example.com\n\nSee  also  --no-alpn  and  --http2.  --no-npn requires that the underlying libcurl was\nbuilt to support TLS. Added in 7.36.0.\n\n#### --no-progress-meter\n\nOption to switch off the progress meter output without muting or  otherwise  affecting\nwarning and informational messages like -s, --silent does.\n\nNote  that this is the negated option name documented. You can thus use --progress-me‐\nter to enable the progress meter again.\n\nExample:\ncurl --no-progress-meter -o store https://example.com\n\nSee also -v, --verbose and -s, --silent. Added in 7.67.0.\n\n#### --no-sessionid\n\n(TLS) Disable curl's use of SSL session-ID caching. By default all transfers are  done\nusing  the  cache. Note that while nothing should ever get hurt by attempting to reuse\nSSL session-IDs, there seem to be broken SSL implementations in the wild that may  re‐\nquire you to disable this in order for you to succeed.\n\nNote  that this is the negated option name documented. You can thus use --sessionid to\nenforce session-ID caching.\n\nExample:\ncurl --no-sessionid https://example.com\n\nSee also -k, --insecure.\n\n#### --noproxy <no-proxy-list>\n\nComma-separated list of hosts for which not to use a proxy, if one is  specified.  The\nonly  wildcard  is a single * character, which matches all hosts, and effectively dis‐\nables the proxy. Each name in this list is matched as either a domain  which  contains\nthe  hostname,  or  the hostname itself. For example, local.com would match local.com,\nlocal.com:80, and www.local.com, but not www.notlocal.com.\n\nSince 7.53.0, This option overrides the environment variables that disable  the  proxy\n('noproxy' and 'NOPROXY'). If there's an environment variable disabling a proxy, you\ncan set the noproxy list to \"\" to override it.\n\nExample:\ncurl --noproxy \"www.example\" https://example.com\n\nSee also -x, --proxy.\n\n#### --ntlm-wb\n\n(HTTP) Enables NTLM much in the style --ntlm does, but hand over the authentication to\nthe separate binary ntlmauth application that is executed when needed.\n\nExample:\ncurl --ntlm-wb -u user:password https://example.com\n\nSee also --ntlm and --proxy-ntlm.\n\n--ntlm (HTTP) Enables NTLM authentication. The NTLM authentication method was designed by Mi‐\ncrosoft and is used by IIS web servers. It is a  proprietary  protocol,  reverse-engi‐\nneered  by  clever people and implemented in curl based on their efforts. This kind of\nbehavior should not be endorsed, you should encourage everyone who uses NTLM to switch\nto a public and documented authentication method instead, such as Digest.\n\nIf you want to enable NTLM for your proxy authentication, then use --proxy-ntlm.\n\nIf this option is used several times, only the first one is used.\n\nExample:\ncurl --ntlm -u user:password https://example.com\n\nSee  also  --proxy-ntlm. --ntlm requires that the underlying libcurl was built to sup‐\nport TLS. This option overrides --basic and --negotiate and --digest and --anyauth.\n\n#### --oauth2-bearer <token>\n\n(IMAP POP3 SMTP HTTP) Specify the Bearer Token for OAUTH  2.0  server  authentication.\nThe  Bearer  Token is used in conjunction with the user name which can be specified as\npart of the --url or -u, --user options.\n\nThe Bearer Token and user name are formatted according to RFC 6750.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --oauth2-bearer \"mF9.B5f-4.1JqM\" https://example.com\n\nSee also --basic, --ntlm and --digest. Added in 7.33.0.\n\n#### --output-dir <dir>\n\nThis option specifies the directory in which files should be stored,  when  -O,  --re‐\nmote-name or -o, --output are used.\n\nThe  given  output  directory  is  used for all URLs and output options on the command\nline, up until the first -:, --next.\n\nIf the specified target directory does not  exist,  the  operation  will  fail  unless\n--create-dirs is also used.\n\nIf this option is used multiple times, the last specified directory will be used.\n\nExample:\ncurl --output-dir \"tmp\" -O https://example.com\n\nSee also -O, --remote-name and -J, --remote-header-name. Added in 7.73.0.\n\n#### -o, --output <file>\n\nWrite  output to <file> instead of stdout. If you are using {} or [] to fetch multiple\ndocuments, you should quote the URL and you can use '#' followed by a  number  in  the\n<file>  specifier.  That variable will be replaced with the current string for the URL\nbeing fetched. Like in:\n\ncurl \"http://{one,two}.example.com\" -o \"file#1.txt\"\n\nor use several variables like:\n\ncurl \"http://{site,host}.host[1-5].com\" -o \"#1#2\"\n\nYou may use this option as many times as the number of URLs you have. For example,  if\nyou specify two URLs on the same command line, you can use it like this:\n\ncurl -o aa example.com -o bb example.net\n\nand  the  order of the -o options and the URLs does not matter, just that the first -o\nis for the first URL and so on, so the above command line can also be written as\n\ncurl example.com example.net -o aa -o bb\n\nSee also the --create-dirs option to create the local directories dynamically.  Speci‐\nfying the output as '-' (a single dash) will force the output to be done to stdout.\n\nTo suppress response bodies, you can redirect output to /dev/null:\n\ncurl example.com -o /dev/null\n\nOr for Windows use nul:\n\ncurl example.com -o nul\n\nExamples:\ncurl -o file https://example.com\ncurl \"http://{one,two}.example.com\" -o \"file#1.txt\"\ncurl \"http://{site,host}.host[1-5].com\" -o \"#1#2\"\ncurl -o file https://example.com -o file2 https://example.net\n\nSee also -O, --remote-name, --remote-name-all and -J, --remote-header-name.\n\n#### --parallel-immediate\n\nWhen  doing  parallel  transfers, this option will instruct curl that it should rather\nprefer opening up more connections in parallel at once rather than waiting to  see  if\nnew transfers can be added as multiplexed streams on another connection.\n\nThis option is global and does not need to be specified for each use of -:, --next.\n\nExample:\ncurl --parallel-immediate -Z https://example.com -o file1 https://example.com -o file2\n\nSee also -Z, --parallel and --parallel-max. Added in 7.68.0.\n\n#### --parallel-max <num>\n\nWhen  asked  to  do parallel transfers, using -Z, --parallel, this option controls the\nmaximum amount of transfers to do simultaneously.\n\nThis option is global and does not need to be specified for each use of -:, --next.\n\nThe default is 50.\n\nExample:\ncurl --parallel-max 100 -Z https://example.com ftp://example.com/\n\nSee also -Z, --parallel. Added in 7.66.0.\n\n#### -Z, --parallel\n\nMakes curl perform its transfers in parallel as compared to the regular serial manner.\n\nThis option is global and does not need to be specified for each use of -:, --next.\n\nExample:\ncurl --parallel https://example.com -o file1 https://example.com -o file2\n\nSee also -:, --next and -v, --verbose. Added in 7.66.0.\n\n#### --pass <phrase>\n\n(SSH TLS) Passphrase for the private key.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --pass secret --key file https://example.com\n\nSee also --key and -u, --user.\n\n#### --path-as-is\n\nTell curl to not handle sequences of /../ or /./ in the given URL path. Normally  curl\nwill  squash or merge them according to standards but with this option set you tell it\nnot to do that.\n\nExample:\ncurl --path-as-is https://example.com/../../etc/passwd\n\nSee also --request-target. Added in 7.42.0.\n\n#### --pinnedpubkey <hashes>\n\n(TLS) Tells curl to use the specified public key file (or hashes) to verify the  peer.\nThis  can be a path to a file which contains a single public key in PEM or DER format,\nor any number of base64 encoded sha256 hashes preceded by 'sha256//' and separated  by\n';'.\n\nWhen  negotiating  a  TLS or SSL connection, the server sends a certificate indicating\nits identity. A public key is extracted from this certificate and if it does  not  ex‐\nactly match the public key provided to this option, curl will abort the connection be‐\nfore sending or receiving any data.\n\nPEM/DER support:\n\n7.39.0: OpenSSL, GnuTLS and GSKit\n\n7.43.0: NSS and wolfSSL\n\n7.47.0: mbedtls\n\nsha256 support:\n\n7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL\n\n7.47.0: mbedtls\n\nOther SSL backends not supported.\n\nIf this option is used several times, the last one will be used.\n\nExamples:\ncurl --pinnedpubkey keyfile https://example.com\ncurl --pinnedpubkey 'sha256//ce118b51897f4452dc' https://example.com\n\nSee also --hostpubsha256. Added in 7.39.0.\n\n#### --post301\n\n(HTTP) Tells curl to respect RFC 7231/6.4.2 and not convert POST requests into GET re‐\nquests  when  following  a  301 redirection. The non-RFC behavior is ubiquitous in web\nbrowsers, so curl does the conversion by default to maintain consistency.  However,  a\nserver  may  require  a POST to remain a POST after such a redirection. This option is\nmeaningful only when using -L, --location.\n\nExample:\ncurl --post301 --location -d \"data\" https://example.com\n\nSee also --post302, --post303 and -L, --location.\n\n#### --post302\n\n(HTTP) Tells curl to respect RFC 7231/6.4.3 and not convert POST requests into GET re‐\nquests  when  following  a  302 redirection. The non-RFC behavior is ubiquitous in web\nbrowsers, so curl does the conversion by default to maintain consistency.  However,  a\nserver  may  require  a POST to remain a POST after such a redirection. This option is\nmeaningful only when using -L, --location.\n\nExample:\ncurl --post302 --location -d \"data\" https://example.com\n\nSee also --post301, --post303 and -L, --location.\n\n#### --post303\n\n(HTTP) Tells curl to violate RFC 7231/6.4.4 and not convert POST requests into GET re‐\nquests  when  following 303 redirections. A server may require a POST to remain a POST\nafter a 303 redirection. This option is meaningful only when using -L, --location.\n\nExample:\ncurl --post303 --location -d \"data\" https://example.com\n\nSee also --post302, --post301 and -L, --location.\n\n--preproxy [protocol://]host[:port]\nUse the specified SOCKS proxy before connecting to an HTTP or HTTPS  -x,  --proxy.  In\nsuch  a  case curl first connects to the SOCKS proxy and then connects (through SOCKS)\nto the HTTP or HTTPS proxy. Hence pre proxy.\n\nThe pre proxy string should be specified with a protocol:// prefix to specify alterna‐\ntive  proxy  protocols.  Use socks4://, socks4a://, socks5:// or socks5h:// to request\nthe specific SOCKS version to be used. No protocol specified will make curl default to\nSOCKS4.\n\nIf the port number is not specified in the proxy string, it is assumed to be 1080.\n\nUser  and password that might be provided in the proxy string are URL decoded by curl.\nThis allows you to pass in special characters such as @ by using  %40  or  pass  in  a\ncolon with %3a.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --preproxy socks5://proxy.example -x http://http.example https://example.com\n\nSee also -x, --proxy and --socks5. Added in 7.52.0.\n\n-#, --progress-bar\nMake  curl display transfer progress as a simple progress bar instead of the standard,\nmore informational, meter.\n\nThis progress bar draws a single line of '#' characters across the screen and shows  a\npercentage  if  the  transfer size is known. For transfers without a known size, there\nwill be space ship (-=o=-) that moves back and forth but  only  while  data  is  being\ntransferred, with a set of flying hash sign symbols on top.\n\nThis option is global and does not need to be specified for each use of -:, --next.\n\nExample:\ncurl -# -O https://example.com\n\nSee also --styled-output.\n\n#### --proto-default <protocol>\n\nTells curl to use protocol for any URL missing a scheme name.\n\nAn unknown or unsupported protocol causes error CURLEUNSUPPORTEDPROTOCOL (1).\n\nThis option does not change the default proxy protocol (http).\n\nWithout  this  option set, curl guesses protocol based on the host name, see --url for\ndetails.\n\nExample:\ncurl --proto-default https ftp.example.com\n\nSee also --proto and --proto-redir. Added in 7.45.0.\n\n#### --proto-redir <protocols>\n\nTells curl to limit what protocols it may use on redirect. Protocols denied by --proto\nare not overridden by this option. See --proto for how protocols are represented.\n\nExample, allow only HTTP and HTTPS on redirect:\n\ncurl --proto-redir -all,http,https http://example.com\n\nBy  default curl will only allow HTTP, HTTPS, FTP and FTPS on redirect (since 7.65.2).\nSpecifying all or +all enables all protocols on redirects, which is not good for secu‐\nrity.\n\nExample:\ncurl --proto-redir =http,https https://example.com\n\nSee also --proto.\n\n#### --proto <protocols>\n\nTells  curl  to limit what protocols it may use for transfers. Protocols are evaluated\nleft to right, are comma separated, and are each a protocol name or 'all',  optionally\nprefixed by zero or more modifiers. Available modifiers are:\n\n+  Permit  this  protocol  in addition to protocols already permitted (this is the de‐\nfault if no modifier is used).\n\n-  Deny this protocol, removing it from the list of protocols already permitted.\n\n=  Permit only this protocol (ignoring the list already permitted), though subject  to\nlater modification by subsequent entries in the comma separated list.\n\nFor example:\n\n--proto -ftps  uses the default protocols, but disables ftps\n\n--proto -all,https,+http\nonly enables http and https\n\n--proto =http,https\nalso only enables http and https\n\nUnknown  protocols produce a warning. This allows scripts to safely rely on being able\nto disable potentially dangerous protocols, without relying upon support for that pro‐\ntocol being built into curl to avoid an error.\n\nThis  option  can be used multiple times, in which case the effect is the same as con‐\ncatenating the protocols into one instance of the option.\n\nExample:\ncurl --proto =http,https,sftp https://example.com\n\nSee also --proto-redir and --proto-default.\n\n#### --proxy-anyauth\n\nTells curl to pick a suitable authentication method when communicating with the  given\nHTTP proxy. This might cause an extra request/response round-trip.\n\nExample:\ncurl --proxy-anyauth --proxy-user user:passwd -x proxy https://example.com\n\nSee also -x, --proxy, --proxy-basic and --proxy-digest.\n\n#### --proxy-basic\n\nTells  curl  to use HTTP Basic authentication when communicating with the given proxy.\nUse --basic for enabling HTTP Basic with a remote host. Basic is the default authenti‐\ncation method curl uses with proxies.\n\nExample:\ncurl --proxy-basic --proxy-user user:passwd -x proxy https://example.com\n\nSee also -x, --proxy, --proxy-anyauth and --proxy-digest.\n\n#### --proxy-cacert <file>\n\nSame as --cacert but used in HTTPS proxy context.\n\nExample:\ncurl --proxy-cacert CA-file.txt -x https://proxy https://example.com\n\nSee also --proxy-capath, --cacert, --capath and -x, --proxy. Added in 7.52.0.\n\n#### --proxy-capath <dir>\n\nSame as --capath but used in HTTPS proxy context.\n\nExample:\ncurl --proxy-capath /local/directory -x https://proxy https://example.com\n\nSee also --proxy-cacert, -x, --proxy and --capath. Added in 7.52.0.\n\n#### --proxy-cert-type <type>\n\nSame as --cert-type but used in HTTPS proxy context.\n\nExample:\ncurl --proxy-cert-type PEM --proxy-cert file -x https://proxy https://example.com\n\nSee also --proxy-cert. Added in 7.52.0.\n\n--proxy-cert <cert[:passwd]>\nSame as -E, --cert but used in HTTPS proxy context.\n\nExample:\ncurl --proxy-cert file -x https://proxy https://example.com\n\nSee also --proxy-cert-type. Added in 7.52.0.\n\n#### --proxy-ciphers <list>\n\nSame as --ciphers but used in HTTPS proxy context.\n\nExample:\ncurl --proxy-ciphers ECDHE-ECDSA-AES256-CCM8 -x https://proxy https://example.com\n\nSee also --ciphers, --curves and -x, --proxy. Added in 7.52.0.\n\n#### --proxy-crlfile <file>\n\nSame as --crlfile but used in HTTPS proxy context.\n\nExample:\ncurl --proxy-crlfile rejects.txt -x https://proxy https://example.com\n\nSee also --crlfile and -x, --proxy. Added in 7.52.0.\n\n#### --proxy-digest\n\nTells  curl to use HTTP Digest authentication when communicating with the given proxy.\nUse --digest for enabling HTTP Digest with a remote host.\n\nExample:\ncurl --proxy-digest --proxy-user user:passwd -x proxy https://example.com\n\nSee also -x, --proxy, --proxy-anyauth and --proxy-basic.\n\n#### --proxy-header <header/@file>\n\n(HTTP) Extra header to include in the request when sending HTTP to a  proxy.  You  may\nspecify any number of extra headers. This is the equivalent option to -H, --header but\nis for proxy communication only like in CONNECT requests  when  you  want  a  separate\nheader sent to the proxy to what is sent to the actual remote host.\n\ncurl  will  make sure that each header you add/replace is sent with the proper end-of-\nline marker, you should thus not add that as a part of the header content: do not  add\nnewlines or carriage returns, they will only mess things up for you.\n\nHeaders  specified  with  this option will not be included in requests that curl knows\nwill not be sent to a proxy.\n\nStarting in 7.55.0, this option can take an argument in @filename  style,  which  then\nadds a header for each line in the input file. Using @- will make curl read the header\nfile from stdin.\n\nThis option can be used multiple times to add/replace/remove multiple headers.\n\nExamples:\ncurl --proxy-header \"X-First-Name: Joe\" -x http://proxy https://example.com\ncurl --proxy-header \"User-Agent: surprise\" -x http://proxy https://example.com\ncurl --proxy-header \"Host:\" -x http://proxy https://example.com\n\nSee also -x, --proxy. Added in 7.37.0.\n\n#### --proxy-insecure\n\nSame as -k, --insecure but used in HTTPS proxy context.\n\nExample:\ncurl --proxy-insecure -x https://proxy https://example.com\n\nSee also -x, --proxy and -k, --insecure. Added in 7.52.0.\n\n#### --proxy-key-type <type>\n\nSame as --key-type but used in HTTPS proxy context.\n\nExample:\ncurl --proxy-key-type DER --proxy-key here -x https://proxy https://example.com\n\nSee also --proxy-key and -x, --proxy. Added in 7.52.0.\n\n#### --proxy-key <key>\n\nSame as --key but used in HTTPS proxy context.\n\nExample:\ncurl --proxy-key here -x https://proxy https://example.com\n\nSee also --proxy-key-type and -x, --proxy. Added in 7.52.0.\n\n#### --proxy-negotiate\n\nTells curl to use HTTP Negotiate (SPNEGO) authentication when communicating  with  the\ngiven proxy. Use --negotiate for enabling HTTP Negotiate (SPNEGO) with a remote host.\n\nExample:\ncurl --proxy-negotiate --proxy-user user:passwd -x proxy https://example.com\n\nSee also --proxy-anyauth and --proxy-basic.\n\n#### --proxy-ntlm\n\nTells  curl  to  use HTTP NTLM authentication when communicating with the given proxy.\nUse --ntlm for enabling NTLM with a remote host.\n\nExample:\ncurl --proxy-ntlm --proxy-user user:passwd -x http://proxy https://example.com\n\nSee also --proxy-negotiate and --proxy-anyauth.\n\n#### --proxy-pass <phrase>\n\nSame as --pass but used in HTTPS proxy context.\n\nExample:\ncurl --proxy-pass secret --proxy-key here -x https://proxy https://example.com\n\nSee also -x, --proxy and --proxy-key. Added in 7.52.0.\n\n#### --proxy-pinnedpubkey <hashes>\n\n(TLS) Tells curl to use the specified public key file (or hashes) to verify the proxy.\nThis  can be a path to a file which contains a single public key in PEM or DER format,\nor any number of base64 encoded sha256 hashes preceded by 'sha256//' and separated  by\n';'.\n\nWhen  negotiating  a  TLS or SSL connection, the server sends a certificate indicating\nits identity. A public key is extracted from this certificate and if it does  not  ex‐\nactly match the public key provided to this option, curl will abort the connection be‐\nfore sending or receiving any data.\n\nIf this option is used several times, the last one will be used.\n\nExamples:\ncurl --proxy-pinnedpubkey keyfile https://example.com\ncurl --proxy-pinnedpubkey 'sha256//ce118b51897f4452dc' https://example.com\n\nSee also --pinnedpubkey and -x, --proxy. Added in 7.59.0.\n\n#### --proxy-service-name <name>\n\nThis option allows you to change the service name for proxy negotiation.\n\nExample:\ncurl --proxy-service-name \"shrubbery\" -x proxy https://example.com\n\nSee also --service-name and -x, --proxy. Added in 7.43.0.\n\n#### --proxy-ssl-allow-beast\n\nSame as --ssl-allow-beast but used in HTTPS proxy context.\n\nExample:\ncurl --proxy-ssl-allow-beast -x https://proxy https://example.com\n\nSee also --ssl-allow-beast and -x, --proxy. Added in 7.52.0.\n\n#### --proxy-ssl-auto-client-cert\n\nSame as --ssl-auto-client-cert but used in HTTPS proxy context.\n\nExample:\ncurl --proxy-ssl-auto-client-cert -x https://proxy https://example.com\n\nSee also --ssl-auto-client-cert and -x, --proxy. Added in 7.77.0.\n\n#### --proxy-tls13-ciphers <ciphersuite list>\n\n(TLS) Specifies which cipher suites to use in the connection to your HTTPS proxy  when\nit  negotiates TLS 1.3. The list of ciphers suites must specify valid ciphers. Read up\non TLS 1.3 cipher suite details on this URL:\n\nhttps://curl.se/docs/ssl-ciphers.html\n\nThis option is currently used only when curl is built to use OpenSSL 1.1.1  or  later.\nIf  you are using a different SSL backend you can try setting TLS 1.3 cipher suites by\nusing the --proxy-ciphers option.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --proxy-tls13-ciphers TLSAES128GCMSHA256 -x proxy https://example.com\n\nSee also --tls13-ciphers and --curves. Added in 7.61.0.\n\n#### --proxy-tlsauthtype <type>\n\nSame as --tlsauthtype but used in HTTPS proxy context.\n\nExample:\ncurl --proxy-tlsauthtype SRP -x https://proxy https://example.com\n\nSee also -x, --proxy and --proxy-tlsuser. Added in 7.52.0.\n\n#### --proxy-tlspassword <string>\n\nSame as --tlspassword but used in HTTPS proxy context.\n\nExample:\ncurl --proxy-tlspassword passwd -x https://proxy https://example.com\n\nSee also -x, --proxy and --proxy-tlsuser. Added in 7.52.0.\n\n#### --proxy-tlsuser <name>\n\nSame as --tlsuser but used in HTTPS proxy context.\n\nExample:\ncurl --proxy-tlsuser smith -x https://proxy https://example.com\n\nSee also -x, --proxy and --proxy-tlspassword. Added in 7.52.0.\n\n#### --proxy-tlsv1\n\nSame as -1, --tlsv1 but used in HTTPS proxy context.\n\nExample:\ncurl --proxy-tlsv1 -x https://proxy https://example.com\n\nSee also -x, --proxy. Added in 7.52.0.\n\n#### -U, --proxy-user <user:password>\n\nSpecify the user name and password to use for proxy authentication.\n\nIf you use a Windows SSPI-enabled curl binary and do either Negotiate or NTLM  authen‐\ntication  then  you can tell curl to select the user name and password from your envi‐\nronment by specifying a single colon with this option: \"-U :\".\n\nOn systems where it works, curl will hide the given option argument from process list‐\nings.  This  is  not enough to protect credentials from possibly getting seen by other\nusers on the same system as they will still be visible for a  moment  before  cleared.\nSuch  sensitive data should be retrieved from a file instead or similar and never used\nin clear text in a command line.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --proxy-user name:pwd -x proxy https://example.com\n\nSee also --proxy-pass.\n\n-x, --proxy [protocol://]host[:port]\nUse the specified proxy.\n\nThe proxy string can be specified with a protocol:// prefix. No protocol specified  or\nhttp://  will  be  treated  as  HTTP  proxy.  Use  socks4://, socks4a://, socks5:// or\nsocks5h:// to request a specific SOCKS version to be used.\n\n\nHTTPS proxy support via https:// protocol prefix was  added  in  7.52.0  for  OpenSSL,\nGnuTLS and NSS.\n\nUnrecognized  and unsupported proxy protocols cause an error since 7.52.0.  Prior ver‐\nsions may ignore the protocol and use http:// instead.\n\nIf the port number is not specified in the proxy string, it is assumed to be 1080.\n\nThis option overrides existing environment variables that set the  proxy  to  use.  If\nthere's  an  environment variable setting a proxy, you can set proxy to \"\" to override\nit.\n\nAll operations that are performed over an HTTP proxy will transparently  be  converted\nto  HTTP.  It  means that certain protocol specific operations might not be available.\nThis is not the case if you can tunnel through the proxy, as one with the -p, --proxy‐\ntunnel option.\n\nUser  and password that might be provided in the proxy string are URL decoded by curl.\nThis allows you to pass in special characters such as @ by using  %40  or  pass  in  a\ncolon with %3a.\n\nThe  proxy  host can be specified the same way as the proxy environment variables, in‐\ncluding the protocol prefix (http://) and the embedded user + password.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --proxy http://proxy.example https://example.com\n\nSee also --socks5 and --proxy-basic.\n\n--proxy1.0 <host[:port]>\nUse the specified HTTP 1.0 proxy. If the port number is not specified, it  is  assumed\nat port 1080.\n\nThe  only  difference  between this and the HTTP proxy option -x, --proxy, is that at‐\ntempts to use CONNECT through the proxy will specify an HTTP 1.0 protocol  instead  of\nthe default HTTP 1.1.\n\nExample:\ncurl --proxy1.0 -x http://proxy https://example.com\n\nSee also -x, --proxy, --socks5 and --preproxy.\n\n#### -p, --proxytunnel\n\nWhen  an HTTP proxy is used -x, --proxy, this option will make curl tunnel through the\nproxy. The tunnel approach is made with the HTTP proxy CONNECT  request  and  requires\nthat  the  proxy  allows direct connect to the remote port number curl wants to tunnel\nthrough to.\n\nTo suppress proxy CONNECT response headers when curl is  set  to  output  headers  use\n--suppress-connect-headers.\n\nExample:\ncurl --proxytunnel -x http://proxy https://example.com\n\nSee also -x, --proxy.\n\n#### --pubkey <key>\n\n(SFTP  SCP)  Public key file name. Allows you to provide your public key in this sepa‐\nrate file.\n\nIf this option is used several times, the last one will be used.\n\n(As of 7.39.0, curl attempts to automatically extract the public key from the  private\nkey  file, so passing this option is generally not required. Note that this public key\nextraction requires libcurl to be linked against a copy of  libssh2  1.2.8  or  higher\nthat is itself linked against OpenSSL.)\n\nExample:\ncurl --pubkey file.pub sftp://example.com/\n\nSee also --pass.\n\n#### -Q, --quote <command>\n\n(FTP  SFTP) Send an arbitrary command to the remote FTP or SFTP server. Quote commands\nare sent BEFORE the transfer takes place (just after the initial PWD command in an FTP\ntransfer,  to be exact). To make commands take place after a successful transfer, pre‐\nfix them with a dash '-'. To make commands be sent after curl has changed the  working\ndirectory, just before the transfer command(s), prefix the command with a '+' (this is\nonly supported for FTP). You may specify any number of commands.\n\nBy default curl will stop at first failure. To make curl continue even if the  command\nfails, prefix the command with an asterisk (*). Otherwise, if the server returns fail‐\nure for one of the commands, the entire operation will be aborted.\n\nYou must send syntactically correct FTP commands as RFC 959 defines to FTP servers, or\none of the commands listed below to SFTP servers.\n\nThis option can be used multiple times.\n\nSFTP  is a binary protocol. Unlike for FTP, curl interprets SFTP quote commands itself\nbefore sending them to the server. File names may be quoted shell-style to embed  spa‐\nces or special characters. Following is the list of all supported SFTP quote commands:\n\natime date file\nThe atime command sets the last access time of the file named by the file oper‐\nand. The <date expression> can be all sorts of date strings, see the  curlget‐\ndate(3) man page for date expression details. (Added in 7.73.0)\n\nchgrp group file\nThe  chgrp  command  sets the group ID of the file named by the file operand to\nthe group ID specified by the group operand. The group operand is a decimal in‐\nteger group ID.\n\nchmod mode file\nThe  chmod  command modifies the file mode bits of the specified file. The mode\noperand is an octal integer mode number.\n\nchown user file\nThe chown command sets the owner of the file named by the file operand  to  the\nuser  ID  specified  by the user operand. The user operand is a decimal integer\nuser ID.\n\nln sourcefile targetfile\nThe ln and symlink commands create a symbolic link at the targetfile  location\npointing to the sourcefile location.\n\nmkdir directoryname\nThe mkdir command creates the directory named by the directoryname operand.\n\nmtime date file\nThe mtime command sets the last modification time of the file named by the file\noperand. The <date expression> can be  all  sorts  of  date  strings,  see  the\ncurlgetdate(3) man page for date expression details. (Added in 7.73.0)\n\npwd    The pwd command returns the absolute pathname of the current working directory.\n\nrename source target\nThe rename command renames the file or directory named by the source operand to\nthe destination path named by the target operand.\n\nrm file\nThe rm command removes the file specified by the file operand.\n\nrmdir directory\nThe rmdir command removes the directory entry specified by the directory  oper‐\nand, provided it is empty.\n\nsymlink sourcefile targetfile\nSee ln.\n\nExample:\ncurl --quote \"DELE file\" ftp://example.com/foo\n\nSee also -X, --request.\n\n#### --random-file <file>\n\nSpecify  the  path name to file containing what will be considered as random data. The\ndata may be used to seed the random engine for SSL connections. See  also  the  --egd-\nfile option.\n\nExample:\ncurl --random-file rubbish https://example.com\n\nSee also --egd-file.\n\n#### -r, --range <range>\n\n(HTTP FTP SFTP FILE) Retrieve a byte range (i.e. a partial document) from an HTTP/1.1,\nFTP or SFTP server or a local FILE. Ranges can be specified in a number of ways.\n\n0-499     specifies the first 500 bytes\n\n500-999   specifies the second 500 bytes\n\n-500      specifies the last 500 bytes\n\n9500-     specifies the bytes from offset 9500 and forward\n\n0-0,-1    specifies the first and last byte only(*)(HTTP)\n\n100-199,500-599\nspecifies two separate 100-byte ranges(*) (HTTP)\n\n(*) = NOTE that this will cause the server to reply with a multipart  response,  which\nwill be returned as-is by curl! Parsing or otherwise transforming this response is the\nresponsibility of the caller.\n\nOnly digit characters (0-9) are valid in the 'start' and 'stop' fields of the  'start-\nstop'  range  syntax. If a non-digit character is given in the range, the server's re‐\nsponse will be unspecified, depending on the server's configuration.\n\nYou should also be aware that many HTTP/1.1 servers do not have this feature  enabled,\nso that when you attempt to get a range, you will instead get the whole document.\n\nFTP  and  SFTP range downloads only support the simple 'start-stop' syntax (optionally\nwith one of the numbers omitted). FTP use depends on the extended FTP command SIZE.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --range 22-44 https://example.com\n\nSee also -C, --continue-at and -a, --append.\n\n--raw  (HTTP) When used, it disables all internal HTTP decoding of content or transfer encod‐\nings and instead makes them passed on unaltered, raw.\n\nExample:\ncurl --raw https://example.com\n\nSee also --tr-encoding.\n\n#### -e, --referer <URL>\n\n(HTTP)  Sends the \"Referrer Page\" information to the HTTP server. This can also be set\nwith the -H, --header flag of course. When used with -L,  --location  you  can  append\n\";auto\"  to the -e, --referer URL to make curl automatically set the previous URL when\nit follows a Location: header. The \";auto\" string can be used alone, even  if  you  do\nnot set an initial -e, --referer.\n\nIf this option is used several times, the last one will be used.\n\nExamples:\ncurl --referer \"https://fake.example\" https://example.com\ncurl --referer \"https://fake.example;auto\" -L https://example.com\ncurl --referer \";auto\" -L https://example.com\n\nSee also -A, --user-agent and -H, --header.\n\n#### -J, --remote-header-name\n\n(HTTP) This option tells the -O, --remote-name option to use the server-specified Con‐\ntent-Disposition filename instead of extracting a filename from the URL.\n\nIf the server specifies a file name and a file with that name already  exists  in  the\ncurrent  working  directory it will not be overwritten and an error will occur. If the\nserver does not specify a file name then this option has no effect.\n\nThere's no attempt to decode %-sequences (yet) in the provided file name, so this  op‐\ntion may provide you with rather unexpected file names.\n\nWARNING:  Exercise judicious use of this option, especially on Windows. A rogue server\ncould send you the name of a DLL or other file that could be loaded  automatically  by\nWindows or some third party software.\n\nExample:\ncurl -OJ https://example.com/file\n\nSee also -O, --remote-name.\n\n#### --remote-name-all\n\nThis  option  changes the default action for all given URLs to be dealt with as if -O,\n--remote-name were used for each one. So if you want to disable that  for  a  specific\nURL after --remote-name-all has been used, you must use \"-o -\" or --no-remote-name.\n\nExample:\ncurl --remote-name-all ftp://example.com/file1 ftp://example.com/file2\n\nSee also -O, --remote-name.\n\n#### -O, --remote-name\n\nWrite output to a local file named like the remote file we get. (Only the file part of\nthe remote file is used, the path is cut off.)\n\nThe file will be saved in the current working directory. If you want the file saved in\na  different  directory, make sure you change the current working directory before in‐\nvoking curl with this option.\n\nThe remote file name to use for saving is extracted from the given URL, nothing  else,\nand  if it already exists it will be overwritten. If you want the server to be able to\nchoose the file name refer to -J, --remote-header-name which can be used  in  addition\nto this option. If the server chooses a file name and that name already exists it will\nnot be overwritten.\n\nThere is no URL decoding done on the file name. If it has %20  or  other  URL  encoded\nparts of the name, they will end up as-is as file name.\n\nYou may use this option as many times as the number of URLs you have.\n\nExample:\ncurl -O https://example.com/filename\n\nSee also --remote-name-all.\n\n#### -R, --remote-time\n\nWhen used, this will make curl attempt to figure out the timestamp of the remote file,\nand if that is available make the local file get that same timestamp.\n\nExample:\ncurl --remote-time -o foo https://example.com\n\nSee also -O, --remote-name and -z, --time-cond.\n\n#### --request-target <path>\n\n(HTTP) Tells curl to use an alternative \"target\" (path) instead of using the  path  as\nprovided  in  the URL. Particularly useful when wanting to issue HTTP requests without\nleading slash or other data that does not follow the regular URL  pattern,  like  \"OP‐\nTIONS *\".\n\nExample:\ncurl --request-target \"*\" -X OPTIONS https://example.com\n\nSee also -X, --request. Added in 7.55.0.\n\n#### -X, --request <method>\n\n(HTTP)  Specifies  a  custom  request  method  to use when communicating with the HTTP\nserver. The specified request method will be used instead of the method otherwise used\n(which defaults to GET). Read the HTTP 1.1 specification for details and explanations.\nCommon additional HTTP requests include PUT and DELETE, but related technologies  like\nWebDAV offers PROPFIND, COPY, MOVE and more.\n\nNormally  you  do  not need this option. All sorts of GET, HEAD, POST and PUT requests\nare rather invoked by using dedicated command line options.\n\nThis option only changes the actual word used in the HTTP request, it does  not  alter\nthe  way curl behaves. So for example if you want to make a proper HEAD request, using\n-X HEAD will not suffice. You need to use the -I, --head option.\n\nThe method string you set with -X, --request will be used for all requests,  which  if\nyou  for  example  use -L, --location may cause unintended side-effects when curl does\nnot change request method according to the HTTP 30x response codes - and similar.\n\n(FTP) Specifies a custom FTP command to use instead of LIST when doing file lists with\nFTP.\n\n(POP3) Specifies a custom POP3 command to use instead of LIST or RETR.\n\n\n(IMAP) Specifies a custom IMAP command to use instead of LIST. (Added in 7.30.0)\n\n(SMTP)  Specifies  a  custom  SMTP  command  to use instead of HELP or VRFY. (Added in\n7.34.0)\n\nIf this option is used several times, the last one will be used.\n\nExamples:\ncurl -X \"DELETE\" https://example.com\ncurl -X NLST ftp://example.com/\n\nSee also --request-target.\n\n--resolve <[+]host:port:addr[,addr]...>\nProvide a custom address for a specific host and port pair. Using this, you  can  make\nthe  curl  requests(s)  use a specified address and prevent the otherwise normally re‐\nsolved address to be used. Consider it a sort of /etc/hosts  alternative  provided  on\nthe  command line. The port number should be the number used for the specific protocol\nthe host will be used for. It means you need several entries if you  want  to  provide\naddress for the same host but different ports.\n\nBy specifying '*' as host you can tell curl to resolve any host and specific port pair\nto the specified address. Wildcard is resolved last so any --resolve with  a  specific\nhost and port will be used first.\n\nThe  provided address set by this option will be used even if -4, --ipv4 or -6, --ipv6\nis set to make curl use another IP version.\n\nBy prefixing the host with a '+' you can make the entry time out after curl's  default\ntimeout  (1  minute).  Note  that  this will only make sense for long running parallel\ntransfers with a lot of files. In such cases, if this option is used curl will try  to\nresolve the host as it normally would once the timeout has expired.\n\nSupport for providing the IP address within [brackets] was added in 7.57.0.\n\nSupport for providing multiple IP addresses per entry was added in 7.59.0.\n\nSupport for resolving with wildcard was added in 7.64.0.\n\nSupport for the '+' prefix was was added in 7.75.0.\n\nThis option can be used many times to add many host names to resolve.\n\nExample:\ncurl --resolve example.com:443:127.0.0.1 https://example.com\n\nSee also --connect-to and --alt-svc.\n\n#### --retry-all-errors\n\nRetry on any error. This option is used together with --retry.\n\nThis  option  is the \"sledgehammer\" of retrying. Do not use this option by default (eg\nin curlrc), there may be unintended consequences such as sending or  receiving  dupli‐\ncate  data.  Do not use with redirected input or output. You'd be much better off han‐\ndling your unique problems in shell script. Please read the example below.\n\nWARNING: For server compatibility curl attempts to retry  failed  flaky  transfers  as\nclose  as  possible to how they were started, but this is not possible with redirected\ninput or output. For example, before retrying it removes output  data  from  a  failed\npartial  transfer that was written to an output file. However this is not true of data\nredirected to a | pipe or > file, which are not reset. We strongly suggest you do  not\nparse or record output via redirect in combination with this option, since you may re‐\nceive duplicate data.\n\nBy default curl will not error on an HTTP response code that indicates an HTTP  error,\nif the transfer was successful. For example, if a server replies 404 Not Found and the\nreply is fully received then that is not an error. When --retry is used then curl will\nretry  on  some HTTP response codes that indicate transient HTTP errors, but that does\nnot include most 4xx response codes such as 404. If you want to retry on all  response\ncodes that indicate HTTP errors (4xx and 5xx) then combine with -f, --fail.\n\nExample:\ncurl --retry 5 --retry-all-errors https://example.com\n\nSee also --retry. Added in 7.71.0.\n\n#### --retry-connrefused\n\nIn  addition  to  the other conditions, consider ECONNREFUSED as a transient error too\nfor --retry. This option is used together with --retry.\n\nExample:\ncurl --retry-connrefused --retry https://example.com\n\nSee also --retry and --retry-all-errors. Added in 7.52.0.\n\n#### --retry-delay <seconds>\n\nMake curl sleep this amount of time before each retry when a transfer has failed  with\na  transient  error  (it  changes the default backoff time algorithm between retries).\nThis option is only interesting if --retry is also used. Setting this  delay  to  zero\nwill make curl use the default backoff time.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --retry-delay 5 --retry https://example.com\n\nSee also --retry.\n\n#### --retry-max-time <seconds>\n\nThe  retry  timer  is reset before the first transfer attempt. Retries will be done as\nusual (see --retry) as long as the timer has not reached this given limit. Notice that\nif the timer has not reached the limit, the request will be made and while performing,\nit may take longer than this given time period. To limit a  single  request's  maximum\ntime, use -m, --max-time. Set this option to zero to not timeout retries.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --retry-max-time 30 --retry 10 https://example.com\n\nSee also --retry.\n\n#### --retry <num>\n\nIf  a transient error is returned when curl tries to perform a transfer, it will retry\nthis number of times before giving up. Setting the number to 0 makes curl  do  no  re‐\ntries  (which is the default). Transient error means either: a timeout, an FTP 4xx re‐\nsponse code or an HTTP 408, 429, 500, 502, 503 or 504 response code.\n\nWhen curl is about to retry a transfer, it will first wait one second and then for all\nforthcoming  retries it will double the waiting time until it reaches 10 minutes which\nthen will be the delay between the rest of the retries.  By  using  --retry-delay  you\ndisable this exponential backoff algorithm. See also --retry-max-time to limit the to‐\ntal time allowed for retries.\n\nSince curl 7.66.0, curl will comply with the Retry-After: response header if  one  was\npresent to know when to issue the next retry.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --retry 7 https://example.com\n\nSee also --retry-max-time.\n\n#### --sasl-authzid <identity>\n\nUse  this authorisation identity (authzid), during SASL PLAIN authentication, in addi‐\ntion to the authentication identity (authcid) as specified by -u, --user.\n\nIf the option is not specified, the server will derive the authzid from  the  authcid,\nbut if specified, and depending on the server implementation, it may be used to access\nanother user's inbox, that the user has been granted access to, or  a  shared  mailbox\nfor example.\n\nExample:\ncurl --sasl-authzid zid imap://example.com/\n\nSee also --login-options. Added in 7.66.0.\n\n#### --sasl-ir\n\nEnable initial response in SASL authentication.\n\nExample:\ncurl --sasl-ir imap://example.com/\n\nSee also --sasl-authzid. Added in 7.31.0.\n\n#### --service-name <name>\n\nThis option allows you to change the service name for SPNEGO.\n\nExamples: --negotiate --service-name sockd would use sockd/server-name.\n\nExample:\ncurl --service-name sockd/server https://example.com\n\nSee also --negotiate and --proxy-service-name. Added in 7.43.0.\n\n#### -S, --show-error\n\nWhen used with -s, --silent, it makes curl show an error message if it fails.\n\nThis option is global and does not need to be specified for each use of -:, --next.\n\nExample:\ncurl --show-error --silent https://example.com\n\nSee also --no-progress-meter.\n\n#### -s, --silent\n\nSilent  or  quiet mode. Do not show progress meter or error messages. Makes Curl mute.\nIt will still output the data you ask for, potentially even to the terminal/stdout un‐\nless you redirect it.\n\nUse  -S,  --show-error  in addition to this option to disable progress meter but still\nshow error messages.\n\nExample:\ncurl -s https://example.com\n\nSee also -v, --verbose, --stderr and --no-progress-meter.\n\n--socks4 <host[:port]>\nUse the specified SOCKS4 proxy. If the port number is not specified, it is assumed  at\nport  1080. Using this socket type make curl resolve the host name and passing the ad‐\ndress on to the proxy.\n\nThis option overrides any previous use of -x, --proxy, as they are mutually exclusive.\n\nThis option is superfluous since you can specify a socks4 proxy with -x, --proxy using\na socks4:// protocol prefix.\n\nSince  7.52.0,  --preproxy  can  be used to specify a SOCKS proxy at the same time -x,\n--proxy is used with an HTTP/HTTPS proxy. In such a case curl first  connects  to  the\nSOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --socks4 hostname:4096 https://example.com\n\nSee also --socks4a, --socks5 and --socks5-hostname.\n\n--socks4a <host[:port]>\nUse the specified SOCKS4a proxy. If the port number is not specified, it is assumed at\nport 1080. This asks the proxy to resolve the host name.\n\nThis option overrides any previous use of -x, --proxy, as they are mutually exclusive.\n\nThis option is superfluous since you can specify a socks4a proxy with -x, --proxy  us‐\ning a socks4a:// protocol prefix.\n\nSince  7.52.0,  --preproxy  can  be used to specify a SOCKS proxy at the same time -x,\n--proxy is used with an HTTP/HTTPS proxy. In such a case curl first  connects  to  the\nSOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --socks4a hostname:4096 https://example.com\n\nSee also --socks4, --socks5 and --socks5-hostname.\n\n#### --socks5-basic\n\nTells  curl to use username/password authentication when connecting to a SOCKS5 proxy.\nThe username/password authentication is enabled by default.   Use  --socks5-gssapi  to\nforce GSS-API authentication to SOCKS5 proxies.\n\nExample:\ncurl --socks5-basic --socks5 hostname:4096 https://example.com\n\nSee also --socks5. Added in 7.55.0.\n\n#### --socks5-gssapi-nec\n\nAs  part  of the GSS-API negotiation a protection mode is negotiated. RFC 1961 says in\nsection 4.3/4.4 it should be protected, but the NEC reference implementation does not.\nThe  option --socks5-gssapi-nec allows the unprotected exchange of the protection mode\nnegotiation.\n\nExample:\ncurl --socks5-gssapi-nec --socks5 hostname:4096 https://example.com\n\nSee also --socks5.\n\n#### --socks5-gssapi-service <name>\n\nThe default service name for a socks server is rcmd/server-fqdn.  This  option  allows\nyou to change it.\n\nExamples: --socks5 proxy-name --socks5-gssapi-service sockd would use sockd/proxy-name\n--socks5 proxy-name --socks5-gssapi-service sockd/real-name would use  sockd/real-name\nfor cases where the proxy-name does not match the principal name.\n\nExample:\ncurl --socks5-gssapi-service sockd --socks5 hostname:4096 https://example.com\n\nSee also --socks5.\n\n#### --socks5-gssapi\n\nTells  curl to use GSS-API authentication when connecting to a SOCKS5 proxy.  The GSS-\nAPI authentication is enabled by default (if curl is compiled with  GSS-API  support).\nUse --socks5-basic to force username/password authentication to SOCKS5 proxies.\n\nExample:\ncurl --socks5-gssapi --socks5 hostname:4096 https://example.com\n\nSee also --socks5. Added in 7.55.0.\n\n--socks5-hostname <host[:port]>\nUse  the specified SOCKS5 proxy (and let the proxy resolve the host name). If the port\nnumber is not specified, it is assumed at port 1080.\n\nThis option overrides any previous use of -x, --proxy, as they are mutually exclusive.\n\nThis option is superfluous since you can specify a  socks5  hostname  proxy  with  -x,\n--proxy using a socks5h:// protocol prefix.\n\nSince  7.52.0,  --preproxy  can  be used to specify a SOCKS proxy at the same time -x,\n--proxy is used with an HTTP/HTTPS proxy. In such a case curl first  connects  to  the\nSOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --socks5-hostname proxy.example:7000 https://example.com\n\nSee also --socks5 and --socks4a.\n\n--socks5 <host[:port]>\nUse the specified SOCKS5 proxy - but resolve the host name locally. If the port number\nis not specified, it is assumed at port 1080.\n\nThis option overrides any previous use of -x, --proxy, as they are mutually exclusive.\n\nThis option is superfluous since you can specify a socks5 proxy with -x, --proxy using\na socks5:// protocol prefix.\n\nSince  7.52.0,  --preproxy  can  be used to specify a SOCKS proxy at the same time -x,\n--proxy is used with an HTTP/HTTPS proxy. In such a case curl first  connects  to  the\nSOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy.\n\nIf this option is used several times, the last one will be used.\n\nThis option (as well as --socks4) does not work with IPV6, FTPS or LDAP.\n\nExample:\ncurl --socks5 proxy.example:7000 https://example.com\n\nSee also --socks5-hostname and --socks4a.\n\n#### -Y, --speed-limit <speed>\n\nIf  a  download  is  slower than this given speed (in bytes per second) for speed-time\nseconds it gets aborted. speed-time is set with -y, --speed-time and is 30 if not set.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --speed-limit 300 --speed-time 10 https://example.com\n\nSee also -y, --speed-time, --limit-rate and -m, --max-time.\n\n#### -y, --speed-time <seconds>\n\nIf a download is slower than speed-limit bytes per second during a speed-time  period,\nthe  download  gets  aborted. If speed-time is used, the default speed-limit will be 1\nunless set with -Y, --speed-limit.\n\nThis option controls transfers and thus will not affect slow connects etc. If this  is\na concern for you, try the --connect-timeout option.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --speed-limit 300 --speed-time 10 https://example.com\n\nSee also -Y, --speed-limit and --limit-rate.\n\n#### --ssl-allow-beast\n\nThis  option tells curl to not work around a security flaw in the SSL3 and TLS1.0 pro‐\ntocols known as BEAST.  If this option is not used, the SSL layer may use  workarounds\nknown to cause interoperability problems with some older SSL implementations.\n\nWARNING:  this option loosens the SSL security, and by using this flag you ask for ex‐\nactly that.\n\nExample:\ncurl --ssl-allow-beast https://example.com\n\nSee also --proxy-ssl-allow-beast and -k, --insecure.\n\n#### --ssl-auto-client-cert\n\nTell libcurl to automatically locate and use a client certificate for  authentication,\nwhen  requested  by the server. This option is only supported for Schannel (the native\nWindows SSL library). Prior to 7.77.0 this was the default behavior  in  libcurl  with\nSchannel.  Since the server can request any certificate that supports client authenti‐\ncation in the OS certificate store it could be a privacy violation and unexpected.\n\nExample:\ncurl --ssl-auto-client-cert https://example.com\n\nSee also --proxy-ssl-auto-client-cert. Added in 7.77.0.\n\n#### --ssl-no-revoke\n\n(Schannel) This option tells curl to disable certificate revocation checks.   WARNING:\nthis option loosens the SSL security, and by using this flag you ask for exactly that.\n\nExample:\ncurl --ssl-no-revoke https://example.com\n\nSee also --crlfile. Added in 7.44.0.\n\n#### --ssl-reqd\n\n(FTP  IMAP  POP3 SMTP LDAP) Require SSL/TLS for the connection. Terminates the connec‐\ntion if the server does not support SSL/TLS.\n\nThis option is handled in LDAP since version 7.81.0. It  is  fully  supported  by  the\nopenldap backend and rejected by the generic ldap backend if explicit TLS is required.\n\nThis option was formerly known as --ftp-ssl-reqd.\n\nExample:\ncurl --ssl-reqd ftp://example.com\n\nSee also --ssl and -k, --insecure.\n\n#### --ssl-revoke-best-effort\n\n(Schannel)  This  option  tells curl to ignore certificate revocation checks when they\nfailed due to missing/offline distribution points for the revocation check lists.\n\nExample:\ncurl --ssl-revoke-best-effort https://example.com\n\nSee also --crlfile and -k, --insecure. Added in 7.70.0.\n\n--ssl  (FTP IMAP POP3 SMTP LDAP) Try to use SSL/TLS for the connection. Reverts to a  non-se‐\ncure connection if the server does not support SSL/TLS. See also --ftp-ssl-control and\n--ssl-reqd for different levels of encryption required.\n\nThis option is handled in LDAP since version 7.81.0. It  is  fully  supported  by  the\nopenldap backend and ignored by the generic ldap backend.\n\nPlease  note  that  a server may close the connection if the negotiation does not suc‐\nceed.\n\nThis option was formerly known as --ftp-ssl. That option name can still  be  used  but\nwill be removed in a future version.\n\nExample:\ncurl --ssl pop3://example.com/\n\nSee also -k, --insecure and --ciphers.\n\n-2, --sslv2\n(SSL) This option previously asked curl to use SSLv2, but starting in curl 7.77.0 this\ninstruction is ignored. SSLv2 is widely considered insecure (see RFC 6176).\n\nExample:\ncurl --sslv2 https://example.com\n\nSee also --http1.1 and --http2. -2, --sslv2 requires that the underlying  libcurl  was\nbuilt  to support TLS. This option overrides -3, --sslv3 and -1, --tlsv1 and --tlsv1.1\nand --tlsv1.2.\n\n-3, --sslv3\n(SSL) This option previously asked curl to use SSLv3, but starting in curl 7.77.0 this\ninstruction is ignored. SSLv3 is widely considered insecure (see RFC 7568).\n\nExample:\ncurl --sslv3 https://example.com\n\nSee  also  --http1.1 and --http2. -3, --sslv3 requires that the underlying libcurl was\nbuilt to support TLS. This option overrides -2, --sslv2 and -1, --tlsv1 and  --tlsv1.1\nand --tlsv1.2.\n\n#### --stderr <file>\n\nRedirect  all  writes  to  stderr to the specified file instead. If the file name is a\nplain '-', it is instead written to stdout.\n\nThis option is global and does not need to be specified for each use of -:, --next.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --stderr output.txt https://example.com\n\nSee also -v, --verbose and -s, --silent.\n\n#### --styled-output\n\nEnables the automatic use of bold font styles when writing HTTP headers to the  termi‐\nnal. Use --no-styled-output to switch them off.\n\nThis option is global and does not need to be specified for each use of -:, --next.\n\nExample:\ncurl --styled-output -I https://example.com\n\nSee also -I, --head and -v, --verbose. Added in 7.61.0.\n\n#### --suppress-connect-headers\n\nWhen  -p, --proxytunnel is used and a CONNECT request is made do not output proxy CON‐\nNECT response headers. This option is meant to be used with -D, --dump-header  or  -i,\n--include  which  are used to show protocol headers in the output. It has no effect on\ndebug options such as -v, --verbose or --trace, or any statistics.\n\nExample:\ncurl --suppress-connect-headers --include -x proxy https://example.com\n\nSee also -D, --dump-header, -i, --include and -p, --proxytunnel. Added in 7.54.0.\n\n#### --tcp-fastopen\n\nEnable use of TCP Fast Open (RFC7413).\n\nExample:\ncurl --tcp-fastopen https://example.com\n\nSee also --false-start. Added in 7.49.0.\n\n#### --tcp-nodelay\n\nTurn on the TCPNODELAY option. See the curleasysetopt(3) man page for details about\nthis option.\n\nSince  7.50.2,  curl  sets this option by default and you need to explicitly switch it\noff if you do not want it on.\n\nExample:\ncurl --tcp-nodelay https://example.com\n\nSee also -N, --no-buffer.\n\n#### -t, --telnet-option <opt=val>\n\nPass options to the telnet protocol. Supported options are:\n\nTTYPE=<term> Sets the terminal type.\n\nXDISPLOC=<X display> Sets the X display location.\n\nNEWENV=<var,val> Sets an environment variable.\n\nExample:\ncurl -t TTYPE=vt100 telnet://example.com/\n\nSee also -K, --config.\n\n#### --tftp-blksize <value>\n\n(TFTP) Set TFTP BLKSIZE option (must be >512). This is the block size that  curl  will\ntry  to use when transferring data to or from a TFTP server. By default 512 bytes will\nbe used.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --tftp-blksize 1024 tftp://example.com/file\n\nSee also --tftp-no-options.\n\n#### --tftp-no-options\n\n(TFTP) Tells curl not to send TFTP options requests.\n\nThis option improves interop with some legacy servers that do not acknowledge or prop‐\nerly implement TFTP options. When this option is used --tftp-blksize is ignored.\n\nExample:\ncurl --tftp-no-options tftp://192.168.0.1/\n\nSee also --tftp-blksize. Added in 7.48.0.\n\n#### -z, --time-cond <time>\n\n(HTTP  FTP)  Request a file that has been modified later than the given time and date,\nor one that has been modified before that time. The <date expression> can be all sorts\nof  date  strings or if it does not match any internal ones, it is taken as a filename\nand tries to get the modification date (mtime) from <file> instead. See the  curlget‐\ndate(3) man pages for date expression details.\n\nStart  the  date  expression with a dash (-) to make it request for a document that is\nolder than the given date/time, default is a document that is newer than the specified\ndate/time.\n\nIf this option is used several times, the last one will be used.\n\nExamples:\ncurl -z \"Wed 01 Sep 2021 12:18:00\" https://example.com\ncurl -z \"-Wed 01 Sep 2021 12:18:00\" https://example.com\ncurl -z file https://example.com\n\nSee also --etag-compare and -R, --remote-time.\n\n#### --tls-max <VERSION>\n\n(SSL) VERSION defines maximum supported TLS version. The minimum acceptable version is\nset by tlsv1.0, tlsv1.1, tlsv1.2 or tlsv1.3.\n\nIf the connection is done without TLS, this option has no effect. This includes  QUIC-\nusing (HTTP/3) transfers.\n\n\ndefault\nUse up to recommended TLS version.\n\n1.0    Use up to TLSv1.0.\n\n1.1    Use up to TLSv1.1.\n\n1.2    Use up to TLSv1.2.\n\n1.3    Use up to TLSv1.3.\n\nExamples:\ncurl --tls-max 1.2 https://example.com\ncurl --tls-max 1.3 --tlsv1.2 https://example.com\n\nSee  also --tlsv1.0, --tlsv1.1, --tlsv1.2 and --tlsv1.3. --tls-max requires that the underly‐\ning libcurl was built to support TLS. Added in 7.54.0.\n\n#### --tls13-ciphers <ciphersuite list>\n\n(TLS) Specifies which cipher suites to use in the connection if it negotiates TLS 1.3.\nThe list of ciphers suites must specify valid ciphers. Read up on TLS 1.3 cipher suite\ndetails on this URL:\n\nhttps://curl.se/docs/ssl-ciphers.html\n\nThis option is currently used only when curl is built to use OpenSSL 1.1.1  or  later.\nIf  you are using a different SSL backend you can try setting TLS 1.3 cipher suites by\nusing the --ciphers option.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --tls13-ciphers TLSAES128GCMSHA256 https://example.com\n\nSee also --ciphers and --curves. Added in 7.61.0.\n\n#### --tlsauthtype <type>\n\nSet TLS authentication type. Currently, the only supported option is \"SRP\",  for  TLS-\nSRP (RFC 5054). If --tlsuser and --tlspassword are specified but --tlsauthtype is not,\nthen this option defaults to \"SRP\". This option works only if the  underlying  libcurl\nis built with TLS-SRP support, which requires OpenSSL or GnuTLS with TLS-SRP support.\n\nExample:\ncurl --tlsauthtype SRP https://example.com\n\nSee also --tlsuser.\n\n#### --tlspassword <string>\n\nSet  password for use with the TLS authentication method specified with --tlsauthtype.\nRequires that --tlsuser also be set.\n\nThis option does not work with TLS 1.3.\n\nExample:\ncurl --tlspassword pwd --tlsuser user https://example.com\n\nSee also --tlsuser.\n\n#### --tlsuser <name>\n\nSet username for use with the TLS authentication method specified with  --tlsauthtype.\nRequires that --tlspassword also is set.\n\nThis option does not work with TLS 1.3.\n\nExample:\ncurl --tlspassword pwd --tlsuser user https://example.com\n\nSee also --tlspassword.\n\n--tlsv1.0\n(TLS)  Forces  curl  to  use  TLS version 1.0 or later when connecting to a remote TLS\nserver.\n\nIn old versions of curl this option was documented to allow only TLS 1.0.  That  be‐\nhavior was inconsistent depending on the TLS library. Use --tls-max if you want to set\na maximum TLS version.\n\nExample:\ncurl --tlsv1.0 https://example.com\n\nSee also --tlsv1.3. Added in 7.34.0.\n\n--tlsv1.1\n(TLS) Forces curl to use TLS version 1.1 or later when  connecting  to  a  remote  TLS\nserver.\n\nIn  old versions of curl this option was documented to allow only TLS 1.1.  That be‐\nhavior was inconsistent depending on the TLS library. Use --tls-max if you want to set\na maximum TLS version.\n\nExample:\ncurl --tlsv1.1 https://example.com\n\nSee also --tlsv1.3. Added in 7.34.0.\n\n--tlsv1.2\n(TLS)  Forces  curl  to  use  TLS version 1.2 or later when connecting to a remote TLS\nserver.\n\nIn old versions of curl this option was documented to allow only TLS 1.2.  That  be‐\nhavior was inconsistent depending on the TLS library. Use --tls-max if you want to set\na maximum TLS version.\n\nExample:\ncurl --tlsv1.2 https://example.com\n\nSee also --tlsv1.3. Added in 7.34.0.\n\n--tlsv1.3\n(TLS) Forces curl to use TLS version 1.3 or later when  connecting  to  a  remote  TLS\nserver.\n\nIf  the connection is done without TLS, this option has no effect. This includes QUIC-\nusing (HTTP/3) transfers.\n\nNote that TLS 1.3 is not supported by all TLS backends.\n\nExample:\ncurl --tlsv1.3 https://example.com\n\nSee also --tlsv1.2. Added in 7.52.0.\n\n-1, --tlsv1\n(SSL) Tells curl to use at least TLS version 1.x when negotiating with  a  remote  TLS\nserver. That means TLS version 1.0 or higher\n\nExample:\ncurl --tlsv1 https://example.com\n\nSee  also  --http1.1 and --http2. -1, --tlsv1 requires that the underlying libcurl was\nbuilt to support TLS. This option overrides --tlsv1.1 and --tlsv1.2 and --tlsv1.3.\n\n#### --tr-encoding\n\n(HTTP) Request a compressed Transfer-Encoding response using  one  of  the  algorithms\ncurl supports, and uncompress the data while receiving it.\n\nExample:\ncurl --tr-encoding https://example.com\n\nSee also --compressed.\n\n#### --trace-ascii <file>\n\nEnables a full trace dump of all incoming and outgoing data, including descriptive in‐\nformation, to the given output file. Use \"-\" as filename to have the  output  sent  to\nstdout.\n\nThis  is similar to --trace, but leaves out the hex part and only shows the ASCII part\nof the dump. It makes smaller output that might be easier to read  for  untrained  hu‐\nmans.\n\nThis option is global and does not need to be specified for each use of -:, --next.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --trace-ascii log.txt https://example.com\n\nSee also -v, --verbose and --trace. This option overrides --trace and -v, --verbose.\n\n#### --trace-time\n\nPrepends a time stamp to each trace or verbose line that curl displays.\n\nThis option is global and does not need to be specified for each use of -:, --next.\n\nExample:\ncurl --trace-time --trace-ascii output https://example.com\n\nSee also --trace and -v, --verbose.\n\n#### --trace <file>\n\nEnables a full trace dump of all incoming and outgoing data, including descriptive in‐\nformation, to the given output file. Use \"-\" as filename to have the  output  sent  to\nstdout. Use \"%\" as filename to have the output sent to stderr.\n\nThis option is global and does not need to be specified for each use of -:, --next.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl --trace log.txt https://example.com\n\nSee  also  --trace-ascii  and  --trace-time.  This  option overrides -v, --verbose and\n--trace-ascii.\n\n#### --unix-socket <path>\n\n(HTTP) Connect through this Unix domain socket, instead of using the network.\n\nExample:\ncurl --unix-socket socket-path https://example.com\n\nSee also --abstract-unix-socket. Added in 7.40.0.\n\n#### -T, --upload-file <file>\n\nThis transfers the specified local file to the remote URL. If there is no file part in\nthe  specified  URL,  curl  will  append the local file name. NOTE that you must use a\ntrailing / on the last directory to really prove to Curl that there is no file name or\ncurl  will  think  that  your last directory name is the remote file name to use. That\nwill most likely cause the upload operation to fail. If this is  used  on  an  HTTP(S)\nserver, the PUT command will be used.\n\nUse  the  file  name \"-\" (a single dash) to use stdin instead of a given file.  Alter‐\nnately, the file name \".\" (a single period) may be specified instead  of  \"-\"  to  use\nstdin  in  non-blocking  mode  to allow reading server output while stdin is being up‐\nloaded.\n\nYou can specify one -T, --upload-file for each URL on the command line. Each -T, --up‐\nload-file  + URL pair specifies what to upload and to where. curl also supports \"glob‐\nbing\" of the -T, --upload-file argument, meaning that you can upload multiple files to\na single URL by using the same URL globbing style supported in the URL.\n\nWhen  uploading to an SMTP server: the uploaded data is assumed to be RFC 5322 format‐\nted. It has to feature the necessary set of headers and mail body formatted  correctly\nby the user as curl will not transcode nor encode it further in any way.\n\nExamples:\ncurl -T file https://example.com\ncurl -T \"img[1-1000].png\" ftp://ftp.example.com/\ncurl --upload-file \"{file1,file2}\" https://example.com\n\nSee also -G, --get and -I, --head.\n\n#### --url <url>\n\nSpecify a URL to fetch. This option is mostly handy when you want to specify URL(s) in\na config file.\n\nIf the given URL is missing a scheme name (such as \"http://\"  or  \"ftp://\"  etc)  then\ncurl  will  make  a  guess based on the host. If the outermost sub-domain name matches\nDICT, FTP, IMAP, LDAP, POP3 or SMTP then that protocol will be  used,  otherwise  HTTP\nwill be used. Since 7.45.0 guessing can be disabled by setting a default protocol, see\n--proto-default for details.\n\nThis option may be used any number of times. To control where this URL is written, use\nthe -o, --output or the -O, --remote-name options.\n\nWARNING:  On Windows, particular file:// accesses can be converted to network accesses\nby the operating system. Beware!\n\nExample:\ncurl --url https://example.com\n\nSee also -:, --next and -K, --config.\n\n#### -B, --use-ascii\n\n(FTP LDAP) Enable ASCII transfer. For FTP, this can also be enforced by  using  a  URL\nthat  ends  with  \";type=A\". This option causes data sent to stdout to be in text mode\nfor win32 systems.\n\nExample:\ncurl -B ftp://example.com/README\n\nSee also --crlf and --data-ascii.\n\n#### -A, --user-agent <name>\n\n(HTTP) Specify the User-Agent string to send to the HTTP server. To encode  blanks  in\nthe  string,  surround the string with single quote marks. This header can also be set\nwith the -H, --header or the --proxy-header options.\n\nIf you give an empty argument to -A, --user-agent (\"\"), it will remove the header com‐\npletely  from  the  request.  If you prefer a blank header, you can set it to a single\nspace (\" \").\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl -A \"Agent 007\" https://example.com\n\nSee also -H, --header and --proxy-header.\n\n#### -u, --user <user:password>\n\nSpecify the user name and password to use for  server  authentication.  Overrides  -n,\n--netrc and --netrc-optional.\n\nIf you simply specify the user name, curl will prompt for a password.\n\nThe user name and passwords are split up on the first colon, which makes it impossible\nto use a colon in the user name with this option. The password can, still.\n\nOn systems where it works, curl will hide the given option argument from process list‐\nings.  This  is  not enough to protect credentials from possibly getting seen by other\nusers on the same system as they will still be visible for a  moment  before  cleared.\nSuch  sensitive data should be retrieved from a file instead or similar and never used\nin clear text in a command line.\n\nWhen using Kerberos V5 with a Windows based server you should include the Windows  do‐\nmain  name in the user name, in order for the server to successfully obtain a Kerberos\nTicket. If you do not, then the initial authentication handshake may fail.\n\nWhen using NTLM, the user name can be specified simply as the user name,  without  the\ndomain, if there is a single domain and forest in your setup for example.\n\nTo  specify  the  domain  name use either Down-Level Logon Name or UPN (User Principal\nName) formats. For example, EXAMPLE\\user and user@example.com respectively.\n\nIf you use a Windows SSPI-enabled curl binary and perform Kerberos V5, Negotiate, NTLM\nor  Digest  authentication then you can tell curl to select the user name and password\nfrom your environment by specifying a single colon with this option: \"-u :\".\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl -u user:secret https://example.com\n\nSee also -n, --netrc and -K, --config.\n\n#### -v, --verbose\n\nMakes curl verbose during the operation. Useful for debugging and seeing what's  going\non  \"under  the  hood\". A line starting with '>' means \"header data\" sent by curl, '<'\nmeans \"header data\" received by curl that is hidden in normal cases, and a line start‐\ning with '*' means additional info provided by curl.\n\nIf you only want HTTP headers in the output, -i, --include might be the option you are\nlooking for.\n\nIf you think this option still does  not  give  you  enough  details,  consider  using\n--trace or --trace-ascii instead.\n\nThis option is global and does not need to be specified for each use of -:, --next.\n\nUse -s, --silent to make curl really quiet.\n\nExample:\ncurl --verbose https://example.com\n\nSee also -i, --include. This option overrides --trace and --trace-ascii.\n\n#### -V, --version\n\nDisplays information about curl and the libcurl version it uses.\n\nThe  first  line  includes  the  full version of curl, libcurl and other 3rd party li‐\nbraries linked with the executable.\n\nThe second line (starts with \"Protocols:\") shows all protocols that libcurl reports to\nsupport.\n\nThe  third  line  (starts with \"Features:\") shows specific features libcurl reports to\noffer. Available features include:\n\nalt-svc\nSupport for the Alt-Svc: header is provided.\n\nAsynchDNS\nThis curl uses asynchronous name resolves. Asynchronous name  resolves  can  be\ndone using either the c-ares or the threaded resolver backends.\n\nbrotli Support for automatic brotli compression over HTTP(S).\n\nCharConv\ncurl was built with support for character set conversions (like EBCDIC)\n\nDebug  This curl uses a libcurl built with Debug. This enables more error-tracking and\nmemory debugging etc. For curl-developers only!\n\ngsasl  The built-in SASL authentication includes extensions to support  SCRAM  because\nlibcurl was built with libgsasl.\n\nGSS-API\nGSS-API is supported.\n\nHSTS   HSTS support is present.\n\nHTTP2  HTTP/2 support has been built-in.\n\nHTTP3  HTTP/3 support has been built-in.\n\nHTTPS-proxy\nThis curl is built to support HTTPS proxy.\n\nIDN    This curl supports IDN - international domain names.\n\nIPv6   You can use IPv6 with this.\n\nKerberos\nKerberos V5 authentication is supported.\n\nLargefile\nThis curl supports transfers of large files, files larger than 2GB.\n\nlibz   Automatic  decompression  (via  gzip, deflate) of compressed files over HTTP is\nsupported.\n\nMultiSSL\nThis curl supports multiple TLS backends.\n\nNTLM   NTLM authentication is supported.\n\nNTLMWB\nNTLM delegation to winbind helper is supported.\n\nPSL    PSL is short for Public Suffix List and means that this  curl  has  been  built\nwith knowledge about \"public suffixes\".\n\nSPNEGO SPNEGO authentication is supported.\n\nSSL    SSL versions of various protocols are supported, such as HTTPS, FTPS, POP3S and\nso on.\n\nSSPI   SSPI is supported.\n\nTLS-SRP\nSRP (Secure Remote Password) authentication is supported for TLS.\n\nTrackMemory\nDebug memory tracking is supported.\n\nUnicode\nUnicode support on Windows.\n\nUnixSockets\nUnix sockets support is provided.\n\nzstd   Automatic decompression (via zstd) of compressed files over HTTP is supported.\n\nExample:\ncurl --version\n\nSee also -h, --help and -M, --manual.\n\n#### -w, --write-out <format>\n\nMake curl display information on stdout after a completed transfer. The  format  is  a\nstring  that may contain plain text mixed with any number of variables. The format can\nbe specified as a literal \"string\", or you can have curl read the format from  a  file\nwith \"@filename\" and to tell curl to read the format from stdin you write \"@-\".\n\nThe  variables  present  in the output format will be substituted by the value or text\nthat curl thinks fit, as described below.  All  variables  are  specified  as  %{vari‐\nablename}  and  to output a normal % you just write them as %%. You can output a new‐\nline by using \\n, a carriage return with \\r and a tab space with \\t.\n\nThe output will be written to standard output, but this can be  switched  to  standard\nerror by using %{stderr}.\n\nNOTE: The %-symbol is a special symbol in the win32-environment, where all occurrences\nof % must be doubled when using this option.\n\nThe variables available are:\n\ncontenttype   The Content-Type of the requested document, if there was any.\n\nerrormsg       The error message. (Added in 7.75.0)\n\nexitcode       The numerical exitcode of the transfer. (Added in 7.75.0)\n\nfilenameeffective\nThe ultimate filename that curl writes out to. This is only  meaningful\nif  curl  is  told to write to a file with the -O, --remote-name or -o,\n--output option. It's most useful in combination with the -J, --remote-\nheader-name option.\n\nftpentrypath The  initial  path  curl  ended up in when logging on to the remote FTP\nserver.\n\nhttpcode      The numerical response code  that  was  found  in  the  last  retrieved\nHTTP(S) or FTP(s) transfer.\n\nhttpconnect   The  numerical  code that was found in the last response (from a proxy)\nto a curl CONNECT request.\n\nhttpversion   The http version that was effectively used. (Added in 7.50.0)\n\njson           A JSON object with all available keys.\n\nlocalip       The IP address of the local end of the most recently done connection  -\ncan be either IPv4 or IPv6.\n\nlocalport     The local port number of the most recently done connection.\n\nmethod         The http method used in the most recent HTTP request. (Added in 7.72.0)\n\nnumconnects   Number of new connects made in the recent transfer.\n\nnumheaders    The number of response headers in the most recent request (restarted at\neach\nredirect). Note that the status line IS NOT a header. (Added in 7.73.0)\n\nnumredirects  Number of redirects that were followed in the request.\n\nonerror        The rest of the output is only shown if the transfer  returned  a  non-\nzero error (Added in 7.75.0)\n\nproxysslverifyresult\nThe  result of the HTTPS proxy's SSL peer certificate verification that\nwas requested. 0 means  the  verification  was  successful.  (Added  in\n7.52.0)\n\nredirecturl   When  an  HTTP  request was made without -L, --location to follow redi‐\nrects (or when --max-redirs is met), this variable will show the actual\nURL a redirect would have gone to.\n\nreferer        The Referer: header, if there was any. (Added in 7.76.0)\n\nremoteip      The remote IP address of the most recently done connection - can be ei‐\nther IPv4 or IPv6.\n\nremoteport    The remote port number of the most recently done connection.\n\nresponsecode  The numerical response code that was found in the last  transfer  (for‐\nmerly known as \"httpcode\").\n\nscheme         The  URL  scheme (sometimes called protocol) that was effectively used.\n(Added in 7.52.0)\n\nsizedownload  The total amount of bytes that were downloaded. This is the size of the\nbody/data that was transferred, excluding headers.\n\nsizeheader    The total amount of bytes of the downloaded headers.\n\nsizerequest   The total amount of bytes that were sent in the HTTP request.\n\nsizeupload    The  total  amount of bytes that were uploaded. This is the size of the\nbody/data that was transferred, excluding headers.\n\nspeeddownload The average download speed that curl measured for  the  complete  down‐\nload. Bytes per second.\n\nspeedupload   The  average  upload  speed that curl measured for the complete upload.\nBytes per second.\n\nsslverifyresult\nThe result of the SSL peer certificate verification that was requested.\n0 means the verification was successful.\n\nstderr         From this point on, the -w, --write-out output will be written to stan‐\ndard error. (Added in 7.63.0)\n\nstdout         From this point on, the -w, --write-out output will be written to stan‐\ndard output.  This is the default, but can be used to switch back after\nswitching to stderr.  (Added in 7.63.0)\n\ntimeappconnect\nThe time, in seconds, it took from the start until the SSL/SSH/etc con‐\nnect/handshake to the remote host was completed.\n\ntimeconnect   The  time,  in seconds, it took from the start until the TCP connect to\nthe remote host (or proxy) was completed.\n\ntimenamelookup\nThe time, in seconds, it took from the start until the  name  resolving\nwas completed.\n\ntimepretransfer\nThe  time,  in  seconds, it took from the start until the file transfer\nwas just about to begin. This includes all  pre-transfer  commands  and\nnegotiations that are specific to the particular protocol(s) involved.\n\ntimeredirect  The  time, in seconds, it took for all redirection steps including name\nlookup, connect, pretransfer and transfer before the final  transaction\nwas started. timeredirect shows the complete execution time for multi‐\nple redirections.\n\ntimestarttransfer\nThe time, in seconds, it took from the start until the first  byte  was\njust  about  to be transferred. This includes timepretransfer and also\nthe time the server needed to calculate the result.\n\ntimetotal     The total time, in seconds, that the full operation lasted.\n\nurl            The URL that was fetched. (Added in 7.75.0)\n\nurlnum         The URL index number of this transfer, 0-indexed. De-globbed URLs share\nthe same index number as the origin globbed URL. (Added in 7.75.0)\n\nurleffective  The URL that was fetched last. This is most meaningful if you have told\ncurl to follow location: headers.\n\nIf this option is used several times, the last one will be used.\n\nExample:\ncurl -w '%{httpcode}\\n' https://example.com\n\nSee also -v, --verbose and -I, --head.\n\n#### --xattr\n\nWhen saving output to a file, this option tells curl to store certain file metadata in\nextended file attributes. Currently, the URL is stored in the xdg.origin.url attribute\nand, for HTTP, the content type is stored in the mimetype attribute. If the file sys‐\ntem does not support extended attributes, a warning is issued.\n\nExample:\ncurl --xattr -o storage https://example.com\n\nSee also -R, --remote-time, -w, --write-out and -v, --verbose.\n\n### FILES\n\n~/.curlrc\nDefault config file, see -K, --config for details.\n\n### ENVIRONMENT\n\nThe  environment  variables can be specified in lower case or upper case. The lower case ver‐\nsion has precedence. httpproxy is an exception as it is only available in lower case.\n\nUsing an environment variable to set the proxy has the same effect as using the  -x,  --proxy\noption.\n\n\nhttpproxy [protocol://]<host>[:port]\nSets the proxy server to use for HTTP.\n\nHTTPSPROXY [protocol://]<host>[:port]\nSets the proxy server to use for HTTPS.\n\n[url-protocol]PROXY [protocol://]<host>[:port]\nSets the proxy server to use for [url-protocol], where the protocol is a protocol that\ncurl supports and as specified in a URL. FTP, FTPS, POP3, IMAP, SMTP, LDAP, etc.\n\nALLPROXY [protocol://]<host>[:port]\nSets the proxy server to use if no protocol-specific proxy is set.\n\nNOPROXY <comma-separated list of hosts/domains>\nlist of host names that should not go through any proxy. If set  to  an  asterisk  '*'\nonly,  it matches all hosts. Each name in this list is matched as either a domain name\nwhich contains the hostname, or the hostname itself.\n\nThis environment variable disables use of the proxy even when specified with  the  -x,\n--proxy  option.  That is NOPROXY=direct.example.com curl -x http://proxy.example.com\nhttp://direct.example.com accesses the target URL directly, and  NOPROXY=direct.exam‐‐\nple.com  curl  -x  http://proxy.example.com  http://somewhere.example.com accesses the\ntarget URL through the proxy.\n\nThe list of host names can also be include numerical IP addresses, and  IPv6  versions\nshould then be given without enclosing brackets.\n\nIPv6  numerical addresses are compared as strings, so they will only match if the rep‐\nresentations are the same: \"::1\" is the same as \"::0:1\" but they do not match.\n\nAPPDATA <dir>\nOn Windows, this variable is used when trying to find the home directory. If the  pri‐\nmary home variable are all unset.\n\nCOLUMNS <terminal width>\nIf set, the specified number of characters will be used as the terminal width when the\nalternative progress-bar is shown. If not set, curl will try to figure  it  out  using\nother ways.\n\nCURLCABUNDLE <file>\nIf set, will be used as the --cacert value.\n\nCURLHOME <dir>\nIf  set,  is the first variable curl checks when trying to find its home directory. If\nnot set, it continues to check XDGCONFIGHOME.\n\nCURLSSLBACKEND <TLS backend>\nIf curl was built with support for \"MultiSSL\", meaning that it  has  built-in  support\nfor more than one TLS backend, this environment variable can be set to the case insen‐\nsitive name of the particular backend to use when curl is invoked. Setting a name that\nis not a built-in alternative will make curl stay with the default.\n\nSSL  backend names (case-insensitive): bearssl, gnutls, gskit, mbedtls, mesalink, nss,\nopenssl, rustls, schannel, secure-transport, wolfssl\n\nHOME <dir>\nIf set, this is used to find the home directory when that is needed. Like when looking\nfor the default .curlrc. CURLHOME and XDGCONFIGHOME have preference.\n\nQLOGDIR <directory name>\nIf  curl  was  built with HTTP/3 support, setting this environment variable to a local\ndirectory will make curl produce qlogs in that directory, using file names named after\nthe  destination  connection  id  (in hex). Do note that these files can become rather\nlarge. Works with both QUIC backends.\n\nSHELL  Used on VMS when trying to detect if using a DCL or a \"unix\" shell.\n\nSSLCERTDIR <dir>\nIf set, will be used as the --capath value.\n\nSSLCERTFILE <path>\nIf set, will be used as the --cacert value.\n\nSSLKEYLOGFILE <file name>\nIf you set this environment variable to a file name, curl will store TLS secrets  from\nits  connections in that file when invoked to enable you to analyze the TLS traffic in\nreal time using network analyzing tools such as Wireshark. This works with the follow‐\ning TLS backends: OpenSSL, libressl, BoringSSL, GnuTLS, NSS and wolfSSL.\n\nUSERPROFILE <dir>\nOn  Windows,  this  variable  is  used  when trying to find the home directory. If the\nother, primary, variable are all unset. If set, curl  will  use  the  path  \"$USERPRO‐\nFILE\\Application Data\".\n\nXDGCONFIGHOME <dir>\nIf  CURLHOME  is not set, this variable is checked when looking for a default .curlrc\nfile.\n\n### PROXY PROTOCOL PREFIXES\n\nThe proxy string may be specified with a protocol:// prefix to specify alternative proxy pro‐\ntocols.\n\nIf  no  protocol is specified in the proxy string or if the string does not match a supported\none, the proxy will be treated as an HTTP proxy.\n\nThe supported proxy protocol prefixes are as follows:\n\nhttp://\nMakes it use it as an HTTP proxy. The default if no scheme prefix is used.\n\nhttps://\nMakes it treated as an HTTPS proxy.\n\nsocks4://\nMakes it the equivalent of --socks4\n\nsocks4a://\nMakes it the equivalent of --socks4a\n\nsocks5://\nMakes it the equivalent of --socks5\n\nsocks5h://\nMakes it the equivalent of --socks5-hostname\n\n### EXIT CODES\n\nThere are a bunch of different error codes and their corresponding error  messages  that  may\nappear under error conditions. At the time of this writing, the exit codes are:\n\n1      Unsupported protocol. This build of curl has no support for this protocol.\n\n2      Failed to initialize.\n\n3      URL malformed. The syntax was not correct.\n\n4      A  feature or option that was needed to perform the desired request was not enabled or\nwas explicitly disabled at build-time. To make curl able to do this, you probably need\nanother build of libcurl.\n\n5      Could not resolve proxy. The given proxy host could not be resolved.\n\n6      Could not resolve host. The given remote host could not be resolved.\n\n7      Failed to connect to host.\n\n8      Weird server reply. The server sent data curl could not parse.\n\n9      FTP access denied. The server denied login or denied access to the particular resource\nor directory you wanted to reach. Most often you tried to change to a  directory  that\ndoes not exist on the server.\n\n10     FTP  accept  failed.  While  waiting for the server to connect back when an active FTP\nsession is used, an error code was sent over the control connection or similar.\n\n11     FTP weird PASS reply. Curl could not parse the reply sent to the PASS request.\n\n12     During an active FTP session while waiting for the server to connect back to curl, the\ntimeout expired.\n\n13     FTP weird PASV reply, Curl could not parse the reply sent to the PASV request.\n\n14     FTP weird 227 format. Curl could not parse the 227-line the server sent.\n\n15     FTP cannot use host. Could not resolve the host IP we got in the 227-line.\n\n16     HTTP/2  error.  A  problem  was  detected in the HTTP2 framing layer. This is somewhat\ngeneric and can be one out of several problems, see the error message for details.\n\n17     FTP could not set binary. Could not change transfer method to binary.\n\n18     Partial file. Only a part of the file was transferred.\n\n19     FTP could not download/access the given file, the RETR (or similar) command failed.\n\n21     FTP quote error. A quote command returned error from the server.\n\n22     HTTP page not retrieved. The requested url was not found  or  returned  another  error\nwith  the  HTTP  error  code  being 400 or above. This return code only appears if -f,\n--fail is used.\n\n23     Write error. Curl could not write data to a local filesystem or similar.\n\n25     FTP could not STOR file. The server denied the STOR operation, used for FTP uploading.\n\n26     Read error. Various reading problems.\n\n27     Out of memory. A memory allocation request failed.\n\n28     Operation timeout. The specified time-out period was reached according to  the  condi‐\ntions.\n\n30     FTP  PORT  failed.  The PORT command failed. Not all FTP servers support the PORT com‐\nmand, try doing a transfer using PASV instead!\n\n31     FTP could not use REST. The REST command failed. This command is used for resumed  FTP\ntransfers.\n\n33     HTTP range error. The range \"command\" did not work.\n\n34     HTTP post error. Internal post-request generation error.\n\n35     SSL connect error. The SSL handshaking failed.\n\n36     Bad download resume. Could not continue an earlier aborted download.\n\n37     FILE could not read file. Failed to open the file. Permissions?\n\n38     LDAP cannot bind. LDAP bind operation failed.\n\n39     LDAP search failed.\n\n41     Function not found. A required LDAP function was not found.\n\n42     Aborted by callback. An application told curl to abort the operation.\n\n43     Internal error. A function was called with a bad parameter.\n\n45     Interface error. A specified outgoing interface could not be used.\n\n47     Too many redirects. When following redirects, curl hit the maximum amount.\n\n48     Unknown  option specified to libcurl. This indicates that you passed a weird option to\ncurl that was passed on to libcurl and rejected. Read up in the manual!\n\n49     Malformed telnet option.\n\n51     The peer's SSL certificate or SSH MD5 fingerprint was not OK.\n\n52     The server did not reply anything, which here is considered an error.\n\n53     SSL crypto engine not found.\n\n54     Cannot set SSL crypto engine as default.\n\n55     Failed sending network data.\n\n56     Failure in receiving network data.\n\n58     Problem with the local certificate.\n\n59     Could not use specified SSL cipher.\n\n60     Peer certificate cannot be authenticated with known CA certificates.\n\n61     Unrecognized transfer encoding.\n\n62     Invalid LDAP URL.\n\n63     Maximum file size exceeded.\n\n64     Requested FTP SSL level failed.\n\n65     Sending the data requires a rewind that failed.\n\n66     Failed to initialise SSL Engine.\n\n67     The user name, password, or similar was not accepted and curl failed to log in.\n\n68     File not found on TFTP server.\n\n69     Permission problem on TFTP server.\n\n70     Out of disk space on TFTP server.\n\n71     Illegal TFTP operation.\n\n72     Unknown TFTP transfer ID.\n\n73     File already exists (TFTP).\n\n74     No such user (TFTP).\n\n75     Character conversion failed.\n\n76     Character conversion functions required.\n\n77     Problem reading the SSL CA cert (path? access rights?).\n\n78     The resource referenced in the URL does not exist.\n\n79     An unspecified error occurred during the SSH session.\n\n80     Failed to shut down the SSL connection.\n\n82     Could not load CRL file, missing or wrong format.\n\n83     Issuer check failed.\n\n84     The FTP PRET command failed.\n\n85     Mismatch of RTSP CSeq numbers.\n\n86     Mismatch of RTSP Session Identifiers.\n\n87     Unable to parse FTP file list.\n\n88     FTP chunk callback reported error.\n\n89     No connection available, the session will be queued.\n\n90     SSL public key does not matched pinned public key.\n\n91     Invalid SSL certificate status.\n\n92     Stream error in HTTP/2 framing layer.\n\n93     An API function was called from inside a callback.\n\n94     An authentication function returned an error.\n\n95     A problem was detected in the HTTP/3 layer. This is somewhat generic and  can  be  one\nout of several problems, see the error message for details.\n\n96     QUIC  connection  error. This error may be caused by an SSL library error. QUIC is the\nprotocol used for HTTP/3 transfers.\n\nXX     More error codes will appear here in future releases. The existing ones are  meant  to\nnever change.\n\n### BUGS\n\nIf  you  experience  any  problems with curl, submit an issue in the project's bug tracker on\nGitHub: https://github.com/curl/curl/issues\n\n### AUTHORS / CONTRIBUTORS\n\nDaniel Stenberg is the main author, but the whole list of contributors is found in the  sepa‐\nrate THANKS file.\n\n### WWW\n\nhttps://curl.se\n\n### SEE ALSO\n\nftp(1), wget(1)\n\n\n\ncurl 7.81.0                                January 03 2022                                   curl(1)\n\n"
        }
    ],
    "structuredContent": {
        "command": "curl",
        "section": "",
        "mode": "man",
        "summary": "curl - transfer a URL",
        "synopsis": "",
        "flags": [
            {
                "flag": "",
                "long": "--abstract-unix-socket",
                "arg": "<path>",
                "description": "(HTTP) Connect through an abstract Unix domain socket, instead of using the network. Note: netstat shows the path of an abstract socket prefixed with '@', however the <path> argument should not have this leading character. Example: curl --abstract-unix-socket socketpath https://example.com See also --unix-socket. Added in 7.53.0."
            },
            {
                "flag": "",
                "long": "--alt-svc",
                "arg": null,
                "description": "(HTTPS) This option enables the alt-svc parser in curl. If the file name points to an existing alt-svc cache file, that will be used. After a completed transfer, the cache will be saved to the file name again if it has been modified. Specify a \"\" file name (zero length) to avoid loading/saving and make curl just handle the cache in memory. If this option is used several times, curl will load contents from all the files but the last one will be used for saving. Example: curl --alt-svc svc.txt https://example.com See also --resolve and --connect-to. Added in 7.64.1."
            },
            {
                "flag": "",
                "long": "--anyauth",
                "arg": null,
                "description": "(HTTP) Tells curl to figure out authentication method by itself, and use the most se‐ cure one the remote site claims to support. This is done by first doing a request and checking the response-headers, thus possibly inducing an extra network round-trip. This is used instead of setting a specific authentication method, which you can do with --basic, --digest, --ntlm, and --negotiate. Using --anyauth is not recommended if you do uploads from stdin, since it may require data to be sent twice and then the client must be able to rewind. If the need should arise when uploading from stdin, the upload operation will fail. Used together with -u, --user. Example: curl --anyauth --user me:pwd https://example.com See also --proxy-anyauth, --basic and --digest."
            },
            {
                "flag": "-a",
                "long": "--append",
                "arg": null,
                "description": "(FTP SFTP) When used in an upload, this makes curl append to the target file instead of overwriting it. If the remote file does not exist, it will be created. Note that this flag is ignored by some SFTP servers (including OpenSSH). Example: curl --upload-file local --append ftp://example.com/ See also -r, --range and -C, --continue-at. --aws-sigv4 <provider1[:provider2[:region[:service]]]> Use AWS V4 signature authentication in the transfer. The provider argument is a string that is used by the algorithm when creating outgoing authentication headers. The region argument is a string that points to a geographic area of a resources col‐ lection (region-code) when the region name is omitted from the endpoint. The service argument is a string that points to a function provided by a cloud (ser‐ vice-code) when the service name is omitted from the endpoint. Example: curl --aws-sigv4 \"aws:amz:east-2:es\" --user \"key:secret\" https://example.com See also --basic and -u, --user. Added in 7.75.0."
            },
            {
                "flag": "",
                "long": "--basic",
                "arg": null,
                "description": "(HTTP) Tells curl to use HTTP Basic authentication with the remote host. This is the default and this option is usually pointless, unless you use it to override a previ‐ ously set option that sets a different authentication method (such as --ntlm, --di‐ gest, or --negotiate). Used together with -u, --user. Example: curl -u name:password --basic https://example.com See also --proxy-basic."
            },
            {
                "flag": "",
                "long": "--cacert",
                "arg": "<file>",
                "description": "(TLS) Tells curl to use the specified certificate file to verify the peer. The file may contain multiple CA certificates. The certificate(s) must be in PEM format. Nor‐ mally curl is built to use a default file for this, so this option is typically used to alter that default file. curl recognizes the environment variable named 'CURLCABUNDLE' if it is set, and uses the given path as a path to a CA cert bundle. This option overrides that variable. The windows version of curl will automatically look for a CA certs file named 'curl- ca-bundle.crt', either in the same directory as curl.exe, or in the Current Working Directory, or in any folder along your PATH. If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module (lib‐ nsspem.so) needs to be available for this option to work properly. (iOS and macOS only) If curl is built against Secure Transport, then this option is supported for backward compatibility with other SSL engines, but it should not be set. If the option is not set, then curl will use the certificates in the system and user Keychain to verify the peer, which is the preferred method of verifying the peer's certificate chain. (Schannel only) This option is supported for Schannel in Windows 7 or later with libcurl 7.60 or later. This option is supported for backward compatibility with other SSL engines; instead it is recommended to use Windows' store of root certificates (the default for Schannel). If this option is used several times, the last one will be used. Example: curl --cacert CA-file.txt https://example.com See also --capath and -k, --insecure."
            },
            {
                "flag": "",
                "long": "--capath",
                "arg": "<dir>",
                "description": "(TLS) Tells curl to use the specified certificate directory to verify the peer. Multi‐ ple paths can be provided by separating them with \":\" (e.g. \"path1:path2:path3\"). The certificates must be in PEM format, and if curl is built against OpenSSL, the direc‐ tory must have been processed using the crehash utility supplied with OpenSSL. Using --capath can allow OpenSSL-powered curl to make SSL-connections much more efficiently than using --cacert if the --cacert file contains many CA certificates. If this option is set, the default capath value will be ignored, and if it is used several times, the last one will be used. Example: curl --capath /local/directory https://example.com See also --cacert and -k, --insecure."
            },
            {
                "flag": "",
                "long": "--cert-status",
                "arg": null,
                "description": "(TLS) Tells curl to verify the status of the server certificate by using the Certifi‐ cate Status Request (aka. OCSP stapling) TLS extension. If this option is enabled and the server sends an invalid (e.g. expired) response, if the response suggests that the server certificate has been revoked, or no response at all is received, the verification fails. This is currently only implemented in the OpenSSL, GnuTLS and NSS backends. Example: curl --cert-status https://example.com See also --pinnedpubkey. Added in 7.41.0."
            },
            {
                "flag": "",
                "long": "--cert-type",
                "arg": "<type>",
                "description": "(TLS) Tells curl what type the provided client certificate is using. PEM, DER, ENG and P12 are recognized types. If not specified, PEM is assumed. If this option is used several times, the last one will be used. Example: curl --cert-type PEM --cert file https://example.com See also -E, --cert, --key and --key-type. -E, --cert <certificate[:password]> (TLS) Tells curl to use the specified client certificate file when getting a file with HTTPS, FTPS or another SSL-based protocol. The certificate must be in PKCS#12 format if using Secure Transport, or PEM format if using any other engine. If the optional password is not specified, it will be queried for on the terminal. Note that this op‐ tion assumes a \"certificate\" file that is the private key and the client certificate concatenated! See -E, --cert and --key to specify them independently. If curl is built against the NSS SSL library then this option can tell curl the nick‐ name of the certificate to use within the NSS database defined by the environment variable SSLDIR (or by default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (lib‐ nsspem.so) is available then PEM files may be loaded. If you want to use a file from the current directory, please precede it with \"./\" prefix, in order to avoid confusion with a nickname. If the nickname contains \":\", it needs to be preceded by \"\\\" so that it is not recognized as password delimiter. If the nickname contains \"\\\", it needs to be escaped as \"\\\\\" so that it is not recognized as an escape character. If curl is built against OpenSSL library, and the engine pkcs11 is available, then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in a PKCS#11 de‐ vice. A string beginning with \"pkcs11:\" will be interpreted as a PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set as \"pkcs11\" if none was provided and the --cert-type option will be set as \"ENG\" if none was provided. (iOS and macOS only) If curl is built against Secure Transport, then the certificate string can either be the name of a certificate/private key in the system or user key‐ chain, or the path to a PKCS#12-encoded certificate and private key. If you want to use a file from the current directory, please precede it with \"./\" prefix, in order to avoid confusion with a nickname. (Schannel only) Client certificates must be specified by a path expression to a cer‐ tificate store. (Loading PFX is not supported; you can import it to a store first). You can use \"<store location>\\<store name>\\<thumbprint>\" to refer to a certificate in the system certificates store, for example, \"Curren‐ tUser\\MY\\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a\". Thumbprint is usually a SHA-1 hex string which you can see in certificate details. Following store locations are sup‐ ported: CurrentUser, LocalMachine, CurrentService, Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy, LocalMachineEnterprise. If this option is used several times, the last one will be used. Example: curl --cert certfile --key keyfile https://example.com See also --cert-type, --key and --key-type."
            },
            {
                "flag": "",
                "long": "--ciphers",
                "arg": null,
                "description": "(TLS) Specifies which ciphers to use in the connection. The list of ciphers must spec‐ ify valid ciphers. Read up on SSL cipher list details on this URL: https://curl.se/docs/ssl-ciphers.html If this option is used several times, the last one will be used. Example: curl --ciphers ECDHE-ECDSA-AES256-CCM8 https://example.com See also --tlsv1.3."
            },
            {
                "flag": "",
                "long": "--compressed-ssh",
                "arg": null,
                "description": "(SCP SFTP) Enables built-in SSH compression. This is a request, not an order; the server may or may not do it. Example: curl --compressed-ssh sftp://example.com/ See also --compressed. Added in 7.56.0."
            },
            {
                "flag": "",
                "long": "--compressed",
                "arg": null,
                "description": "(HTTP) Request a compressed response using one of the algorithms curl supports, and automatically decompress the content. Headers are not modified. If this option is used and the server sends an unsupported encoding, curl will report an error. This is a request, not an order; the server may or may not deliver data com‐ pressed. Example: curl --compressed https://example.com See also --compressed-ssh."
            },
            {
                "flag": "-K",
                "long": "--config",
                "arg": "<file>",
                "description": "Specify a text file to read curl arguments from. The command line arguments found in the text file will be used as if they were provided on the command line. Options and their parameters must be specified on the same line in the file, separated by whitespace, colon, or the equals sign. Long option names can optionally be given in the config file without the initial double dashes and if so, the colon or equals char‐ acters can be used as separators. If the option is specified with one or two dashes, there can be no colon or equals character between the option and its parameter. If the parameter contains whitespace (or starts with : or =), the parameter must be enclosed within quotes. Within double quotes, the following escape sequences are available: \\\\, \\\", \\t, \\n, \\r and \\v. A backslash preceding any other letter is ig‐ nored. If the first column of a config line is a '#' character, the rest of the line will be treated as a comment. Only write one option per physical line in the config file. Specify the filename to -K, --config as '-' to make curl read the file from stdin. Note that to be able to specify a URL in the config file, you need to specify it using the --url option, and not by simply writing the URL on its own line. So, it could look similar to this: url = \"https://curl.se/docs/\" # --- Example file --- # this is a comment url = \"example.com\" output = \"curlhere.html\" user-agent = \"superagent/1.0\" # and fetch another URL too url = \"example.com/docs/manpage.html\" -O referer = \"http://nowhereatall.example.com/\" # --- End of example file --- When curl is invoked, it (unless -q, --disable is used) checks for a default config file and uses it if found, even when -K, --config is used. The default config file is checked for in the following places in this order: 1) \"$CURLHOME/.curlrc\" 2) \"$XDGCONFIGHOME/.curlrc\" (Added in 7.73.0) 3) \"$HOME/.curlrc\" 4) Windows: \"%USERPROFILE%\\.curlrc\" 5) Windows: \"%APPDATA%\\.curlrc\" 6) Windows: \"%USERPROFILE%\\Application Data\\.curlrc\" 7) Non-windows: use getpwuid to find the home directory 8) On windows, if it finds no .curlrc file in the sequence described above, it checks for one in the same dir the curl executable is placed. This option can be used multiple times to load multiple config files. Example: curl --config file.txt https://example.com See also -q, --disable."
            },
            {
                "flag": "",
                "long": "--connect-timeout",
                "arg": null,
                "description": "Maximum time in seconds that you allow curl's connection to take. This only limits the connection phase, so if curl connects within the given period it will continue - if not it will exit. Since version 7.32.0, this option accepts decimal values. If this option is used several times, the last one will be used. Examples: curl --connect-timeout 20 https://example.com curl --connect-timeout 3.14 https://example.com See also -m, --max-time."
            },
            {
                "flag": "",
                "long": "--connect-to",
                "arg": "<HOST1:PORT1:HOST2:PORT2>",
                "description": "For a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead. This op‐ tion is suitable to direct requests at a specific server, e.g. at a specific cluster node in a cluster of servers. This option is only used to establish the network con‐ nection. It does NOT affect the hostname/port that is used for TLS/SSL (e.g. SNI, cer‐ tificate verification) or for the application protocols. \"HOST1\" and \"PORT1\" may be the empty string, meaning \"any host/port\". \"HOST2\" and \"PORT2\" may also be the empty string, meaning \"use the request's original host/port\". A \"host\" specified to this option is compared as a string, so it needs to match the name used in request URL. It can be either numerical such as \"127.0.0.1\" or the full host name such as \"example.org\". This option can be used many times to add many connect rules. Example: curl --connect-to example.com:443:example.net:8443 https://example.com See also --resolve and -H, --header. Added in 7.49.0."
            },
            {
                "flag": "-C",
                "long": "--continue-at",
                "arg": "<offset>",
                "description": "Continue/Resume a previous file transfer at the given offset. The given offset is the exact number of bytes that will be skipped, counting from the beginning of the source file before it is transferred to the destination. If used with uploads, the FTP server command SIZE will not be used by curl. Use \"-C -\" to tell curl to automatically find out where/how to resume the transfer. It then uses the given output/input files to figure that out. If this option is used several times, the last one will be used. Examples: curl -C - https://example.com curl -C 400 https://example.com See also -r, --range."
            },
            {
                "flag": "-c",
                "long": "--cookie-jar",
                "arg": "<filename>",
                "description": "(HTTP) Specify to which file you want curl to write all cookies after a completed op‐ eration. Curl writes all cookies from its in-memory cookie storage to the given file at the end of operations. If no cookies are known, no data will be written. The file will be written using the Netscape cookie file format. If you set the file name to a single dash, \"-\", the cookies will be written to stdout. This command line option will activate the cookie engine that makes curl record and use cookies. Another way to activate it is to use the -b, --cookie option. If the cookie jar cannot be created or written to, the whole curl operation will not fail or even report an error clearly. Using -v, --verbose will get a warning dis‐ played, but that is the only visible feedback you get about this possibly lethal situ‐ ation. If this option is used several times, the last specified file name will be used. Examples: curl -c store-here.txt https://example.com curl -c store-here.txt -b read-these https://example.com See also -b, --cookie."
            },
            {
                "flag": "-b",
                "long": "--cookie",
                "arg": "<data|filename>",
                "description": "(HTTP) Pass the data to the HTTP server in the Cookie header. It is supposedly the data previously received from the server in a \"Set-Cookie:\" line. The data should be in the format \"NAME1=VALUE1; NAME2=VALUE2\". If no '=' symbol is used in the argument, it is instead treated as a filename to read previously stored cookie from. This option also activates the cookie engine which will make curl record incoming cookies, which may be handy if you are using this in combi‐ nation with the -L, --location option or do multiple URL transfers on the same invoke. If the file name is exactly a minus (\"-\"), curl will instead read the contents from stdin. The file format of the file to read cookies from should be plain HTTP headers (Set- Cookie style) or the Netscape/Mozilla cookie file format. The file specified with -b, --cookie is only used as input. No cookies will be written to the file. To store cookies, use the -c, --cookie-jar option. If you use the Set-Cookie file format and do not specify a domain then the cookie is not sent since the domain will never match. To address this, set a domain in Set- Cookie line (doing that will include sub-domains) or preferably: use the Netscape for‐ mat. This option can be used multiple times. Users often want to both read cookies from a file and write updated cookies back to a file, so using both -b, --cookie and -c, --cookie-jar in the same command line is com‐ mon. Examples: curl -b cookiefile https://example.com curl -b cookiefile -c cookiefile https://example.com See also -c, --cookie-jar and -j, --junk-session-cookies."
            },
            {
                "flag": "",
                "long": "--create-dirs",
                "arg": null,
                "description": "When used in conjunction with the -o, --output option, curl will create the necessary local directory hierarchy as needed. This option creates the directories mentioned with the -o, --output option, nothing else. If the --output file name uses no direc‐ tory, or if the directories it mentions already exist, no directories will be created. Created dirs are made with mode 0750 on unix style file systems. To create remote directories when using FTP or SFTP, try --ftp-create-dirs. Example: curl --create-dirs --output local/dir/file https://example.com See also --ftp-create-dirs and --output-dir."
            },
            {
                "flag": "",
                "long": "--create-file-mode",
                "arg": "<mode>",
                "description": "(SFTP SCP FILE) When curl is used to create files remotely using one of the supported protocols, this option allows the user to set which 'mode' to set on the file at cre‐ ation time, instead of the default 0644. This option takes an octal number as argument. If this option is used several times, the last one will be used. Example: curl --create-file-mode 0777 -T localfile sftp://example.com/new See also --ftp-create-dirs. Added in 7.75.0. --crlf (FTP SMTP) Convert LF to CRLF in upload. Useful for MVS (OS/390). (SMTP added in 7.40.0) Example: curl --crlf -T file ftp://example.com/ See also -B, --use-ascii."
            },
            {
                "flag": "",
                "long": "--crlfile",
                "arg": "<file>",
                "description": "(TLS) Provide a file using PEM format with a Certificate Revocation List that may specify peer certificates that are to be considered revoked. If this option is used several times, the last one will be used. Example: curl --crlfile rejects.txt https://example.com See also --cacert and --capath."
            },
            {
                "flag": "",
                "long": "--curves",
                "arg": null,
                "description": "(TLS) Tells curl to request specific curves to use during SSL session establishment according to RFC 8422, 5.1. Multiple algorithms can be provided by separating them with \":\" (e.g. \"X25519:P-521\"). The parameter is available identically in the \"openssl sclient/sserver\" utilities. --curves allows a OpenSSL powered curl to make SSL-connections with exactly the (EC) curve requested by the client, avoiding nontransparent client/server negotiations. If this option is set, the default curves list built into openssl will be ignored. Example: curl --curves X25519 https://example.com See also --ciphers. Added in 7.73.0."
            },
            {
                "flag": "",
                "long": "--data-ascii",
                "arg": "<data>",
                "description": "(HTTP) This is just an alias for -d, --data. Example: curl --data-ascii @file https://example.com See also --data-binary, --data-raw and --data-urlencode."
            },
            {
                "flag": "",
                "long": "--data-binary",
                "arg": "<data>",
                "description": "(HTTP) This posts data exactly as specified with no extra processing whatsoever. If you start the data with the letter @, the rest should be a filename. Data is posted in a similar manner as -d, --data does, except that newlines and carriage returns are preserved and conversions are never done. Like -d, --data the default content-type sent to the server is application/x-www-form- urlencoded. If you want the data to be treated as arbitrary binary data by the server then set the content-type to octet-stream: -H \"Content-Type: application/octet- stream\". If this option is used several times, the ones following the first will append data as described in -d, --data. Example: curl --data-binary @filename https://example.com See also --data-ascii."
            },
            {
                "flag": "",
                "long": "--data-raw",
                "arg": "<data>",
                "description": "(HTTP) This posts data similarly to -d, --data but without the special interpretation of the @ character. Examples: curl --data-raw \"hello\" https://example.com curl --data-raw \"@at@at@\" https://example.com See also -d, --data. Added in 7.43.0."
            },
            {
                "flag": "",
                "long": "--data-urlencode",
                "arg": "<data>",
                "description": "(HTTP) This posts data, similar to the other -d, --data options with the exception that this performs URL-encoding. To be CGI-compliant, the <data> part should begin with a name followed by a separator and a content specification. The <data> part can be passed to curl using one of the following syntaxes: content This will make curl URL-encode the content and pass that on. Just be careful so that the content does not contain any = or @ symbols, as that will then make the syntax match one of the other cases below! =content This will make curl URL-encode the content and pass that on. The preceding = symbol is not included in the data. name=content This will make curl URL-encode the content part and pass that on. Note that the name part is expected to be URL-encoded already. @filename This will make curl load data from the given file (including any newlines), URL-encode that data and pass it on in the POST. name@filename This will make curl load data from the given file (including any newlines), URL-encode that data and pass it on in the POST. The name part gets an equal sign appended, resulting in name=urlencoded-file-content. Note that the name is expected to be URL-encoded already. Examples: curl --data-urlencode name=val https://example.com curl --data-urlencode =encodethis https://example.com curl --data-urlencode name@file https://example.com curl --data-urlencode @fileonly https://example.com See also -d, --data and --data-raw."
            },
            {
                "flag": "-d",
                "long": "--data",
                "arg": "<data>",
                "description": "(HTTP MQTT) Sends the specified data in a POST request to the HTTP server, in the same way that a browser does when a user has filled in an HTML form and presses the submit button. This will cause curl to pass the data to the server using the content-type ap‐ plication/x-www-form-urlencoded. Compare to -F, --form. --data-raw is almost the same but does not have a special interpretation of the @ character. To post data purely binary, you should instead use the --data-binary op‐ tion. To URL-encode the value of a form field you may use --data-urlencode. If any of these options is used more than once on the same command line, the data pieces specified will be merged with a separating &-symbol. Thus, using '-d name=daniel -d skill=lousy' would generate a post chunk that looks like 'name=daniel&skill=lousy'. If you start the data with the letter @, the rest should be a file name to read the data from, or - if you want curl to read the data from stdin. Posting data from a file named 'foobar' would thus be done with -d, --data @foobar. When -d, --data is told to read from a file like that, carriage returns and newlines will be stripped out. If you do not want the @ character to have a special interpretation use --data-raw instead. Examples: curl -d \"name=curl\" https://example.com curl -d \"name=curl\" -d \"tool=cmdline\" https://example.com curl -d @filename https://example.com See also --data-binary, --data-urlencode and --data-raw. This option overrides -F, --form and -I, --head and -T, --upload-file."
            },
            {
                "flag": "",
                "long": "--delegation",
                "arg": "<LEVEL>",
                "description": "(GSS/kerberos) Set LEVEL to tell the server what it is allowed to delegate when it comes to user credentials. none Do not allow any delegation. policy Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos service ticket, which is a matter of realm policy. always Unconditionally allow the server to delegate. If this option is used several times, the last one will be used. Example: curl --delegation \"none\" https://example.com See also -k, --insecure and --ssl."
            },
            {
                "flag": "",
                "long": "--digest",
                "arg": null,
                "description": "(HTTP) Enables HTTP Digest authentication. This is an authentication scheme that pre‐ vents the password from being sent over the wire in clear text. Use this in combina‐ tion with the normal -u, --user option to set user name and password. If this option is used several times, only the first one is used. Example: curl -u name:password --digest https://example.com See also -u, --user, --proxy-digest and --anyauth. This option overrides --basic and --ntlm and --negotiate."
            },
            {
                "flag": "",
                "long": "--disable-eprt",
                "arg": null,
                "description": "(FTP) Tell curl to disable the use of the EPRT and LPRT commands when doing active FTP transfers. Curl will normally always first attempt to use EPRT, then LPRT before using PORT, but with this option, it will use PORT right away. EPRT and LPRT are extensions to the original FTP protocol, and may not work on all servers, but they enable more functionality in a better way than the traditional PORT command. --eprt can be used to explicitly enable EPRT again and --no-eprt is an alias for --disable-eprt. If the server is accessed using IPv6, this option will have no effect as EPRT is nec‐ essary then. Disabling EPRT only changes the active behavior. If you want to switch to passive mode you need to not use -P, --ftp-port or force it with --ftp-pasv. Example: curl --disable-eprt ftp://example.com/ See also --disable-epsv and -P, --ftp-port."
            },
            {
                "flag": "",
                "long": "--disable-epsv",
                "arg": null,
                "description": "(FTP) Tell curl to disable the use of the EPSV command when doing passive FTP trans‐ fers. Curl will normally always first attempt to use EPSV before PASV, but with this option, it will not try using EPSV. --epsv can be used to explicitly enable EPSV again and --no-epsv is an alias for --disable-epsv. If the server is an IPv6 host, this option will have no effect as EPSV is necessary then. Disabling EPSV only changes the passive behavior. If you want to switch to active mode you need to use -P, --ftp-port. Example: curl --disable-epsv ftp://example.com/ See also --disable-eprt and -P, --ftp-port."
            },
            {
                "flag": "-q",
                "long": "--disable",
                "arg": null,
                "description": "If used as the first parameter on the command line, the curlrc config file will not be read and used. See the -K, --config for details on the default config file search path. Example: curl -q https://example.com See also -K, --config."
            },
            {
                "flag": "",
                "long": "--disallow-username-in-url",
                "arg": null,
                "description": "(HTTP) This tells curl to exit if passed a url containing a username. This is probably most useful when the URL is being provided at run-time or similar. Example: curl --disallow-username-in-url https://example.com See also --proto. Added in 7.61.0."
            },
            {
                "flag": "",
                "long": "--dns-interface",
                "arg": "<interface>",
                "description": "(DNS) Tell curl to send outgoing DNS requests through <interface>. This option is a counterpart to --interface (which does not affect DNS). The supplied string must be an interface name (not an address). Example: curl --dns-interface eth0 https://example.com See also --dns-ipv4-addr and --dns-ipv6-addr. --dns-interface requires that the under‐ lying libcurl was built to support c-ares. Added in 7.33.0."
            },
            {
                "flag": "",
                "long": "--dns-ipv4-addr",
                "arg": "<address>",
                "description": "(DNS) Tell curl to bind to <ip-address> when making IPv4 DNS requests, so that the DNS requests originate from this address. The argument should be a single IPv4 address. If this option is used several times, the last one will be used. Example: curl --dns-ipv4-addr 10.1.2.3 https://example.com See also --dns-interface and --dns-ipv6-addr. --dns-ipv4-addr requires that the under‐ lying libcurl was built to support c-ares. Added in 7.33.0."
            },
            {
                "flag": "",
                "long": "--dns-ipv6-addr",
                "arg": "<address>",
                "description": "(DNS) Tell curl to bind to <ip-address> when making IPv6 DNS requests, so that the DNS requests originate from this address. The argument should be a single IPv6 address. If this option is used several times, the last one will be used. Example: curl --dns-ipv6-addr 2a04:4e42::561 https://example.com See also --dns-interface and --dns-ipv4-addr. --dns-ipv6-addr requires that the under‐ lying libcurl was built to support c-ares. Added in 7.33.0."
            },
            {
                "flag": "",
                "long": "--dns-servers",
                "arg": "<addresses>",
                "description": "Set the list of DNS servers to be used instead of the system default. The list of IP addresses should be separated with commas. Port numbers may also optionally be given as :<port-number> after each IP address. If this option is used several times, the last one will be used. Example: curl --dns-servers 192.168.0.1,192.168.0.2 https://example.com See also --dns-interface and --dns-ipv4-addr. --dns-servers requires that the underly‐ ing libcurl was built to support c-ares. Added in 7.33.0."
            },
            {
                "flag": "",
                "long": "--doh-cert-status",
                "arg": null,
                "description": "Same as --cert-status but used for DoH (DNS-over-HTTPS). Example: curl --doh-cert-status --doh-url https://doh.example https://example.com See also --doh-insecure. Added in 7.76.0."
            },
            {
                "flag": "",
                "long": "--doh-insecure",
                "arg": null,
                "description": "Same as -k, --insecure but used for DoH (DNS-over-HTTPS). Example: curl --doh-insecure --doh-url https://doh.example https://example.com See also --doh-url. Added in 7.76.0."
            },
            {
                "flag": "",
                "long": "--doh-url",
                "arg": "<URL>",
                "description": "Specifies which DNS-over-HTTPS (DoH) server to use to resolve hostnames, instead of using the default name resolver mechanism. The URL must be HTTPS. Some SSL options that you set for your transfer will apply to DoH since the name lookups take place over SSL. However, the certificate verification settings are not inherited and can be controlled separately via --doh-insecure and --doh-cert-status. If this option is used several times, the last one will be used. Example: curl --doh-url https://doh.example https://example.com See also --doh-insecure. Added in 7.62.0."
            },
            {
                "flag": "-D",
                "long": "--dump-header",
                "arg": "<filename>",
                "description": "(HTTP FTP) Write the received protocol headers to the specified file. If no headers are received, the use of this option will create an empty file. When used in FTP, the FTP server response lines are considered being \"headers\" and thus are saved there. If this option is used several times, the last one will be used. Example: curl --dump-header store.txt https://example.com See also -o, --output."
            },
            {
                "flag": "",
                "long": "--egd-file",
                "arg": "<file>",
                "description": "(TLS) Specify the path name to the Entropy Gathering Daemon socket. The socket is used to seed the random engine for SSL connections. Example: curl --egd-file /random/here https://example.com See also --random-file."
            },
            {
                "flag": "",
                "long": "--engine",
                "arg": "<name>",
                "description": "(TLS) Select the OpenSSL crypto engine to use for cipher operations. Use --engine list to print a list of build-time supported engines. Note that not all (and possibly none) of the engines may be available at run-time. Example: curl --engine flavor https://example.com See also --ciphers and --curves."
            },
            {
                "flag": "",
                "long": "--etag-compare",
                "arg": "<file>",
                "description": "(HTTP) This option makes a conditional HTTP request for the specific ETag read from the given file by sending a custom If-None-Match header using the stored ETag. For correct results, make sure that the specified file contains only a single line with the desired ETag. An empty file is parsed as an empty ETag. Use the option --etag-save to first save the ETag from a response, and then use this option to compare against the saved ETag in a subsequent request. Example: curl --etag-compare etag.txt https://example.com See also --etag-save and -z, --time-cond. Added in 7.68.0."
            },
            {
                "flag": "",
                "long": "--etag-save",
                "arg": "<file>",
                "description": "(HTTP) This option saves an HTTP ETag to the specified file. An ETag is a caching re‐ lated header, usually returned in a response. If no ETag is sent by the server, an empty file is created. Example: curl --etag-save storetag.txt https://example.com See also --etag-compare. Added in 7.68.0."
            },
            {
                "flag": "",
                "long": "--expect100-timeout",
                "arg": "<seconds>",
                "description": "(HTTP) Maximum time in seconds that you allow curl to wait for a 100-continue response when curl emits an Expects: 100-continue header in its request. By default curl will wait one second. This option accepts decimal values! When curl stops waiting, it will continue as if the response has been received. Example: curl --expect100-timeout 2.5 -T file https://example.com See also --connect-timeout. Added in 7.47.0."
            },
            {
                "flag": "",
                "long": "--fail-early",
                "arg": null,
                "description": "Fail and exit on the first detected transfer error. When curl is used to do multiple transfers on the command line, it will attempt to op‐ erate on each given URL, one by one. By default, it will ignore errors if there are more URLs given and the last URL's success will determine the error code curl returns. So early failures will be \"hidden\" by subsequent successful transfers. Using this option, curl will instead return an error on the first transfer that fails, independent of the amount of URLs that are given on the command line. This way, no transfer failures go undetected by scripts and similar. This option is global and does not need to be specified for each use of -:, --next. This option does not imply -f, --fail, which causes transfers to fail due to the server's HTTP status code. You can combine the two options, however note -f, --fail is not global and is therefore contained by -:, --next. Example: curl --fail-early https://example.com https://two.example See also -f, --fail and --fail-with-body. Added in 7.52.0."
            },
            {
                "flag": "",
                "long": "--fail-with-body",
                "arg": null,
                "description": "(HTTP) Return an error on server errors where the HTTP response code is 400 or greater). In normal cases when an HTTP server fails to deliver a document, it returns an HTML document stating so (which often also describes why and more). This flag will still allow curl to output and save that content but also to return error 22. This is an alternative option to -f, --fail which makes curl fail for the same circum‐ stances but without saving the content. Example: curl --fail-with-body https://example.com See also -f, --fail. Added in 7.76.0."
            },
            {
                "flag": "-f",
                "long": "--fail",
                "arg": null,
                "description": "(HTTP) Fail silently (no output at all) on server errors. This is mostly done to en‐ able scripts etc to better deal with failed attempts. In normal cases when an HTTP server fails to deliver a document, it returns an HTML document stating so (which of‐ ten also describes why and more). This flag will prevent curl from outputting that and return error 22. This method is not fail-safe and there are occasions where non-successful response codes will slip through, especially when authentication is involved (response codes 401 and 407). Example: curl --fail https://example.com See also --fail-with-body."
            },
            {
                "flag": "",
                "long": "--false-start",
                "arg": null,
                "description": "(TLS) Tells curl to use false start during the TLS handshake. False start is a mode where a TLS client will start sending application data before verifying the server's Finished message, thus saving a round trip when performing a full handshake. This is currently only implemented in the NSS and Secure Transport (on iOS 7.0 or later, or OS X 10.9 or later) backends. Example: curl --false-start https://example.com See also --tcp-fastopen. Added in 7.42.0."
            },
            {
                "flag": "",
                "long": "--form-escape",
                "arg": null,
                "description": "(HTTP) Tells curl to pass on names of multipart form fields and files using backslash- escaping instead of percent-encoding. Example: curl --form-escape --form 'field\\name=curl' 'file=@load\"this' https://example.com See also -F, --form. Added in 7.81.0."
            },
            {
                "flag": "",
                "long": "--form-string",
                "arg": "<name=string>",
                "description": "(HTTP SMTP IMAP) Similar to -F, --form except that the value string for the named pa‐ rameter is used literally. Leading '@' and '<' characters, and the ';type=' string in the value have no special meaning. Use this in preference to -F, --form if there's any possibility that the string value may accidentally trigger the '@' or '<' features of -F, --form. Example: curl --form-string \"data\" https://example.com See also -F, --form."
            },
            {
                "flag": "-F",
                "long": "--form",
                "arg": "<name=content>",
                "description": "(HTTP SMTP IMAP) For HTTP protocol family, this lets curl emulate a filled-in form in which a user has pressed the submit button. This causes curl to POST data using the Content-Type multipart/form-data according to RFC 2388. For SMTP and IMAP protocols, this is the means to compose a multipart mail message to transmit. This enables uploading of binary files etc. To force the 'content' part to be a file, prefix the file name with an @ sign. To just get the content part from a file, prefix the file name with the symbol <. The difference between @ and < is then that @ makes a file get attached in the post as a file upload, while the < makes a text field and just get the contents for that text field from a file. Tell curl to read content from stdin instead of a file by using - as filename. This goes for both @ and < constructs. When stdin is used, the contents is buffered in mem‐ ory first by curl to determine its size and allow a possible resend. Defining a part's data from a named non-regular file (such as a named pipe or similar) is unfortunately not subject to buffering and will be effectively read at transmission time; since the full size is unknown before the transfer starts, such data is sent as chunks by HTTP and rejected by IMAP. Example: send an image to an HTTP server, where 'profile' is the name of the form- field to which the file portrait.jpg will be the input: curl -F profile=@portrait.jpg https://example.com/upload.cgi Example: send your name and shoe size in two text fields to the server: curl -F name=John -F shoesize=11 https://example.com/ Example: send your essay in a text field to the server. Send it as a plain text field, but get the contents for it from a local file: curl -F \"story=<hugefile.txt\" https://example.com/ You can also tell curl what Content-Type to use by using 'type=', in a manner similar to: curl -F \"web=@index.html;type=text/html\" example.com or curl -F \"name=daniel;type=text/foo\" example.com You can also explicitly change the name field of a file upload part by setting file‐ name=, like this: curl -F \"file=@localfile;filename=nameinpost\" example.com If filename/path contains ',' or ';', it must be quoted by double-quotes like: curl -F \"file=@\\\"local,file\\\";filename=\\\"name;in;post\\\"\" example.com or curl -F 'file=@\"local,file\";filename=\"name;in;post\"' example.com Note that if a filename/path is quoted by double-quotes, any double-quote or backslash within the filename must be escaped by backslash. Quoting must also be applied to non-file data if it contains semicolons, lead‐ ing/trailing spaces or leading double quotes: curl -F 'colors=\"red; green; blue\";type=text/x-myapp' example.com You can add custom headers to the field by setting headers=, like curl -F \"submit=OK;headers=\\\"X-submit-type: OK\\\"\" example.com or curl -F \"submit=OK;headers=@headerfile\" example.com The headers= keyword may appear more that once and above notes about quoting apply. When headers are read from a file, Empty lines and lines starting with '#' are com‐ ments and ignored; each header can be folded by splitting between two words and start‐ ing the continuation line with a space; embedded carriage-returns and trailing spaces are stripped. Here is an example of a header file contents: # This file contain two headers. X-header-1: this is a header # The following header is folded. X-header-2: this is another header To support sending multipart mail messages, the syntax is extended as follows: - name can be omitted: the equal sign is the first character of the argument, - if data starts with '(', this signals to start a new multipart: it can be followed by a content type specification. - a multipart can be terminated with a '=)' argument. Example: the following command sends an SMTP mime email consisting in an inline part in two alternative formats: plain text and HTML. It attaches a text file: curl -F '=(;type=multipart/alternative' \\ -F '=plain text message' \\ -F '= <body>HTML message</body>;type=text/html' \\ -F '=)' -F '=@textfile.txt' ... smtp://example.com Data can be encoded for transfer using encoder=. Available encodings are binary and 8bit that do nothing else than adding the corresponding Content-Transfer-Encoding header, 7bit that only rejects 8-bit characters with a transfer error, quoted-print‐ able and base64 that encodes data according to the corresponding schemes, limiting lines length to 76 characters. Example: send multipart mail with a quoted-printable text message and a base64 at‐ tached file: curl -F '=text message;encoder=quoted-printable' \\ -F '=@localfile;encoder=base64' ... smtp://example.com See further examples and details in the MANUAL. This option can be used multiple times. Example: curl --form \"name=curl\" --form \"file=@loadthis\" https://example.com See also -d, --data, --form-string and --form-escape. This option overrides -d, --data and -I, --head and -T, --upload-file."
            },
            {
                "flag": "",
                "long": "--ftp-account",
                "arg": "<data>",
                "description": "(FTP) When an FTP server asks for \"account data\" after user name and password has been provided, this data is sent off using the ACCT command. If this option is used several times, the last one will be used. Example: curl --ftp-account \"mr.robot\" ftp://example.com/ See also -u, --user."
            },
            {
                "flag": "",
                "long": "--ftp-alternative-to-user",
                "arg": "<command>",
                "description": "(FTP) If authenticating with the USER and PASS commands fails, send this command. When connecting to Tumbleweed's Secure Transport server over FTPS using a client cer‐ tificate, using \"SITE AUTH\" will tell the server to retrieve the username from the certificate. Example: curl --ftp-alternative-to-user \"U53r\" ftp://example.com See also --ftp-account and -u, --user."
            },
            {
                "flag": "",
                "long": "--ftp-create-dirs",
                "arg": null,
                "description": "(FTP SFTP) When an FTP or SFTP URL/operation uses a path that does not currently exist on the server, the standard behavior of curl is to fail. Using this option, curl will instead attempt to create missing directories. Example: curl --ftp-create-dirs -T file ftp://example.com/remote/path/file See also --create-dirs."
            },
            {
                "flag": "",
                "long": "--ftp-method",
                "arg": "<method>",
                "description": "(FTP) Control what method curl should use to reach a file on an FTP(S) server. The method argument should be one of the following alternatives: multicwd curl does a single CWD operation for each path part in the given URL. For deep hierarchies this means many commands. This is how RFC 1738 says it should be done. This is the default but the slowest behavior. nocwd curl does no CWD at all. curl will do SIZE, RETR, STOR etc and give a full path to the server for all these commands. This is the fastest behavior. singlecwd curl does one CWD with the full target directory and then operates on the file \"normally\" (like in the multicwd case). This is somewhat more standards compli‐ ant than 'nocwd' but without the full penalty of 'multicwd'. Examples: curl --ftp-method multicwd ftp://example.com/dir1/dir2/file curl --ftp-method nocwd ftp://example.com/dir1/dir2/file curl --ftp-method singlecwd ftp://example.com/dir1/dir2/file See also -l, --list-only."
            },
            {
                "flag": "",
                "long": "--ftp-pasv",
                "arg": null,
                "description": "(FTP) Use passive mode for the data connection. Passive is the internal default behav‐ ior, but using this option can be used to override a previous -P, --ftp-port option. If this option is used several times, only the first one is used. Undoing an enforced passive really is not doable but you must then instead enforce the correct -P, --ftp- port again. Passive mode means that curl will try the EPSV command first and then PASV, unless --disable-epsv is used. Example: curl --ftp-pasv ftp://example.com/ See also --disable-epsv."
            },
            {
                "flag": "-P",
                "long": "--ftp-port",
                "arg": "<address>",
                "description": "(FTP) Reverses the default initiator/listener roles when connecting with FTP. This op‐ tion makes curl use active mode. curl then tells the server to connect back to the client's specified address and port, while passive mode asks the server to setup an IP address and port for it to connect to. <address> should be one of: interface e.g. \"eth0\" to specify which interface's IP address you want to use (Unix only) IP address e.g. \"192.168.10.1\" to specify the exact IP address host name e.g. \"my.host.domain\" to specify the machine - make curl pick the same IP address that is already used for the control connec‐ tion If this option is used several times, the last one will be used. Disable the use of PORT with --ftp-pasv. Disable the attempt to use the EPRT command instead of PORT by using --disable- eprt. EPRT is really PORT++. You can also append \":[start]-[end]\" to the right of the address, to tell curl what TCP port range to use. That means you specify a port range, from a lower to a higher number. A single number works as well, but do note that it increases the risk of failure since the port may not be available. Examples: curl -P - ftp:/example.com curl -P eth0 ftp:/example.com curl -P 192.168.0.2 ftp:/example.com See also --ftp-pasv and --disable-eprt."
            },
            {
                "flag": "",
                "long": "--ftp-pret",
                "arg": null,
                "description": "(FTP) Tell curl to send a PRET command before PASV (and EPSV). Certain FTP servers, mainly drftpd, require this non-standard command for directory listings as well as up and downloads in PASV mode. Example: curl --ftp-pret ftp://example.com/ See also -P, --ftp-port and --ftp-pasv."
            },
            {
                "flag": "",
                "long": "--ftp-skip-pasv-ip",
                "arg": null,
                "description": "(FTP) Tell curl to not use the IP address the server suggests in its response to curl's PASV command when curl connects the data connection. Instead curl will re-use the same IP address it already uses for the control connection. Since curl 7.74.0 this option is enabled by default. This option has no effect if PORT, EPRT or EPSV is used instead of PASV. Example: curl --ftp-skip-pasv-ip ftp://example.com/ See also --ftp-pasv."
            },
            {
                "flag": "",
                "long": "--ftp-ssl-ccc-mode",
                "arg": "<active/passive>",
                "description": "(FTP) Sets the CCC mode. The passive mode will not initiate the shutdown, but instead wait for the server to do it, and will not reply to the shutdown from the server. The active mode initiates the shutdown and waits for a reply from the server. Example: curl --ftp-ssl-ccc-mode active --ftp-ssl-ccc ftps://example.com/ See also --ftp-ssl-ccc."
            },
            {
                "flag": "",
                "long": "--ftp-ssl-ccc",
                "arg": null,
                "description": "(FTP) Use CCC (Clear Command Channel) Shuts down the SSL/TLS layer after authenticat‐ ing. The rest of the control channel communication will be unencrypted. This allows NAT routers to follow the FTP transaction. The default mode is passive. Example: curl --ftp-ssl-ccc ftps://example.com/ See also --ssl and --ftp-ssl-ccc-mode."
            },
            {
                "flag": "",
                "long": "--ftp-ssl-control",
                "arg": null,
                "description": "(FTP) Require SSL/TLS for the FTP login, clear for transfer. Allows secure authenti‐ cation, but non-encrypted data transfers for efficiency. Fails the transfer if the server does not support SSL/TLS. Example: curl --ftp-ssl-control ftp://example.com See also --ssl."
            },
            {
                "flag": "-G",
                "long": "--get",
                "arg": null,
                "description": "When used, this option will make all data specified with -d, --data, --data-binary or --data-urlencode to be used in an HTTP GET request instead of the POST request that otherwise would be used. The data will be appended to the URL with a '?' separator. If used in combination with -I, --head, the POST data will instead be appended to the URL with a HEAD request. If this option is used several times, only the first one is used. This is because un‐ doing a GET does not make sense, but you should then instead enforce the alternative method you prefer. Examples: curl --get https://example.com curl --get -d \"tool=curl\" -d \"age=old\" https://example.com curl --get -I -d \"tool=curl\" https://example.com See also -d, --data and -X, --request."
            },
            {
                "flag": "-g",
                "long": "--globoff",
                "arg": null,
                "description": "This option switches off the \"URL globbing parser\". When you set this option, you can specify URLs that contain the letters {}[] without having curl itself interpret them. Note that these letters are not normal legal URL contents but they should be encoded according to the URI standard. Example: curl -g \"https://example.com/{[]}}}}\" See also -K, --config and -q, --disable."
            },
            {
                "flag": "",
                "long": "--happy-eyeballs-timeout-ms",
                "arg": "<milliseconds>",
                "description": "Happy Eyeballs is an algorithm that attempts to connect to both IPv4 and IPv6 ad‐ dresses for dual-stack hosts, giving IPv6 a head-start of the specified number of mil‐ liseconds. If the IPv6 address cannot be connected to within that time, then a connec‐ tion attempt is made to the IPv4 address in parallel. The first connection to be es‐ tablished is the one that is used. The range of suggested useful values is limited. Happy Eyeballs RFC 6555 says \"It is RECOMMENDED that connection attempts be paced 150-250 ms apart to balance human fac‐ tors against network load.\" libcurl currently defaults to 200 ms. Firefox and Chrome currently default to 300 ms. If this option is used several times, the last one will be used. Example: curl --happy-eyeballs-timeout-ms 500 https://example.com See also -m, --max-time and --connect-timeout. Added in 7.59.0."
            },
            {
                "flag": "",
                "long": "--haproxy-protocol",
                "arg": null,
                "description": "(HTTP) Send a HAProxy PROXY protocol v1 header at the beginning of the connection. This is used by some load balancers and reverse proxies to indicate the client's true IP address and port. This option is primarily useful when sending test requests to a service that expects this header. Example: curl --haproxy-protocol https://example.com See also -x, --proxy. Added in 7.60.0."
            },
            {
                "flag": "-I",
                "long": "--head",
                "arg": null,
                "description": "(HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the command HEAD which this uses to get nothing but the header of a document. When used on an FTP or FILE file, curl displays the file size and last modification time only. Example: curl -I https://example.com See also -G, --get, -v, --verbose and --trace-ascii."
            },
            {
                "flag": "-H",
                "long": "--header",
                "arg": "<header/@file>",
                "description": "(HTTP) Extra header to include in the request when sending HTTP to a server. You may specify any number of extra headers. Note that if you should add a custom header that has the same name as one of the internal ones curl would use, your externally set header will be used instead of the internal one. This allows you to make even trickier stuff than curl would normally do. You should not replace internally set headers with‐ out knowing perfectly well what you are doing. Remove an internal header by giving a replacement without content on the right side of the colon, as in: -H \"Host:\". If you send the custom header with no-value then its header must be terminated with a semi‐ colon, such as -H \"X-Custom-Header;\" to send \"X-Custom-Header:\". curl will make sure that each header you add/replace is sent with the proper end-of- line marker, you should thus not add that as a part of the header content: do not add newlines or carriage returns, they will only mess things up for you. This option can take an argument in @filename style, which then adds a header for each line in the input file. Using @- will make curl read the header file from stdin. Added in 7.55.0. You need --proxy-header to send custom headers intended for a HTTP proxy. Added in 7.37.0. Passing on a \"Transfer-Encoding: chunked\" header when doing a HTTP request with a re‐ quest body, will make curl send the data using chunked encoding. WARNING: headers set with this option will be set in all requests - even after redi‐ rects are followed, like when told with -L, --location. This can lead to the header being sent to other hosts than the original host, so sensitive headers should be used with caution combined with following redirects. This option can be used multiple times to add/replace/remove multiple headers. Examples: curl -H \"X-First-Name: Joe\" https://example.com curl -H \"User-Agent: yes-please/2000\" https://example.com curl -H \"Host:\" https://example.com See also -A, --user-agent and -e, --referer."
            },
            {
                "flag": "-h",
                "long": "--help",
                "arg": "<category>",
                "description": "Usage help. This lists all commands of the <category>. If no arg was provided, curl will display the most important command line arguments. If the argument \"all\" was provided, curl will display all options available. If the argument \"category\" was provided, curl will display all categories and their meanings. Example: curl --help all See also -v, --verbose."
            },
            {
                "flag": "",
                "long": "--hostpubmd5",
                "arg": "<md5>",
                "description": "(SFTP SCP) Pass a string containing 32 hexadecimal digits. The string should be the 128 bit MD5 checksum of the remote host's public key, curl will refuse the connection with the host unless the md5sums match. Example: curl --hostpubmd5 e5c1c49020640a5ab0f2034854c321a8 sftp://example.com/ See also --hostpubsha256."
            },
            {
                "flag": "",
                "long": "--hostpubsha256",
                "arg": "<sha256>",
                "description": "(SFTP SCP) Pass a string containing a Base64-encoded SHA256 hash of the remote host's public key. Curl will refuse the connection with the host unless the hashes match. Example: curl --hostpubsha256 NDVkMTQxMGQ1ODdmMjQ3MjczYjAyOTY5MmRkMjVmNDQ= sftp://example.com/ See also --hostpubmd5. Added in 7.80.0."
            },
            {
                "flag": "",
                "long": "--hsts",
                "arg": null,
                "description": "(HTTPS) This option enables HSTS for the transfer. If the file name points to an ex‐ isting HSTS cache file, that will be used. After a completed transfer, the cache will be saved to the file name again if it has been modified. Specify a \"\" file name (zero length) to avoid loading/saving and make curl just handle HSTS in memory. If this option is used several times, curl will load contents from all the files but the last one will be used for saving. Example: curl --hsts cache.txt https://example.com See also --proto. Added in 7.74.0. --http0.9 (HTTP) Tells curl to be fine with HTTP version 0.9 response. HTTP/0.9 is a completely headerless response and therefore you can also connect with this to non-HTTP servers and still get a response since curl will simply transparently downgrade - if allowed. Since curl 7.66.0, HTTP/0.9 is disabled by default. Example: curl --http0.9 https://example.com See also --http1.1, --http2 and --http3. Added in 7.64.0. -0, --http1.0 (HTTP) Tells curl to use HTTP version 1.0 instead of using its internally preferred HTTP version. Example: curl --http1.0 https://example.com See also --http0.9 and --http1.1. This option overrides --http1.1 and --http2. --http1.1 (HTTP) Tells curl to use HTTP version 1.1. Example: curl --http1.1 https://example.com See also --http1.1 and --http0.9. This option overrides -0, --http1.0 and --http2. Added in 7.33.0."
            },
            {
                "flag": "",
                "long": "--http2-prior-knowledge",
                "arg": null,
                "description": "(HTTP) Tells curl to issue its non-TLS HTTP requests using HTTP/2 without HTTP/1.1 Up‐ grade. It requires prior knowledge that the server supports HTTP/2 straight away. HTTPS requests will still do HTTP/2 the standard way with negotiated protocol version in the TLS handshake. Example: curl --http2-prior-knowledge https://example.com See also --http2 and --http3. --http2-prior-knowledge requires that the underlying libcurl was built to support HTTP/2. This option overrides --http1.1 and -0, --http1.0 and --http2. Added in 7.49.0."
            },
            {
                "flag": "",
                "long": "--http2",
                "arg": null,
                "description": "(HTTP) Tells curl to use HTTP version 2. For HTTPS, this means curl will attempt to negotiate HTTP/2 in the TLS handshake. curl does this by default. For HTTP, this means curl will attempt to upgrade the request to HTTP/2 using the Up‐ grade: request header. Example: curl --http2 https://example.com See also --http1.1 and --http3. --http2 requires that the underlying libcurl was built to support HTTP/2. This option overrides --http1.1 and -0, --http1.0 and --http2-prior-knowledge. Added in 7.33.0."
            },
            {
                "flag": "",
                "long": "--http3",
                "arg": null,
                "description": "(HTTP) WARNING: this option is experimental. Do not use in production. Tells curl to use HTTP version 3 directly to the host and port number used in the URL. A normal HTTP/3 transaction will be done to a host and then get redirected via Alt- Svc, but this option allows a user to circumvent that when you know that the target speaks HTTP/3 on the given host and port. This option will make curl fail if a QUIC connection cannot be established, it cannot fall back to a lower HTTP version on its own. Example: curl --http3 https://example.com See also --http1.1 and --http2. --http3 requires that the underlying libcurl was built to support HTTP/3. This option overrides --http1.1 and -0, --http1.0 and --http2 and --http2-prior-knowledge. Added in 7.66.0."
            },
            {
                "flag": "",
                "long": "--ignore-content-length",
                "arg": null,
                "description": "(FTP HTTP) For HTTP, Ignore the Content-Length header. This is particularly useful for servers running Apache 1.x, which will report incorrect Content-Length for files larger than 2 gigabytes. For FTP (since 7.46.0), skip the RETR command to figure out the size before download‐ ing a file. This option does not work for HTTP if libcurl was built to use hyper. Example: curl --ignore-content-length https://example.com See also --ftp-skip-pasv-ip."
            },
            {
                "flag": "-i",
                "long": "--include",
                "arg": null,
                "description": "Include the HTTP response headers in the output. The HTTP response headers can include things like server name, cookies, date of the document, HTTP version and more... To view the request headers, consider the -v, --verbose option. Example: curl -i https://example.com See also -v, --verbose."
            },
            {
                "flag": "-k",
                "long": "--insecure",
                "arg": null,
                "description": "(TLS SFTP SCP) By default, every secure connection curl makes is verified to be secure before the transfer takes place. This option makes curl skip the verification step and proceed without checking. When this option is not used for protocols using TLS, curl verifies the server's TLS certificate before it continues: that the certificate contains the right name which matches the host name used in the URL and that the certificate has been signed by a CA certificate present in the cert store. See this online resource for further details: https://curl.se/docs/sslcerts.html For SFTP and SCP, this option makes curl skip the knownhosts verification. knownhosts is a file normally stored in the user's home directory in the .ssh subdi‐ rectory, which contains host names and their public keys. WARNING: using this option makes the transfer insecure. Example: curl --insecure https://example.com See also --proxy-insecure, --cacert and --capath."
            },
            {
                "flag": "",
                "long": "--interface",
                "arg": "<name>",
                "description": "Perform an operation using a specified interface. You can enter interface name, IP ad‐ dress or host name. An example could look like: curl --interface eth0:1 https://www.example.com/ If this option is used several times, the last one will be used. On Linux it can be used to specify a VRF, but the binary needs to either have CAPNETRAW or to be run as root. More information about Linux VRF: https://www.ker‐ nel.org/doc/Documentation/networking/vrf.txt Example: curl --interface eth0 https://example.com See also --dns-interface. -4, --ipv4 This option tells curl to resolve names to IPv4 addresses only, and not for example try IPv6. Example: curl --ipv4 https://example.com See also --http1.1 and --http2. This option overrides -6, --ipv6. -6, --ipv6 This option tells curl to resolve names to IPv6 addresses only, and not for example try IPv4. Example: curl --ipv6 https://example.com See also --http1.1 and --http2. This option overrides -4, --ipv4."
            },
            {
                "flag": "-j",
                "long": "--junk-session-cookies",
                "arg": null,
                "description": "(HTTP) When curl is told to read cookies from a given file, this option will make it discard all \"session cookies\". This will basically have the same effect as if a new session is started. Typical browsers always discard session cookies when they are closed down. Example: curl --junk-session-cookies -b cookies.txt https://example.com See also -b, --cookie and -c, --cookie-jar."
            },
            {
                "flag": "",
                "long": "--keepalive-time",
                "arg": "<seconds>",
                "description": "This option sets the time a connection needs to remain idle before sending keepalive probes and the time between individual keepalive probes. It is currently effective on operating systems offering the TCPKEEPIDLE and TCPKEEPINTVL socket options (meaning Linux, recent AIX, HP-UX and more). This option has no effect if --no-keepalive is used. If this option is used several times, the last one will be used. If unspecified, the option defaults to 60 seconds. Example: curl --keepalive-time 20 https://example.com See also --no-keepalive and -m, --max-time."
            },
            {
                "flag": "",
                "long": "--key-type",
                "arg": "<type>",
                "description": "(TLS) Private key file type. Specify which type your --key provided private key is. DER, PEM, and ENG are supported. If not specified, PEM is assumed. If this option is used several times, the last one will be used. Example: curl --key-type DER --key here https://example.com See also --key."
            },
            {
                "flag": "",
                "long": "--key",
                "arg": "<key>",
                "description": "(TLS SSH) Private key file name. Allows you to provide your private key in this sepa‐ rate file. For SSH, if not specified, curl tries the following candidates in order: '~/.ssh/idrsa', '~/.ssh/iddsa', './idrsa', './iddsa'. If curl is built against OpenSSL library, and the engine pkcs11 is available, then a PKCS#11 URI (RFC 7512) can be used to specify a private key located in a PKCS#11 de‐ vice. A string beginning with \"pkcs11:\" will be interpreted as a PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set as \"pkcs11\" if none was provided and the --key-type option will be set as \"ENG\" if none was provided. If this option is used several times, the last one will be used. Example: curl --cert certificate --key here https://example.com See also --key-type and -E, --cert."
            },
            {
                "flag": "",
                "long": "--krb",
                "arg": "<level>",
                "description": "(FTP) Enable Kerberos authentication and use. The level must be entered and should be one of 'clear', 'safe', 'confidential', or 'private'. Should you use a level that is not one of these, 'private' will instead be used. If this option is used several times, the last one will be used. Example: curl --krb clear ftp://example.com/ See also --delegation and --ssl. --krb requires that the underlying libcurl was built to support Kerberos."
            },
            {
                "flag": "",
                "long": "--libcurl",
                "arg": "<file>",
                "description": "Append this option to any ordinary curl command line, and you will get libcurl-using C source code written to the file that does the equivalent of what your command-line op‐ eration does! This option is global and does not need to be specified for each use of -:, --next. If this option is used several times, the last given file name will be used. Example: curl --libcurl client.c https://example.com See also -v, --verbose."
            },
            {
                "flag": "",
                "long": "--limit-rate",
                "arg": "<speed>",
                "description": "Specify the maximum transfer rate you want curl to use - for both downloads and up‐ loads. This feature is useful if you have a limited pipe and you would like your transfer not to use your entire bandwidth. To make it slower than it otherwise would be. The given speed is measured in bytes/second, unless a suffix is appended. Appending 'k' or 'K' will count the number as kilobytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it gigabytes. The suffixes (k, M, G, T, P) are 1024 based. For exam‐ ple 1k is 1024. Examples: 200K, 3m and 1G. The rate limiting logic works on averaging the transfer speed to no more than the set threshold over a period of multiple seconds. If you also use the -Y, --speed-limit option, that option will take precedence and might cripple the rate-limiting slightly, to help keeping the speed-limit logic work‐ ing. If this option is used several times, the last one will be used. Examples: curl --limit-rate 100K https://example.com curl --limit-rate 1000 https://example.com curl --limit-rate 10M https://example.com See also -Y, --speed-limit and -y, --speed-time."
            },
            {
                "flag": "-l",
                "long": "--list-only",
                "arg": null,
                "description": "(FTP POP3) (FTP) When listing an FTP directory, this switch forces a name-only view. This is especially useful if the user wants to machine-parse the contents of an FTP directory since the normal directory view does not use a standard look or format. When used like this, the option causes an NLST command to be sent to the server instead of LIST. Note: Some FTP servers list only files in their response to NLST; they do not include sub-directories and symbolic links. (POP3) When retrieving a specific email from POP3, this switch forces a LIST command to be performed instead of RETR. This is particularly useful if the user wants to see if a specific message-id exists on the server and what size it is. Note: When combined with -X, --request, this option can be used to send a UIDL command instead, so the user may use the email's unique identifier rather than its message-id to make the request. Example: curl --list-only ftp://example.com/dir/ See also -Q, --quote and -X, --request."
            },
            {
                "flag": "",
                "long": "--local-port",
                "arg": "<num/range>",
                "description": "Set a preferred single number or range (FROM-TO) of local port numbers to use for the connection(s). Note that port numbers by nature are a scarce resource that will be busy at times so setting this range to something too narrow might cause unnecessary connection setup failures. Example: curl --local-port 1000-3000 https://example.com See also -g, --globoff."
            },
            {
                "flag": "",
                "long": "--location-trusted",
                "arg": null,
                "description": "(HTTP) Like -L, --location, but will allow sending the name + password to all hosts that the site may redirect to. This may or may not introduce a security breach if the site redirects you to a site to which you will send your authentication info (which is plaintext in the case of HTTP Basic authentication). Example: curl --location-trusted -u user:password https://example.com See also -u, --user."
            },
            {
                "flag": "-L",
                "long": "--location",
                "arg": null,
                "description": "(HTTP) If the server reports that the requested page has moved to a different location (indicated with a Location: header and a 3XX response code), this option will make curl redo the request on the new place. If used together with -i, --include or -I, --head, headers from all requested pages will be shown. When authentication is used, curl only sends its credentials to the initial host. If a redirect takes curl to a different host, it will not be able to intercept the user+password. See also --loca‐ tion-trusted on how to change this. You can limit the amount of redirects to follow by using the --max-redirs option. When curl follows a redirect and if the request is a POST, it will send the following request with a GET if the HTTP response was 301, 302, or 303. If the response code was any other 3xx code, curl will re-send the following request using the same unmodified method. You can tell curl to not change POST requests to GET after a 30x response by using the dedicated options for that: --post301, --post302 and --post303. The method set with -X, --request overrides the method curl would otherwise select to use. Example: curl -L https://example.com See also --resolve and --alt-svc."
            },
            {
                "flag": "",
                "long": "--login-options",
                "arg": "<options>",
                "description": "(IMAP POP3 SMTP) Specify the login options to use during server authentication. You can use login options to specify protocol specific options that may be used during authentication. At present only IMAP, POP3 and SMTP support login options. For more information about login options please see RFC 2384, RFC 5092 and IETF draft draft- earhart-url-smtp-00.txt If this option is used several times, the last one will be used. Example: curl --login-options 'AUTH=*' imap://example.com See also -u, --user. Added in 7.34.0."
            },
            {
                "flag": "",
                "long": "--mail-auth",
                "arg": "<address>",
                "description": "(SMTP) Specify a single address. This will be used to specify the authentication ad‐ dress (identity) of a submitted message that is being relayed to another server. Example: curl --mail-auth user@example.come -T mail smtp://example.com/ See also --mail-rcpt and --mail-from."
            },
            {
                "flag": "",
                "long": "--mail-from",
                "arg": "<address>",
                "description": "(SMTP) Specify a single address that the given mail should get sent from. Example: curl --mail-from user@example.com -T mail smtp://example.com/ See also --mail-rcpt and --mail-auth."
            },
            {
                "flag": "",
                "long": "--mail-rcpt-allowfails",
                "arg": null,
                "description": "(SMTP) When sending data to multiple recipients, by default curl will abort SMTP con‐ versation if at least one of the recipients causes RCPT TO command to return an error. The default behavior can be changed by passing --mail-rcpt-allowfails command-line op‐ tion which will make curl ignore errors and proceed with the remaining valid recipi‐ ents. If all recipients trigger RCPT TO failures and this flag is specified, curl will still abort the SMTP conversation and return the error received from to the last RCPT TO command. Example: curl --mail-rcpt-allowfails --mail-rcpt dest@example.com smtp://example.com See also --mail-rcpt. Added in 7.69.0."
            },
            {
                "flag": "",
                "long": "--mail-rcpt",
                "arg": "<address>",
                "description": "(SMTP) Specify a single email address, user name or mailing list name. Repeat this op‐ tion several times to send to multiple recipients. When performing an address verification (VRFY command), the recipient should be speci‐ fied as the user name or user name and domain (as per Section 3.5 of RFC5321). (Added in 7.34.0) When performing a mailing list expand (EXPN command), the recipient should be speci‐ fied using the mailing list name, such as \"Friends\" or \"London-Office\". (Added in 7.34.0) Example: curl --mail-rcpt user@example.net smtp://example.com See also --mail-rcpt-allowfails."
            },
            {
                "flag": "-M",
                "long": "--manual",
                "arg": null,
                "description": "Manual. Display the huge help text. Example: curl --manual See also -v, --verbose, --libcurl and --trace."
            },
            {
                "flag": "",
                "long": "--max-filesize",
                "arg": "<bytes>",
                "description": "(FTP HTTP MQTT) Specify the maximum size (in bytes) of a file to download. If the file requested is larger than this value, the transfer will not start and curl will return with exit code 63. A size modifier may be used. For example, Appending 'k' or 'K' will count the number as kilobytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it gigabytes. Ex‐ amples: 200K, 3m and 1G. (Added in 7.58.0) NOTE: The file size is not always known prior to download, and for such files this op‐ tion has no effect even if the file transfer ends up being larger than this given limit. Example: curl --max-filesize 100K https://example.com See also --limit-rate."
            },
            {
                "flag": "",
                "long": "--max-redirs",
                "arg": "<num>",
                "description": "(HTTP) Set maximum number of redirections to follow. When -L, --location is used, to prevent curl from following too many redirects, by default, the limit is set to 50 redirects. Set this option to -1 to make it unlimited. If this option is used several times, the last one will be used. Example: curl --max-redirs 3 --location https://example.com See also -L, --location."
            },
            {
                "flag": "-m",
                "long": "--max-time",
                "arg": null,
                "description": "Maximum time in seconds that you allow the whole operation to take. This is useful for preventing your batch jobs from hanging for hours due to slow networks or links going down. Since 7.32.0, this option accepts decimal values, but the actual timeout will decrease in accuracy as the specified timeout increases in decimal precision. If this option is used several times, the last one will be used. Examples: curl --max-time 10 https://example.com curl --max-time 2.92 https://example.com See also --connect-timeout."
            },
            {
                "flag": "",
                "long": "--metalink",
                "arg": null,
                "description": "This option was previously used to specify a metalink resource. Metalink support has been disabled in curl since 7.78.0 for security reasons. Example: curl --metalink file https://example.com See also -Z, --parallel."
            },
            {
                "flag": "",
                "long": "--negotiate",
                "arg": null,
                "description": "(HTTP) Enables Negotiate (SPNEGO) authentication. This option requires a library built with GSS-API or SSPI support. Use -V, --version to see if your curl supports GSS-API/SSPI or SPNEGO. When using this option, you must also provide a fake -u, --user option to activate the authentication code properly. Sending a '-u :' is enough as the user name and password from the -u, --user option are not actually used. If this option is used several times, only the first one is used. Example: curl --negotiate -u : https://example.com See also --basic, --ntlm, --anyauth and --proxy-negotiate."
            },
            {
                "flag": "",
                "long": "--netrc-file",
                "arg": "<filename>",
                "description": "This option is similar to -n, --netrc, except that you provide the path (absolute or relative) to the netrc file that curl should use. You can only specify one netrc file per invocation. If several --netrc-file options are provided, the last one will be used. It will abide by --netrc-optional if specified. Example: curl --netrc-file netrc https://example.com See also -n, --netrc, -u, --user and -K, --config. This option overrides -n, --netrc."
            },
            {
                "flag": "",
                "long": "--netrc-optional",
                "arg": null,
                "description": "Similar to -n, --netrc, but this option makes the .netrc usage optional and not manda‐ tory as the -n, --netrc option does. Example: curl --netrc-optional https://example.com See also --netrc-file. This option overrides -n, --netrc."
            },
            {
                "flag": "-n",
                "long": "--netrc",
                "arg": null,
                "description": "Makes curl scan the .netrc (netrc on Windows) file in the user's home directory for login name and password. This is typically used for FTP on Unix. If used with HTTP, curl will enable user authentication. See netrc(5) and ftp(1) for details on the file format. Curl will not complain if that file does not have the right permissions (it should be neither world- nor group-readable). The environment variable \"HOME\" is used to find the home directory. A quick and simple example of how to setup a .netrc to allow curl to FTP to the ma‐ chine host.domain.com with user name 'myself' and password 'secret' could look similar to: machine host.domain.com login myself password secret\" Example: curl --netrc https://example.com See also --netrc-file, -K, --config and -u, --user. -:, --next Tells curl to use a separate operation for the following URL and associated options. This allows you to send several URL requests, each with their own specific options, for example, such as different user names or custom requests for each. -:, --next will reset all local options and only global ones will have their values survive over to the operation following the -:, --next instruction. Global options in‐ clude -v, --verbose, --trace, --trace-ascii and --fail-early. For example, you can do both a GET and a POST in a single command line: curl www1.example.com --next -d postthis www2.example.com Examples: curl https://example.com --next -d postthis www2.example.com curl -I https://example.com --next https://example.net/ See also -Z, --parallel and -K, --config. Added in 7.36.0."
            },
            {
                "flag": "",
                "long": "--no-alpn",
                "arg": null,
                "description": "(HTTPS) Disable the ALPN TLS extension. ALPN is enabled by default if libcurl was built with an SSL library that supports ALPN. ALPN is used by a libcurl that supports HTTP/2 to negotiate HTTP/2 support with the server during https sessions. Example: curl --no-alpn https://example.com See also --no-npn and --http2. --no-alpn requires that the underlying libcurl was built to support TLS. Added in 7.36.0."
            },
            {
                "flag": "-N",
                "long": "--no-buffer",
                "arg": null,
                "description": "Disables the buffering of the output stream. In normal work situations, curl will use a standard buffered output stream that will have the effect that it will output the data in chunks, not necessarily exactly when the data arrives. Using this option will disable that buffering. Note that this is the negated option name documented. You can thus use --buffer to en‐ force the buffering. Example: curl --no-buffer https://example.com See also -#, --progress-bar."
            },
            {
                "flag": "",
                "long": "--no-keepalive",
                "arg": null,
                "description": "Disables the use of keepalive messages on the TCP connection. curl otherwise enables them by default. Note that this is the negated option name documented. You can thus use --keepalive to enforce keepalive. Example: curl --no-keepalive https://example.com See also --keepalive-time."
            },
            {
                "flag": "",
                "long": "--no-npn",
                "arg": null,
                "description": "(HTTPS) Disable the NPN TLS extension. NPN is enabled by default if libcurl was built with an SSL library that supports NPN. NPN is used by a libcurl that supports HTTP/2 to negotiate HTTP/2 support with the server during https sessions. Example: curl --no-npn https://example.com See also --no-alpn and --http2. --no-npn requires that the underlying libcurl was built to support TLS. Added in 7.36.0."
            },
            {
                "flag": "",
                "long": "--no-progress-meter",
                "arg": null,
                "description": "Option to switch off the progress meter output without muting or otherwise affecting warning and informational messages like -s, --silent does. Note that this is the negated option name documented. You can thus use --progress-me‐ ter to enable the progress meter again. Example: curl --no-progress-meter -o store https://example.com See also -v, --verbose and -s, --silent. Added in 7.67.0."
            },
            {
                "flag": "",
                "long": "--no-sessionid",
                "arg": null,
                "description": "(TLS) Disable curl's use of SSL session-ID caching. By default all transfers are done using the cache. Note that while nothing should ever get hurt by attempting to reuse SSL session-IDs, there seem to be broken SSL implementations in the wild that may re‐ quire you to disable this in order for you to succeed. Note that this is the negated option name documented. You can thus use --sessionid to enforce session-ID caching. Example: curl --no-sessionid https://example.com See also -k, --insecure."
            },
            {
                "flag": "",
                "long": "--noproxy",
                "arg": "<no-proxy-list>",
                "description": "Comma-separated list of hosts for which not to use a proxy, if one is specified. The only wildcard is a single * character, which matches all hosts, and effectively dis‐ ables the proxy. Each name in this list is matched as either a domain which contains the hostname, or the hostname itself. For example, local.com would match local.com, local.com:80, and www.local.com, but not www.notlocal.com. Since 7.53.0, This option overrides the environment variables that disable the proxy ('noproxy' and 'NOPROXY'). If there's an environment variable disabling a proxy, you can set the noproxy list to \"\" to override it. Example: curl --noproxy \"www.example\" https://example.com See also -x, --proxy."
            },
            {
                "flag": "",
                "long": "--ntlm-wb",
                "arg": null,
                "description": "(HTTP) Enables NTLM much in the style --ntlm does, but hand over the authentication to the separate binary ntlmauth application that is executed when needed. Example: curl --ntlm-wb -u user:password https://example.com See also --ntlm and --proxy-ntlm. --ntlm (HTTP) Enables NTLM authentication. The NTLM authentication method was designed by Mi‐ crosoft and is used by IIS web servers. It is a proprietary protocol, reverse-engi‐ neered by clever people and implemented in curl based on their efforts. This kind of behavior should not be endorsed, you should encourage everyone who uses NTLM to switch to a public and documented authentication method instead, such as Digest. If you want to enable NTLM for your proxy authentication, then use --proxy-ntlm. If this option is used several times, only the first one is used. Example: curl --ntlm -u user:password https://example.com See also --proxy-ntlm. --ntlm requires that the underlying libcurl was built to sup‐ port TLS. This option overrides --basic and --negotiate and --digest and --anyauth."
            },
            {
                "flag": "",
                "long": "--oauth2-bearer",
                "arg": "<token>",
                "description": "(IMAP POP3 SMTP HTTP) Specify the Bearer Token for OAUTH 2.0 server authentication. The Bearer Token is used in conjunction with the user name which can be specified as part of the --url or -u, --user options. The Bearer Token and user name are formatted according to RFC 6750. If this option is used several times, the last one will be used. Example: curl --oauth2-bearer \"mF9.B5f-4.1JqM\" https://example.com See also --basic, --ntlm and --digest. Added in 7.33.0."
            },
            {
                "flag": "",
                "long": "--output-dir",
                "arg": "<dir>",
                "description": "This option specifies the directory in which files should be stored, when -O, --re‐ mote-name or -o, --output are used. The given output directory is used for all URLs and output options on the command line, up until the first -:, --next. If the specified target directory does not exist, the operation will fail unless --create-dirs is also used. If this option is used multiple times, the last specified directory will be used. Example: curl --output-dir \"tmp\" -O https://example.com See also -O, --remote-name and -J, --remote-header-name. Added in 7.73.0."
            },
            {
                "flag": "-o",
                "long": "--output",
                "arg": "<file>",
                "description": "Write output to <file> instead of stdout. If you are using {} or [] to fetch multiple documents, you should quote the URL and you can use '#' followed by a number in the <file> specifier. That variable will be replaced with the current string for the URL being fetched. Like in: curl \"http://{one,two}.example.com\" -o \"file#1.txt\" or use several variables like: curl \"http://{site,host}.host[1-5].com\" -o \"#1#2\" You may use this option as many times as the number of URLs you have. For example, if you specify two URLs on the same command line, you can use it like this: curl -o aa example.com -o bb example.net and the order of the -o options and the URLs does not matter, just that the first -o is for the first URL and so on, so the above command line can also be written as curl example.com example.net -o aa -o bb See also the --create-dirs option to create the local directories dynamically. Speci‐ fying the output as '-' (a single dash) will force the output to be done to stdout. To suppress response bodies, you can redirect output to /dev/null: curl example.com -o /dev/null Or for Windows use nul: curl example.com -o nul Examples: curl -o file https://example.com curl \"http://{one,two}.example.com\" -o \"file#1.txt\" curl \"http://{site,host}.host[1-5].com\" -o \"#1#2\" curl -o file https://example.com -o file2 https://example.net See also -O, --remote-name, --remote-name-all and -J, --remote-header-name."
            },
            {
                "flag": "",
                "long": "--parallel-immediate",
                "arg": null,
                "description": "When doing parallel transfers, this option will instruct curl that it should rather prefer opening up more connections in parallel at once rather than waiting to see if new transfers can be added as multiplexed streams on another connection. This option is global and does not need to be specified for each use of -:, --next. Example: curl --parallel-immediate -Z https://example.com -o file1 https://example.com -o file2 See also -Z, --parallel and --parallel-max. Added in 7.68.0."
            },
            {
                "flag": "",
                "long": "--parallel-max",
                "arg": "<num>",
                "description": "When asked to do parallel transfers, using -Z, --parallel, this option controls the maximum amount of transfers to do simultaneously. This option is global and does not need to be specified for each use of -:, --next. The default is 50. Example: curl --parallel-max 100 -Z https://example.com ftp://example.com/ See also -Z, --parallel. Added in 7.66.0."
            },
            {
                "flag": "-Z",
                "long": "--parallel",
                "arg": null,
                "description": "Makes curl perform its transfers in parallel as compared to the regular serial manner. This option is global and does not need to be specified for each use of -:, --next. Example: curl --parallel https://example.com -o file1 https://example.com -o file2 See also -:, --next and -v, --verbose. Added in 7.66.0."
            },
            {
                "flag": "",
                "long": "--pass",
                "arg": "<phrase>",
                "description": "(SSH TLS) Passphrase for the private key. If this option is used several times, the last one will be used. Example: curl --pass secret --key file https://example.com See also --key and -u, --user."
            },
            {
                "flag": "",
                "long": "--path-as-is",
                "arg": null,
                "description": "Tell curl to not handle sequences of /../ or /./ in the given URL path. Normally curl will squash or merge them according to standards but with this option set you tell it not to do that. Example: curl --path-as-is https://example.com/../../etc/passwd See also --request-target. Added in 7.42.0."
            },
            {
                "flag": "",
                "long": "--pinnedpubkey",
                "arg": "<hashes>",
                "description": "(TLS) Tells curl to use the specified public key file (or hashes) to verify the peer. This can be a path to a file which contains a single public key in PEM or DER format, or any number of base64 encoded sha256 hashes preceded by 'sha256//' and separated by ';'. When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. A public key is extracted from this certificate and if it does not ex‐ actly match the public key provided to this option, curl will abort the connection be‐ fore sending or receiving any data. PEM/DER support: 7.39.0: OpenSSL, GnuTLS and GSKit 7.43.0: NSS and wolfSSL 7.47.0: mbedtls sha256 support: 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL 7.47.0: mbedtls Other SSL backends not supported. If this option is used several times, the last one will be used. Examples: curl --pinnedpubkey keyfile https://example.com curl --pinnedpubkey 'sha256//ce118b51897f4452dc' https://example.com See also --hostpubsha256. Added in 7.39.0."
            },
            {
                "flag": "",
                "long": "--post301",
                "arg": null,
                "description": "(HTTP) Tells curl to respect RFC 7231/6.4.2 and not convert POST requests into GET re‐ quests when following a 301 redirection. The non-RFC behavior is ubiquitous in web browsers, so curl does the conversion by default to maintain consistency. However, a server may require a POST to remain a POST after such a redirection. This option is meaningful only when using -L, --location. Example: curl --post301 --location -d \"data\" https://example.com See also --post302, --post303 and -L, --location."
            },
            {
                "flag": "",
                "long": "--post302",
                "arg": null,
                "description": "(HTTP) Tells curl to respect RFC 7231/6.4.3 and not convert POST requests into GET re‐ quests when following a 302 redirection. The non-RFC behavior is ubiquitous in web browsers, so curl does the conversion by default to maintain consistency. However, a server may require a POST to remain a POST after such a redirection. This option is meaningful only when using -L, --location. Example: curl --post302 --location -d \"data\" https://example.com See also --post301, --post303 and -L, --location."
            },
            {
                "flag": "",
                "long": "--post303",
                "arg": null,
                "description": "(HTTP) Tells curl to violate RFC 7231/6.4.4 and not convert POST requests into GET re‐ quests when following 303 redirections. A server may require a POST to remain a POST after a 303 redirection. This option is meaningful only when using -L, --location. Example: curl --post303 --location -d \"data\" https://example.com See also --post302, --post301 and -L, --location. --preproxy [protocol://]host[:port] Use the specified SOCKS proxy before connecting to an HTTP or HTTPS -x, --proxy. In such a case curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. Hence pre proxy. The pre proxy string should be specified with a protocol:// prefix to specify alterna‐ tive proxy protocols. Use socks4://, socks4a://, socks5:// or socks5h:// to request the specific SOCKS version to be used. No protocol specified will make curl default to SOCKS4. If the port number is not specified in the proxy string, it is assumed to be 1080. User and password that might be provided in the proxy string are URL decoded by curl. This allows you to pass in special characters such as @ by using %40 or pass in a colon with %3a. If this option is used several times, the last one will be used. Example: curl --preproxy socks5://proxy.example -x http://http.example https://example.com See also -x, --proxy and --socks5. Added in 7.52.0. -#, --progress-bar Make curl display transfer progress as a simple progress bar instead of the standard, more informational, meter. This progress bar draws a single line of '#' characters across the screen and shows a percentage if the transfer size is known. For transfers without a known size, there will be space ship (-=o=-) that moves back and forth but only while data is being transferred, with a set of flying hash sign symbols on top. This option is global and does not need to be specified for each use of -:, --next. Example: curl -# -O https://example.com See also --styled-output."
            },
            {
                "flag": "",
                "long": "--proto-default",
                "arg": "<protocol>",
                "description": "Tells curl to use protocol for any URL missing a scheme name. An unknown or unsupported protocol causes error CURLEUNSUPPORTEDPROTOCOL (1). This option does not change the default proxy protocol (http). Without this option set, curl guesses protocol based on the host name, see --url for details. Example: curl --proto-default https ftp.example.com See also --proto and --proto-redir. Added in 7.45.0."
            },
            {
                "flag": "",
                "long": "--proto-redir",
                "arg": "<protocols>",
                "description": "Tells curl to limit what protocols it may use on redirect. Protocols denied by --proto are not overridden by this option. See --proto for how protocols are represented. Example, allow only HTTP and HTTPS on redirect: curl --proto-redir -all,http,https http://example.com By default curl will only allow HTTP, HTTPS, FTP and FTPS on redirect (since 7.65.2). Specifying all or +all enables all protocols on redirects, which is not good for secu‐ rity. Example: curl --proto-redir =http,https https://example.com See also --proto."
            },
            {
                "flag": "",
                "long": "--proto",
                "arg": "<protocols>",
                "description": "Tells curl to limit what protocols it may use for transfers. Protocols are evaluated left to right, are comma separated, and are each a protocol name or 'all', optionally prefixed by zero or more modifiers. Available modifiers are: + Permit this protocol in addition to protocols already permitted (this is the de‐ fault if no modifier is used). - Deny this protocol, removing it from the list of protocols already permitted. = Permit only this protocol (ignoring the list already permitted), though subject to later modification by subsequent entries in the comma separated list. For example: --proto -ftps uses the default protocols, but disables ftps --proto -all,https,+http only enables http and https --proto =http,https also only enables http and https Unknown protocols produce a warning. This allows scripts to safely rely on being able to disable potentially dangerous protocols, without relying upon support for that pro‐ tocol being built into curl to avoid an error. This option can be used multiple times, in which case the effect is the same as con‐ catenating the protocols into one instance of the option. Example: curl --proto =http,https,sftp https://example.com See also --proto-redir and --proto-default."
            },
            {
                "flag": "",
                "long": "--proxy-anyauth",
                "arg": null,
                "description": "Tells curl to pick a suitable authentication method when communicating with the given HTTP proxy. This might cause an extra request/response round-trip. Example: curl --proxy-anyauth --proxy-user user:passwd -x proxy https://example.com See also -x, --proxy, --proxy-basic and --proxy-digest."
            },
            {
                "flag": "",
                "long": "--proxy-basic",
                "arg": null,
                "description": "Tells curl to use HTTP Basic authentication when communicating with the given proxy. Use --basic for enabling HTTP Basic with a remote host. Basic is the default authenti‐ cation method curl uses with proxies. Example: curl --proxy-basic --proxy-user user:passwd -x proxy https://example.com See also -x, --proxy, --proxy-anyauth and --proxy-digest."
            },
            {
                "flag": "",
                "long": "--proxy-cacert",
                "arg": "<file>",
                "description": "Same as --cacert but used in HTTPS proxy context. Example: curl --proxy-cacert CA-file.txt -x https://proxy https://example.com See also --proxy-capath, --cacert, --capath and -x, --proxy. Added in 7.52.0."
            },
            {
                "flag": "",
                "long": "--proxy-capath",
                "arg": "<dir>",
                "description": "Same as --capath but used in HTTPS proxy context. Example: curl --proxy-capath /local/directory -x https://proxy https://example.com See also --proxy-cacert, -x, --proxy and --capath. Added in 7.52.0."
            },
            {
                "flag": "",
                "long": "--proxy-cert-type",
                "arg": "<type>",
                "description": "Same as --cert-type but used in HTTPS proxy context. Example: curl --proxy-cert-type PEM --proxy-cert file -x https://proxy https://example.com See also --proxy-cert. Added in 7.52.0. --proxy-cert <cert[:passwd]> Same as -E, --cert but used in HTTPS proxy context. Example: curl --proxy-cert file -x https://proxy https://example.com See also --proxy-cert-type. Added in 7.52.0."
            },
            {
                "flag": "",
                "long": "--proxy-ciphers",
                "arg": "<list>",
                "description": "Same as --ciphers but used in HTTPS proxy context. Example: curl --proxy-ciphers ECDHE-ECDSA-AES256-CCM8 -x https://proxy https://example.com See also --ciphers, --curves and -x, --proxy. Added in 7.52.0."
            },
            {
                "flag": "",
                "long": "--proxy-crlfile",
                "arg": "<file>",
                "description": "Same as --crlfile but used in HTTPS proxy context. Example: curl --proxy-crlfile rejects.txt -x https://proxy https://example.com See also --crlfile and -x, --proxy. Added in 7.52.0."
            },
            {
                "flag": "",
                "long": "--proxy-digest",
                "arg": null,
                "description": "Tells curl to use HTTP Digest authentication when communicating with the given proxy. Use --digest for enabling HTTP Digest with a remote host. Example: curl --proxy-digest --proxy-user user:passwd -x proxy https://example.com See also -x, --proxy, --proxy-anyauth and --proxy-basic."
            },
            {
                "flag": "",
                "long": "--proxy-header",
                "arg": "<header/@file>",
                "description": "(HTTP) Extra header to include in the request when sending HTTP to a proxy. You may specify any number of extra headers. This is the equivalent option to -H, --header but is for proxy communication only like in CONNECT requests when you want a separate header sent to the proxy to what is sent to the actual remote host. curl will make sure that each header you add/replace is sent with the proper end-of- line marker, you should thus not add that as a part of the header content: do not add newlines or carriage returns, they will only mess things up for you. Headers specified with this option will not be included in requests that curl knows will not be sent to a proxy. Starting in 7.55.0, this option can take an argument in @filename style, which then adds a header for each line in the input file. Using @- will make curl read the header file from stdin. This option can be used multiple times to add/replace/remove multiple headers. Examples: curl --proxy-header \"X-First-Name: Joe\" -x http://proxy https://example.com curl --proxy-header \"User-Agent: surprise\" -x http://proxy https://example.com curl --proxy-header \"Host:\" -x http://proxy https://example.com See also -x, --proxy. Added in 7.37.0."
            },
            {
                "flag": "",
                "long": "--proxy-insecure",
                "arg": null,
                "description": "Same as -k, --insecure but used in HTTPS proxy context. Example: curl --proxy-insecure -x https://proxy https://example.com See also -x, --proxy and -k, --insecure. Added in 7.52.0."
            },
            {
                "flag": "",
                "long": "--proxy-key-type",
                "arg": "<type>",
                "description": "Same as --key-type but used in HTTPS proxy context. Example: curl --proxy-key-type DER --proxy-key here -x https://proxy https://example.com See also --proxy-key and -x, --proxy. Added in 7.52.0."
            },
            {
                "flag": "",
                "long": "--proxy-key",
                "arg": "<key>",
                "description": "Same as --key but used in HTTPS proxy context. Example: curl --proxy-key here -x https://proxy https://example.com See also --proxy-key-type and -x, --proxy. Added in 7.52.0."
            },
            {
                "flag": "",
                "long": "--proxy-negotiate",
                "arg": null,
                "description": "Tells curl to use HTTP Negotiate (SPNEGO) authentication when communicating with the given proxy. Use --negotiate for enabling HTTP Negotiate (SPNEGO) with a remote host. Example: curl --proxy-negotiate --proxy-user user:passwd -x proxy https://example.com See also --proxy-anyauth and --proxy-basic."
            },
            {
                "flag": "",
                "long": "--proxy-ntlm",
                "arg": null,
                "description": "Tells curl to use HTTP NTLM authentication when communicating with the given proxy. Use --ntlm for enabling NTLM with a remote host. Example: curl --proxy-ntlm --proxy-user user:passwd -x http://proxy https://example.com See also --proxy-negotiate and --proxy-anyauth."
            },
            {
                "flag": "",
                "long": "--proxy-pass",
                "arg": "<phrase>",
                "description": "Same as --pass but used in HTTPS proxy context. Example: curl --proxy-pass secret --proxy-key here -x https://proxy https://example.com See also -x, --proxy and --proxy-key. Added in 7.52.0."
            },
            {
                "flag": "",
                "long": "--proxy-pinnedpubkey",
                "arg": "<hashes>",
                "description": "(TLS) Tells curl to use the specified public key file (or hashes) to verify the proxy. This can be a path to a file which contains a single public key in PEM or DER format, or any number of base64 encoded sha256 hashes preceded by 'sha256//' and separated by ';'. When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. A public key is extracted from this certificate and if it does not ex‐ actly match the public key provided to this option, curl will abort the connection be‐ fore sending or receiving any data. If this option is used several times, the last one will be used. Examples: curl --proxy-pinnedpubkey keyfile https://example.com curl --proxy-pinnedpubkey 'sha256//ce118b51897f4452dc' https://example.com See also --pinnedpubkey and -x, --proxy. Added in 7.59.0."
            },
            {
                "flag": "",
                "long": "--proxy-service-name",
                "arg": "<name>",
                "description": "This option allows you to change the service name for proxy negotiation. Example: curl --proxy-service-name \"shrubbery\" -x proxy https://example.com See also --service-name and -x, --proxy. Added in 7.43.0."
            },
            {
                "flag": "",
                "long": "--proxy-ssl-allow-beast",
                "arg": null,
                "description": "Same as --ssl-allow-beast but used in HTTPS proxy context. Example: curl --proxy-ssl-allow-beast -x https://proxy https://example.com See also --ssl-allow-beast and -x, --proxy. Added in 7.52.0."
            },
            {
                "flag": "",
                "long": "--proxy-ssl-auto-client-cert",
                "arg": null,
                "description": "Same as --ssl-auto-client-cert but used in HTTPS proxy context. Example: curl --proxy-ssl-auto-client-cert -x https://proxy https://example.com See also --ssl-auto-client-cert and -x, --proxy. Added in 7.77.0."
            },
            {
                "flag": "",
                "long": "--proxy-tls13-ciphers",
                "arg": null,
                "description": "(TLS) Specifies which cipher suites to use in the connection to your HTTPS proxy when it negotiates TLS 1.3. The list of ciphers suites must specify valid ciphers. Read up on TLS 1.3 cipher suite details on this URL: https://curl.se/docs/ssl-ciphers.html This option is currently used only when curl is built to use OpenSSL 1.1.1 or later. If you are using a different SSL backend you can try setting TLS 1.3 cipher suites by using the --proxy-ciphers option. If this option is used several times, the last one will be used. Example: curl --proxy-tls13-ciphers TLSAES128GCMSHA256 -x proxy https://example.com See also --tls13-ciphers and --curves. Added in 7.61.0."
            },
            {
                "flag": "",
                "long": "--proxy-tlsauthtype",
                "arg": "<type>",
                "description": "Same as --tlsauthtype but used in HTTPS proxy context. Example: curl --proxy-tlsauthtype SRP -x https://proxy https://example.com See also -x, --proxy and --proxy-tlsuser. Added in 7.52.0."
            },
            {
                "flag": "",
                "long": "--proxy-tlspassword",
                "arg": "<string>",
                "description": "Same as --tlspassword but used in HTTPS proxy context. Example: curl --proxy-tlspassword passwd -x https://proxy https://example.com See also -x, --proxy and --proxy-tlsuser. Added in 7.52.0."
            },
            {
                "flag": "",
                "long": "--proxy-tlsuser",
                "arg": "<name>",
                "description": "Same as --tlsuser but used in HTTPS proxy context. Example: curl --proxy-tlsuser smith -x https://proxy https://example.com See also -x, --proxy and --proxy-tlspassword. Added in 7.52.0."
            },
            {
                "flag": "",
                "long": "--proxy-tlsv1",
                "arg": null,
                "description": "Same as -1, --tlsv1 but used in HTTPS proxy context. Example: curl --proxy-tlsv1 -x https://proxy https://example.com See also -x, --proxy. Added in 7.52.0."
            },
            {
                "flag": "-U",
                "long": "--proxy-user",
                "arg": "<user:password>",
                "description": "Specify the user name and password to use for proxy authentication. If you use a Windows SSPI-enabled curl binary and do either Negotiate or NTLM authen‐ tication then you can tell curl to select the user name and password from your envi‐ ronment by specifying a single colon with this option: \"-U :\". On systems where it works, curl will hide the given option argument from process list‐ ings. This is not enough to protect credentials from possibly getting seen by other users on the same system as they will still be visible for a moment before cleared. Such sensitive data should be retrieved from a file instead or similar and never used in clear text in a command line. If this option is used several times, the last one will be used. Example: curl --proxy-user name:pwd -x proxy https://example.com See also --proxy-pass. -x, --proxy [protocol://]host[:port] Use the specified proxy. The proxy string can be specified with a protocol:// prefix. No protocol specified or http:// will be treated as HTTP proxy. Use socks4://, socks4a://, socks5:// or socks5h:// to request a specific SOCKS version to be used. HTTPS proxy support via https:// protocol prefix was added in 7.52.0 for OpenSSL, GnuTLS and NSS. Unrecognized and unsupported proxy protocols cause an error since 7.52.0. Prior ver‐ sions may ignore the protocol and use http:// instead. If the port number is not specified in the proxy string, it is assumed to be 1080. This option overrides existing environment variables that set the proxy to use. If there's an environment variable setting a proxy, you can set proxy to \"\" to override it. All operations that are performed over an HTTP proxy will transparently be converted to HTTP. It means that certain protocol specific operations might not be available. This is not the case if you can tunnel through the proxy, as one with the -p, --proxy‐ tunnel option. User and password that might be provided in the proxy string are URL decoded by curl. This allows you to pass in special characters such as @ by using %40 or pass in a colon with %3a. The proxy host can be specified the same way as the proxy environment variables, in‐ cluding the protocol prefix (http://) and the embedded user + password. If this option is used several times, the last one will be used. Example: curl --proxy http://proxy.example https://example.com See also --socks5 and --proxy-basic. --proxy1.0 <host[:port]> Use the specified HTTP 1.0 proxy. If the port number is not specified, it is assumed at port 1080. The only difference between this and the HTTP proxy option -x, --proxy, is that at‐ tempts to use CONNECT through the proxy will specify an HTTP 1.0 protocol instead of the default HTTP 1.1. Example: curl --proxy1.0 -x http://proxy https://example.com See also -x, --proxy, --socks5 and --preproxy."
            },
            {
                "flag": "-p",
                "long": "--proxytunnel",
                "arg": null,
                "description": "When an HTTP proxy is used -x, --proxy, this option will make curl tunnel through the proxy. The tunnel approach is made with the HTTP proxy CONNECT request and requires that the proxy allows direct connect to the remote port number curl wants to tunnel through to. To suppress proxy CONNECT response headers when curl is set to output headers use --suppress-connect-headers. Example: curl --proxytunnel -x http://proxy https://example.com See also -x, --proxy."
            },
            {
                "flag": "",
                "long": "--pubkey",
                "arg": "<key>",
                "description": "(SFTP SCP) Public key file name. Allows you to provide your public key in this sepa‐ rate file. If this option is used several times, the last one will be used. (As of 7.39.0, curl attempts to automatically extract the public key from the private key file, so passing this option is generally not required. Note that this public key extraction requires libcurl to be linked against a copy of libssh2 1.2.8 or higher that is itself linked against OpenSSL.) Example: curl --pubkey file.pub sftp://example.com/ See also --pass."
            },
            {
                "flag": "-Q",
                "long": "--quote",
                "arg": "<command>",
                "description": "(FTP SFTP) Send an arbitrary command to the remote FTP or SFTP server. Quote commands are sent BEFORE the transfer takes place (just after the initial PWD command in an FTP transfer, to be exact). To make commands take place after a successful transfer, pre‐ fix them with a dash '-'. To make commands be sent after curl has changed the working directory, just before the transfer command(s), prefix the command with a '+' (this is only supported for FTP). You may specify any number of commands. By default curl will stop at first failure. To make curl continue even if the command fails, prefix the command with an asterisk (*). Otherwise, if the server returns fail‐ ure for one of the commands, the entire operation will be aborted. You must send syntactically correct FTP commands as RFC 959 defines to FTP servers, or one of the commands listed below to SFTP servers. This option can be used multiple times. SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP quote commands itself before sending them to the server. File names may be quoted shell-style to embed spa‐ ces or special characters. Following is the list of all supported SFTP quote commands: atime date file The atime command sets the last access time of the file named by the file oper‐ and. The <date expression> can be all sorts of date strings, see the curlget‐ date(3) man page for date expression details. (Added in 7.73.0) chgrp group file The chgrp command sets the group ID of the file named by the file operand to the group ID specified by the group operand. The group operand is a decimal in‐ teger group ID. chmod mode file The chmod command modifies the file mode bits of the specified file. The mode operand is an octal integer mode number. chown user file The chown command sets the owner of the file named by the file operand to the user ID specified by the user operand. The user operand is a decimal integer user ID. ln sourcefile targetfile The ln and symlink commands create a symbolic link at the targetfile location pointing to the sourcefile location. mkdir directoryname The mkdir command creates the directory named by the directoryname operand. mtime date file The mtime command sets the last modification time of the file named by the file operand. The <date expression> can be all sorts of date strings, see the curlgetdate(3) man page for date expression details. (Added in 7.73.0) pwd The pwd command returns the absolute pathname of the current working directory. rename source target The rename command renames the file or directory named by the source operand to the destination path named by the target operand. rm file The rm command removes the file specified by the file operand. rmdir directory The rmdir command removes the directory entry specified by the directory oper‐ and, provided it is empty. symlink sourcefile targetfile See ln. Example: curl --quote \"DELE file\" ftp://example.com/foo See also -X, --request."
            },
            {
                "flag": "",
                "long": "--random-file",
                "arg": "<file>",
                "description": "Specify the path name to file containing what will be considered as random data. The data may be used to seed the random engine for SSL connections. See also the --egd- file option. Example: curl --random-file rubbish https://example.com See also --egd-file."
            },
            {
                "flag": "-r",
                "long": "--range",
                "arg": "<range>",
                "description": "(HTTP FTP SFTP FILE) Retrieve a byte range (i.e. a partial document) from an HTTP/1.1, FTP or SFTP server or a local FILE. Ranges can be specified in a number of ways. 0-499 specifies the first 500 bytes 500-999 specifies the second 500 bytes -500 specifies the last 500 bytes 9500- specifies the bytes from offset 9500 and forward 0-0,-1 specifies the first and last byte only(*)(HTTP) 100-199,500-599 specifies two separate 100-byte ranges(*) (HTTP) (*) = NOTE that this will cause the server to reply with a multipart response, which will be returned as-is by curl! Parsing or otherwise transforming this response is the responsibility of the caller. Only digit characters (0-9) are valid in the 'start' and 'stop' fields of the 'start- stop' range syntax. If a non-digit character is given in the range, the server's re‐ sponse will be unspecified, depending on the server's configuration. You should also be aware that many HTTP/1.1 servers do not have this feature enabled, so that when you attempt to get a range, you will instead get the whole document. FTP and SFTP range downloads only support the simple 'start-stop' syntax (optionally with one of the numbers omitted). FTP use depends on the extended FTP command SIZE. If this option is used several times, the last one will be used. Example: curl --range 22-44 https://example.com See also -C, --continue-at and -a, --append. --raw (HTTP) When used, it disables all internal HTTP decoding of content or transfer encod‐ ings and instead makes them passed on unaltered, raw. Example: curl --raw https://example.com See also --tr-encoding."
            },
            {
                "flag": "-e",
                "long": "--referer",
                "arg": "<URL>",
                "description": "(HTTP) Sends the \"Referrer Page\" information to the HTTP server. This can also be set with the -H, --header flag of course. When used with -L, --location you can append \";auto\" to the -e, --referer URL to make curl automatically set the previous URL when it follows a Location: header. The \";auto\" string can be used alone, even if you do not set an initial -e, --referer. If this option is used several times, the last one will be used. Examples: curl --referer \"https://fake.example\" https://example.com curl --referer \"https://fake.example;auto\" -L https://example.com curl --referer \";auto\" -L https://example.com See also -A, --user-agent and -H, --header."
            },
            {
                "flag": "-J",
                "long": "--remote-header-name",
                "arg": null,
                "description": "(HTTP) This option tells the -O, --remote-name option to use the server-specified Con‐ tent-Disposition filename instead of extracting a filename from the URL. If the server specifies a file name and a file with that name already exists in the current working directory it will not be overwritten and an error will occur. If the server does not specify a file name then this option has no effect. There's no attempt to decode %-sequences (yet) in the provided file name, so this op‐ tion may provide you with rather unexpected file names. WARNING: Exercise judicious use of this option, especially on Windows. A rogue server could send you the name of a DLL or other file that could be loaded automatically by Windows or some third party software. Example: curl -OJ https://example.com/file See also -O, --remote-name."
            },
            {
                "flag": "",
                "long": "--remote-name-all",
                "arg": null,
                "description": "This option changes the default action for all given URLs to be dealt with as if -O, --remote-name were used for each one. So if you want to disable that for a specific URL after --remote-name-all has been used, you must use \"-o -\" or --no-remote-name. Example: curl --remote-name-all ftp://example.com/file1 ftp://example.com/file2 See also -O, --remote-name."
            },
            {
                "flag": "-O",
                "long": "--remote-name",
                "arg": null,
                "description": "Write output to a local file named like the remote file we get. (Only the file part of the remote file is used, the path is cut off.) The file will be saved in the current working directory. If you want the file saved in a different directory, make sure you change the current working directory before in‐ voking curl with this option. The remote file name to use for saving is extracted from the given URL, nothing else, and if it already exists it will be overwritten. If you want the server to be able to choose the file name refer to -J, --remote-header-name which can be used in addition to this option. If the server chooses a file name and that name already exists it will not be overwritten. There is no URL decoding done on the file name. If it has %20 or other URL encoded parts of the name, they will end up as-is as file name. You may use this option as many times as the number of URLs you have. Example: curl -O https://example.com/filename See also --remote-name-all."
            },
            {
                "flag": "-R",
                "long": "--remote-time",
                "arg": null,
                "description": "When used, this will make curl attempt to figure out the timestamp of the remote file, and if that is available make the local file get that same timestamp. Example: curl --remote-time -o foo https://example.com See also -O, --remote-name and -z, --time-cond."
            },
            {
                "flag": "",
                "long": "--request-target",
                "arg": "<path>",
                "description": "(HTTP) Tells curl to use an alternative \"target\" (path) instead of using the path as provided in the URL. Particularly useful when wanting to issue HTTP requests without leading slash or other data that does not follow the regular URL pattern, like \"OP‐ TIONS *\". Example: curl --request-target \"*\" -X OPTIONS https://example.com See also -X, --request. Added in 7.55.0."
            },
            {
                "flag": "-X",
                "long": "--request",
                "arg": "<method>",
                "description": "(HTTP) Specifies a custom request method to use when communicating with the HTTP server. The specified request method will be used instead of the method otherwise used (which defaults to GET). Read the HTTP 1.1 specification for details and explanations. Common additional HTTP requests include PUT and DELETE, but related technologies like WebDAV offers PROPFIND, COPY, MOVE and more. Normally you do not need this option. All sorts of GET, HEAD, POST and PUT requests are rather invoked by using dedicated command line options. This option only changes the actual word used in the HTTP request, it does not alter the way curl behaves. So for example if you want to make a proper HEAD request, using -X HEAD will not suffice. You need to use the -I, --head option. The method string you set with -X, --request will be used for all requests, which if you for example use -L, --location may cause unintended side-effects when curl does not change request method according to the HTTP 30x response codes - and similar. (FTP) Specifies a custom FTP command to use instead of LIST when doing file lists with FTP. (POP3) Specifies a custom POP3 command to use instead of LIST or RETR. (IMAP) Specifies a custom IMAP command to use instead of LIST. (Added in 7.30.0) (SMTP) Specifies a custom SMTP command to use instead of HELP or VRFY. (Added in 7.34.0) If this option is used several times, the last one will be used. Examples: curl -X \"DELETE\" https://example.com curl -X NLST ftp://example.com/ See also --request-target. --resolve <[+]host:port:addr[,addr]...> Provide a custom address for a specific host and port pair. Using this, you can make the curl requests(s) use a specified address and prevent the otherwise normally re‐ solved address to be used. Consider it a sort of /etc/hosts alternative provided on the command line. The port number should be the number used for the specific protocol the host will be used for. It means you need several entries if you want to provide address for the same host but different ports. By specifying '*' as host you can tell curl to resolve any host and specific port pair to the specified address. Wildcard is resolved last so any --resolve with a specific host and port will be used first. The provided address set by this option will be used even if -4, --ipv4 or -6, --ipv6 is set to make curl use another IP version. By prefixing the host with a '+' you can make the entry time out after curl's default timeout (1 minute). Note that this will only make sense for long running parallel transfers with a lot of files. In such cases, if this option is used curl will try to resolve the host as it normally would once the timeout has expired. Support for providing the IP address within [brackets] was added in 7.57.0. Support for providing multiple IP addresses per entry was added in 7.59.0. Support for resolving with wildcard was added in 7.64.0. Support for the '+' prefix was was added in 7.75.0. This option can be used many times to add many host names to resolve. Example: curl --resolve example.com:443:127.0.0.1 https://example.com See also --connect-to and --alt-svc."
            },
            {
                "flag": "",
                "long": "--retry-all-errors",
                "arg": null,
                "description": "Retry on any error. This option is used together with --retry. This option is the \"sledgehammer\" of retrying. Do not use this option by default (eg in curlrc), there may be unintended consequences such as sending or receiving dupli‐ cate data. Do not use with redirected input or output. You'd be much better off han‐ dling your unique problems in shell script. Please read the example below. WARNING: For server compatibility curl attempts to retry failed flaky transfers as close as possible to how they were started, but this is not possible with redirected input or output. For example, before retrying it removes output data from a failed partial transfer that was written to an output file. However this is not true of data redirected to a | pipe or > file, which are not reset. We strongly suggest you do not parse or record output via redirect in combination with this option, since you may re‐ ceive duplicate data. By default curl will not error on an HTTP response code that indicates an HTTP error, if the transfer was successful. For example, if a server replies 404 Not Found and the reply is fully received then that is not an error. When --retry is used then curl will retry on some HTTP response codes that indicate transient HTTP errors, but that does not include most 4xx response codes such as 404. If you want to retry on all response codes that indicate HTTP errors (4xx and 5xx) then combine with -f, --fail. Example: curl --retry 5 --retry-all-errors https://example.com See also --retry. Added in 7.71.0."
            },
            {
                "flag": "",
                "long": "--retry-connrefused",
                "arg": null,
                "description": "In addition to the other conditions, consider ECONNREFUSED as a transient error too for --retry. This option is used together with --retry. Example: curl --retry-connrefused --retry https://example.com See also --retry and --retry-all-errors. Added in 7.52.0."
            },
            {
                "flag": "",
                "long": "--retry-delay",
                "arg": "<seconds>",
                "description": "Make curl sleep this amount of time before each retry when a transfer has failed with a transient error (it changes the default backoff time algorithm between retries). This option is only interesting if --retry is also used. Setting this delay to zero will make curl use the default backoff time. If this option is used several times, the last one will be used. Example: curl --retry-delay 5 --retry https://example.com See also --retry."
            },
            {
                "flag": "",
                "long": "--retry-max-time",
                "arg": "<seconds>",
                "description": "The retry timer is reset before the first transfer attempt. Retries will be done as usual (see --retry) as long as the timer has not reached this given limit. Notice that if the timer has not reached the limit, the request will be made and while performing, it may take longer than this given time period. To limit a single request's maximum time, use -m, --max-time. Set this option to zero to not timeout retries. If this option is used several times, the last one will be used. Example: curl --retry-max-time 30 --retry 10 https://example.com See also --retry."
            },
            {
                "flag": "",
                "long": "--retry",
                "arg": "<num>",
                "description": "If a transient error is returned when curl tries to perform a transfer, it will retry this number of times before giving up. Setting the number to 0 makes curl do no re‐ tries (which is the default). Transient error means either: a timeout, an FTP 4xx re‐ sponse code or an HTTP 408, 429, 500, 502, 503 or 504 response code. When curl is about to retry a transfer, it will first wait one second and then for all forthcoming retries it will double the waiting time until it reaches 10 minutes which then will be the delay between the rest of the retries. By using --retry-delay you disable this exponential backoff algorithm. See also --retry-max-time to limit the to‐ tal time allowed for retries. Since curl 7.66.0, curl will comply with the Retry-After: response header if one was present to know when to issue the next retry. If this option is used several times, the last one will be used. Example: curl --retry 7 https://example.com See also --retry-max-time."
            },
            {
                "flag": "",
                "long": "--sasl-authzid",
                "arg": "<identity>",
                "description": "Use this authorisation identity (authzid), during SASL PLAIN authentication, in addi‐ tion to the authentication identity (authcid) as specified by -u, --user. If the option is not specified, the server will derive the authzid from the authcid, but if specified, and depending on the server implementation, it may be used to access another user's inbox, that the user has been granted access to, or a shared mailbox for example. Example: curl --sasl-authzid zid imap://example.com/ See also --login-options. Added in 7.66.0."
            },
            {
                "flag": "",
                "long": "--sasl-ir",
                "arg": null,
                "description": "Enable initial response in SASL authentication. Example: curl --sasl-ir imap://example.com/ See also --sasl-authzid. Added in 7.31.0."
            },
            {
                "flag": "",
                "long": "--service-name",
                "arg": "<name>",
                "description": "This option allows you to change the service name for SPNEGO. Examples: --negotiate --service-name sockd would use sockd/server-name. Example: curl --service-name sockd/server https://example.com See also --negotiate and --proxy-service-name. Added in 7.43.0."
            },
            {
                "flag": "-S",
                "long": "--show-error",
                "arg": null,
                "description": "When used with -s, --silent, it makes curl show an error message if it fails. This option is global and does not need to be specified for each use of -:, --next. Example: curl --show-error --silent https://example.com See also --no-progress-meter."
            },
            {
                "flag": "-s",
                "long": "--silent",
                "arg": null,
                "description": "Silent or quiet mode. Do not show progress meter or error messages. Makes Curl mute. It will still output the data you ask for, potentially even to the terminal/stdout un‐ less you redirect it. Use -S, --show-error in addition to this option to disable progress meter but still show error messages. Example: curl -s https://example.com See also -v, --verbose, --stderr and --no-progress-meter. --socks4 <host[:port]> Use the specified SOCKS4 proxy. If the port number is not specified, it is assumed at port 1080. Using this socket type make curl resolve the host name and passing the ad‐ dress on to the proxy. This option overrides any previous use of -x, --proxy, as they are mutually exclusive. This option is superfluous since you can specify a socks4 proxy with -x, --proxy using a socks4:// protocol prefix. Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at the same time -x, --proxy is used with an HTTP/HTTPS proxy. In such a case curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. If this option is used several times, the last one will be used. Example: curl --socks4 hostname:4096 https://example.com See also --socks4a, --socks5 and --socks5-hostname. --socks4a <host[:port]> Use the specified SOCKS4a proxy. If the port number is not specified, it is assumed at port 1080. This asks the proxy to resolve the host name. This option overrides any previous use of -x, --proxy, as they are mutually exclusive. This option is superfluous since you can specify a socks4a proxy with -x, --proxy us‐ ing a socks4a:// protocol prefix. Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at the same time -x, --proxy is used with an HTTP/HTTPS proxy. In such a case curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. If this option is used several times, the last one will be used. Example: curl --socks4a hostname:4096 https://example.com See also --socks4, --socks5 and --socks5-hostname."
            },
            {
                "flag": "",
                "long": "--socks5-basic",
                "arg": null,
                "description": "Tells curl to use username/password authentication when connecting to a SOCKS5 proxy. The username/password authentication is enabled by default. Use --socks5-gssapi to force GSS-API authentication to SOCKS5 proxies. Example: curl --socks5-basic --socks5 hostname:4096 https://example.com See also --socks5. Added in 7.55.0."
            },
            {
                "flag": "",
                "long": "--socks5-gssapi-nec",
                "arg": null,
                "description": "As part of the GSS-API negotiation a protection mode is negotiated. RFC 1961 says in section 4.3/4.4 it should be protected, but the NEC reference implementation does not. The option --socks5-gssapi-nec allows the unprotected exchange of the protection mode negotiation. Example: curl --socks5-gssapi-nec --socks5 hostname:4096 https://example.com See also --socks5."
            },
            {
                "flag": "",
                "long": "--socks5-gssapi-service",
                "arg": "<name>",
                "description": "The default service name for a socks server is rcmd/server-fqdn. This option allows you to change it. Examples: --socks5 proxy-name --socks5-gssapi-service sockd would use sockd/proxy-name --socks5 proxy-name --socks5-gssapi-service sockd/real-name would use sockd/real-name for cases where the proxy-name does not match the principal name. Example: curl --socks5-gssapi-service sockd --socks5 hostname:4096 https://example.com See also --socks5."
            },
            {
                "flag": "",
                "long": "--socks5-gssapi",
                "arg": null,
                "description": "Tells curl to use GSS-API authentication when connecting to a SOCKS5 proxy. The GSS- API authentication is enabled by default (if curl is compiled with GSS-API support). Use --socks5-basic to force username/password authentication to SOCKS5 proxies. Example: curl --socks5-gssapi --socks5 hostname:4096 https://example.com See also --socks5. Added in 7.55.0. --socks5-hostname <host[:port]> Use the specified SOCKS5 proxy (and let the proxy resolve the host name). If the port number is not specified, it is assumed at port 1080. This option overrides any previous use of -x, --proxy, as they are mutually exclusive. This option is superfluous since you can specify a socks5 hostname proxy with -x, --proxy using a socks5h:// protocol prefix. Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at the same time -x, --proxy is used with an HTTP/HTTPS proxy. In such a case curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. If this option is used several times, the last one will be used. Example: curl --socks5-hostname proxy.example:7000 https://example.com See also --socks5 and --socks4a. --socks5 <host[:port]> Use the specified SOCKS5 proxy - but resolve the host name locally. If the port number is not specified, it is assumed at port 1080. This option overrides any previous use of -x, --proxy, as they are mutually exclusive. This option is superfluous since you can specify a socks5 proxy with -x, --proxy using a socks5:// protocol prefix. Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at the same time -x, --proxy is used with an HTTP/HTTPS proxy. In such a case curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. If this option is used several times, the last one will be used. This option (as well as --socks4) does not work with IPV6, FTPS or LDAP. Example: curl --socks5 proxy.example:7000 https://example.com See also --socks5-hostname and --socks4a."
            },
            {
                "flag": "-Y",
                "long": "--speed-limit",
                "arg": "<speed>",
                "description": "If a download is slower than this given speed (in bytes per second) for speed-time seconds it gets aborted. speed-time is set with -y, --speed-time and is 30 if not set. If this option is used several times, the last one will be used. Example: curl --speed-limit 300 --speed-time 10 https://example.com See also -y, --speed-time, --limit-rate and -m, --max-time."
            },
            {
                "flag": "-y",
                "long": "--speed-time",
                "arg": "<seconds>",
                "description": "If a download is slower than speed-limit bytes per second during a speed-time period, the download gets aborted. If speed-time is used, the default speed-limit will be 1 unless set with -Y, --speed-limit. This option controls transfers and thus will not affect slow connects etc. If this is a concern for you, try the --connect-timeout option. If this option is used several times, the last one will be used. Example: curl --speed-limit 300 --speed-time 10 https://example.com See also -Y, --speed-limit and --limit-rate."
            },
            {
                "flag": "",
                "long": "--ssl-allow-beast",
                "arg": null,
                "description": "This option tells curl to not work around a security flaw in the SSL3 and TLS1.0 pro‐ tocols known as BEAST. If this option is not used, the SSL layer may use workarounds known to cause interoperability problems with some older SSL implementations. WARNING: this option loosens the SSL security, and by using this flag you ask for ex‐ actly that. Example: curl --ssl-allow-beast https://example.com See also --proxy-ssl-allow-beast and -k, --insecure."
            },
            {
                "flag": "",
                "long": "--ssl-auto-client-cert",
                "arg": null,
                "description": "Tell libcurl to automatically locate and use a client certificate for authentication, when requested by the server. This option is only supported for Schannel (the native Windows SSL library). Prior to 7.77.0 this was the default behavior in libcurl with Schannel. Since the server can request any certificate that supports client authenti‐ cation in the OS certificate store it could be a privacy violation and unexpected. Example: curl --ssl-auto-client-cert https://example.com See also --proxy-ssl-auto-client-cert. Added in 7.77.0."
            },
            {
                "flag": "",
                "long": "--ssl-no-revoke",
                "arg": null,
                "description": "(Schannel) This option tells curl to disable certificate revocation checks. WARNING: this option loosens the SSL security, and by using this flag you ask for exactly that. Example: curl --ssl-no-revoke https://example.com See also --crlfile. Added in 7.44.0."
            },
            {
                "flag": "",
                "long": "--ssl-reqd",
                "arg": null,
                "description": "(FTP IMAP POP3 SMTP LDAP) Require SSL/TLS for the connection. Terminates the connec‐ tion if the server does not support SSL/TLS. This option is handled in LDAP since version 7.81.0. It is fully supported by the openldap backend and rejected by the generic ldap backend if explicit TLS is required. This option was formerly known as --ftp-ssl-reqd. Example: curl --ssl-reqd ftp://example.com See also --ssl and -k, --insecure."
            },
            {
                "flag": "",
                "long": "--ssl-revoke-best-effort",
                "arg": null,
                "description": "(Schannel) This option tells curl to ignore certificate revocation checks when they failed due to missing/offline distribution points for the revocation check lists. Example: curl --ssl-revoke-best-effort https://example.com See also --crlfile and -k, --insecure. Added in 7.70.0. --ssl (FTP IMAP POP3 SMTP LDAP) Try to use SSL/TLS for the connection. Reverts to a non-se‐ cure connection if the server does not support SSL/TLS. See also --ftp-ssl-control and --ssl-reqd for different levels of encryption required. This option is handled in LDAP since version 7.81.0. It is fully supported by the openldap backend and ignored by the generic ldap backend. Please note that a server may close the connection if the negotiation does not suc‐ ceed. This option was formerly known as --ftp-ssl. That option name can still be used but will be removed in a future version. Example: curl --ssl pop3://example.com/ See also -k, --insecure and --ciphers. -2, --sslv2 (SSL) This option previously asked curl to use SSLv2, but starting in curl 7.77.0 this instruction is ignored. SSLv2 is widely considered insecure (see RFC 6176). Example: curl --sslv2 https://example.com See also --http1.1 and --http2. -2, --sslv2 requires that the underlying libcurl was built to support TLS. This option overrides -3, --sslv3 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2. -3, --sslv3 (SSL) This option previously asked curl to use SSLv3, but starting in curl 7.77.0 this instruction is ignored. SSLv3 is widely considered insecure (see RFC 7568). Example: curl --sslv3 https://example.com See also --http1.1 and --http2. -3, --sslv3 requires that the underlying libcurl was built to support TLS. This option overrides -2, --sslv2 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2."
            },
            {
                "flag": "",
                "long": "--stderr",
                "arg": "<file>",
                "description": "Redirect all writes to stderr to the specified file instead. If the file name is a plain '-', it is instead written to stdout. This option is global and does not need to be specified for each use of -:, --next. If this option is used several times, the last one will be used. Example: curl --stderr output.txt https://example.com See also -v, --verbose and -s, --silent."
            },
            {
                "flag": "",
                "long": "--styled-output",
                "arg": null,
                "description": "Enables the automatic use of bold font styles when writing HTTP headers to the termi‐ nal. Use --no-styled-output to switch them off. This option is global and does not need to be specified for each use of -:, --next. Example: curl --styled-output -I https://example.com See also -I, --head and -v, --verbose. Added in 7.61.0."
            },
            {
                "flag": "",
                "long": "--suppress-connect-headers",
                "arg": null,
                "description": "When -p, --proxytunnel is used and a CONNECT request is made do not output proxy CON‐ NECT response headers. This option is meant to be used with -D, --dump-header or -i, --include which are used to show protocol headers in the output. It has no effect on debug options such as -v, --verbose or --trace, or any statistics. Example: curl --suppress-connect-headers --include -x proxy https://example.com See also -D, --dump-header, -i, --include and -p, --proxytunnel. Added in 7.54.0."
            },
            {
                "flag": "",
                "long": "--tcp-fastopen",
                "arg": null,
                "description": "Enable use of TCP Fast Open (RFC7413). Example: curl --tcp-fastopen https://example.com See also --false-start. Added in 7.49.0."
            },
            {
                "flag": "",
                "long": "--tcp-nodelay",
                "arg": null,
                "description": "Turn on the TCPNODELAY option. See the curleasysetopt(3) man page for details about this option. Since 7.50.2, curl sets this option by default and you need to explicitly switch it off if you do not want it on. Example: curl --tcp-nodelay https://example.com See also -N, --no-buffer."
            },
            {
                "flag": "-t",
                "long": "--telnet-option",
                "arg": "<opt=val>",
                "description": "Pass options to the telnet protocol. Supported options are: TTYPE=<term> Sets the terminal type. XDISPLOC=<X display> Sets the X display location. NEWENV=<var,val> Sets an environment variable. Example: curl -t TTYPE=vt100 telnet://example.com/ See also -K, --config."
            },
            {
                "flag": "",
                "long": "--tftp-blksize",
                "arg": "<value>",
                "description": "(TFTP) Set TFTP BLKSIZE option (must be >512). This is the block size that curl will try to use when transferring data to or from a TFTP server. By default 512 bytes will be used. If this option is used several times, the last one will be used. Example: curl --tftp-blksize 1024 tftp://example.com/file See also --tftp-no-options."
            },
            {
                "flag": "",
                "long": "--tftp-no-options",
                "arg": null,
                "description": "(TFTP) Tells curl not to send TFTP options requests. This option improves interop with some legacy servers that do not acknowledge or prop‐ erly implement TFTP options. When this option is used --tftp-blksize is ignored. Example: curl --tftp-no-options tftp://192.168.0.1/ See also --tftp-blksize. Added in 7.48.0."
            },
            {
                "flag": "-z",
                "long": "--time-cond",
                "arg": "<time>",
                "description": "(HTTP FTP) Request a file that has been modified later than the given time and date, or one that has been modified before that time. The <date expression> can be all sorts of date strings or if it does not match any internal ones, it is taken as a filename and tries to get the modification date (mtime) from <file> instead. See the curlget‐ date(3) man pages for date expression details. Start the date expression with a dash (-) to make it request for a document that is older than the given date/time, default is a document that is newer than the specified date/time. If this option is used several times, the last one will be used. Examples: curl -z \"Wed 01 Sep 2021 12:18:00\" https://example.com curl -z \"-Wed 01 Sep 2021 12:18:00\" https://example.com curl -z file https://example.com See also --etag-compare and -R, --remote-time."
            },
            {
                "flag": "",
                "long": "--tls-max",
                "arg": "<VERSION>",
                "description": "(SSL) VERSION defines maximum supported TLS version. The minimum acceptable version is set by tlsv1.0, tlsv1.1, tlsv1.2 or tlsv1.3. If the connection is done without TLS, this option has no effect. This includes QUIC- using (HTTP/3) transfers. default Use up to recommended TLS version. 1.0 Use up to TLSv1.0. 1.1 Use up to TLSv1.1. 1.2 Use up to TLSv1.2. 1.3 Use up to TLSv1.3. Examples: curl --tls-max 1.2 https://example.com curl --tls-max 1.3 --tlsv1.2 https://example.com See also --tlsv1.0, --tlsv1.1, --tlsv1.2 and --tlsv1.3. --tls-max requires that the underly‐ ing libcurl was built to support TLS. Added in 7.54.0."
            },
            {
                "flag": "",
                "long": "--tls13-ciphers",
                "arg": null,
                "description": "(TLS) Specifies which cipher suites to use in the connection if it negotiates TLS 1.3. The list of ciphers suites must specify valid ciphers. Read up on TLS 1.3 cipher suite details on this URL: https://curl.se/docs/ssl-ciphers.html This option is currently used only when curl is built to use OpenSSL 1.1.1 or later. If you are using a different SSL backend you can try setting TLS 1.3 cipher suites by using the --ciphers option. If this option is used several times, the last one will be used. Example: curl --tls13-ciphers TLSAES128GCMSHA256 https://example.com See also --ciphers and --curves. Added in 7.61.0."
            },
            {
                "flag": "",
                "long": "--tlsauthtype",
                "arg": "<type>",
                "description": "Set TLS authentication type. Currently, the only supported option is \"SRP\", for TLS- SRP (RFC 5054). If --tlsuser and --tlspassword are specified but --tlsauthtype is not, then this option defaults to \"SRP\". This option works only if the underlying libcurl is built with TLS-SRP support, which requires OpenSSL or GnuTLS with TLS-SRP support. Example: curl --tlsauthtype SRP https://example.com See also --tlsuser."
            },
            {
                "flag": "",
                "long": "--tlspassword",
                "arg": "<string>",
                "description": "Set password for use with the TLS authentication method specified with --tlsauthtype. Requires that --tlsuser also be set. This option does not work with TLS 1.3. Example: curl --tlspassword pwd --tlsuser user https://example.com See also --tlsuser."
            },
            {
                "flag": "",
                "long": "--tlsuser",
                "arg": "<name>",
                "description": "Set username for use with the TLS authentication method specified with --tlsauthtype. Requires that --tlspassword also is set. This option does not work with TLS 1.3. Example: curl --tlspassword pwd --tlsuser user https://example.com See also --tlspassword. --tlsv1.0 (TLS) Forces curl to use TLS version 1.0 or later when connecting to a remote TLS server. In old versions of curl this option was documented to allow only TLS 1.0. That be‐ havior was inconsistent depending on the TLS library. Use --tls-max if you want to set a maximum TLS version. Example: curl --tlsv1.0 https://example.com See also --tlsv1.3. Added in 7.34.0. --tlsv1.1 (TLS) Forces curl to use TLS version 1.1 or later when connecting to a remote TLS server. In old versions of curl this option was documented to allow only TLS 1.1. That be‐ havior was inconsistent depending on the TLS library. Use --tls-max if you want to set a maximum TLS version. Example: curl --tlsv1.1 https://example.com See also --tlsv1.3. Added in 7.34.0. --tlsv1.2 (TLS) Forces curl to use TLS version 1.2 or later when connecting to a remote TLS server. In old versions of curl this option was documented to allow only TLS 1.2. That be‐ havior was inconsistent depending on the TLS library. Use --tls-max if you want to set a maximum TLS version. Example: curl --tlsv1.2 https://example.com See also --tlsv1.3. Added in 7.34.0. --tlsv1.3 (TLS) Forces curl to use TLS version 1.3 or later when connecting to a remote TLS server. If the connection is done without TLS, this option has no effect. This includes QUIC- using (HTTP/3) transfers. Note that TLS 1.3 is not supported by all TLS backends. Example: curl --tlsv1.3 https://example.com See also --tlsv1.2. Added in 7.52.0. -1, --tlsv1 (SSL) Tells curl to use at least TLS version 1.x when negotiating with a remote TLS server. That means TLS version 1.0 or higher Example: curl --tlsv1 https://example.com See also --http1.1 and --http2. -1, --tlsv1 requires that the underlying libcurl was built to support TLS. This option overrides --tlsv1.1 and --tlsv1.2 and --tlsv1.3."
            },
            {
                "flag": "",
                "long": "--tr-encoding",
                "arg": null,
                "description": "(HTTP) Request a compressed Transfer-Encoding response using one of the algorithms curl supports, and uncompress the data while receiving it. Example: curl --tr-encoding https://example.com See also --compressed."
            },
            {
                "flag": "",
                "long": "--trace-ascii",
                "arg": "<file>",
                "description": "Enables a full trace dump of all incoming and outgoing data, including descriptive in‐ formation, to the given output file. Use \"-\" as filename to have the output sent to stdout. This is similar to --trace, but leaves out the hex part and only shows the ASCII part of the dump. It makes smaller output that might be easier to read for untrained hu‐ mans. This option is global and does not need to be specified for each use of -:, --next. If this option is used several times, the last one will be used. Example: curl --trace-ascii log.txt https://example.com See also -v, --verbose and --trace. This option overrides --trace and -v, --verbose."
            },
            {
                "flag": "",
                "long": "--trace-time",
                "arg": null,
                "description": "Prepends a time stamp to each trace or verbose line that curl displays. This option is global and does not need to be specified for each use of -:, --next. Example: curl --trace-time --trace-ascii output https://example.com See also --trace and -v, --verbose."
            },
            {
                "flag": "",
                "long": "--trace",
                "arg": "<file>",
                "description": "Enables a full trace dump of all incoming and outgoing data, including descriptive in‐ formation, to the given output file. Use \"-\" as filename to have the output sent to stdout. Use \"%\" as filename to have the output sent to stderr. This option is global and does not need to be specified for each use of -:, --next. If this option is used several times, the last one will be used. Example: curl --trace log.txt https://example.com See also --trace-ascii and --trace-time. This option overrides -v, --verbose and --trace-ascii."
            },
            {
                "flag": "",
                "long": "--unix-socket",
                "arg": "<path>",
                "description": "(HTTP) Connect through this Unix domain socket, instead of using the network. Example: curl --unix-socket socket-path https://example.com See also --abstract-unix-socket. Added in 7.40.0."
            },
            {
                "flag": "-T",
                "long": "--upload-file",
                "arg": "<file>",
                "description": "This transfers the specified local file to the remote URL. If there is no file part in the specified URL, curl will append the local file name. NOTE that you must use a trailing / on the last directory to really prove to Curl that there is no file name or curl will think that your last directory name is the remote file name to use. That will most likely cause the upload operation to fail. If this is used on an HTTP(S) server, the PUT command will be used. Use the file name \"-\" (a single dash) to use stdin instead of a given file. Alter‐ nately, the file name \".\" (a single period) may be specified instead of \"-\" to use stdin in non-blocking mode to allow reading server output while stdin is being up‐ loaded. You can specify one -T, --upload-file for each URL on the command line. Each -T, --up‐ load-file + URL pair specifies what to upload and to where. curl also supports \"glob‐ bing\" of the -T, --upload-file argument, meaning that you can upload multiple files to a single URL by using the same URL globbing style supported in the URL. When uploading to an SMTP server: the uploaded data is assumed to be RFC 5322 format‐ ted. It has to feature the necessary set of headers and mail body formatted correctly by the user as curl will not transcode nor encode it further in any way. Examples: curl -T file https://example.com curl -T \"img[1-1000].png\" ftp://ftp.example.com/ curl --upload-file \"{file1,file2}\" https://example.com See also -G, --get and -I, --head."
            },
            {
                "flag": "",
                "long": "--url",
                "arg": "<url>",
                "description": "Specify a URL to fetch. This option is mostly handy when you want to specify URL(s) in a config file. If the given URL is missing a scheme name (such as \"http://\" or \"ftp://\" etc) then curl will make a guess based on the host. If the outermost sub-domain name matches DICT, FTP, IMAP, LDAP, POP3 or SMTP then that protocol will be used, otherwise HTTP will be used. Since 7.45.0 guessing can be disabled by setting a default protocol, see --proto-default for details. This option may be used any number of times. To control where this URL is written, use the -o, --output or the -O, --remote-name options. WARNING: On Windows, particular file:// accesses can be converted to network accesses by the operating system. Beware! Example: curl --url https://example.com See also -:, --next and -K, --config."
            },
            {
                "flag": "-B",
                "long": "--use-ascii",
                "arg": null,
                "description": "(FTP LDAP) Enable ASCII transfer. For FTP, this can also be enforced by using a URL that ends with \";type=A\". This option causes data sent to stdout to be in text mode for win32 systems. Example: curl -B ftp://example.com/README See also --crlf and --data-ascii."
            },
            {
                "flag": "-A",
                "long": "--user-agent",
                "arg": "<name>",
                "description": "(HTTP) Specify the User-Agent string to send to the HTTP server. To encode blanks in the string, surround the string with single quote marks. This header can also be set with the -H, --header or the --proxy-header options. If you give an empty argument to -A, --user-agent (\"\"), it will remove the header com‐ pletely from the request. If you prefer a blank header, you can set it to a single space (\" \"). If this option is used several times, the last one will be used. Example: curl -A \"Agent 007\" https://example.com See also -H, --header and --proxy-header."
            },
            {
                "flag": "-u",
                "long": "--user",
                "arg": "<user:password>",
                "description": "Specify the user name and password to use for server authentication. Overrides -n, --netrc and --netrc-optional. If you simply specify the user name, curl will prompt for a password. The user name and passwords are split up on the first colon, which makes it impossible to use a colon in the user name with this option. The password can, still. On systems where it works, curl will hide the given option argument from process list‐ ings. This is not enough to protect credentials from possibly getting seen by other users on the same system as they will still be visible for a moment before cleared. Such sensitive data should be retrieved from a file instead or similar and never used in clear text in a command line. When using Kerberos V5 with a Windows based server you should include the Windows do‐ main name in the user name, in order for the server to successfully obtain a Kerberos Ticket. If you do not, then the initial authentication handshake may fail. When using NTLM, the user name can be specified simply as the user name, without the domain, if there is a single domain and forest in your setup for example. To specify the domain name use either Down-Level Logon Name or UPN (User Principal Name) formats. For example, EXAMPLE\\user and user@example.com respectively. If you use a Windows SSPI-enabled curl binary and perform Kerberos V5, Negotiate, NTLM or Digest authentication then you can tell curl to select the user name and password from your environment by specifying a single colon with this option: \"-u :\". If this option is used several times, the last one will be used. Example: curl -u user:secret https://example.com See also -n, --netrc and -K, --config."
            },
            {
                "flag": "-v",
                "long": "--verbose",
                "arg": null,
                "description": "Makes curl verbose during the operation. Useful for debugging and seeing what's going on \"under the hood\". A line starting with '>' means \"header data\" sent by curl, '<' means \"header data\" received by curl that is hidden in normal cases, and a line start‐ ing with '*' means additional info provided by curl. If you only want HTTP headers in the output, -i, --include might be the option you are looking for. If you think this option still does not give you enough details, consider using --trace or --trace-ascii instead. This option is global and does not need to be specified for each use of -:, --next. Use -s, --silent to make curl really quiet. Example: curl --verbose https://example.com See also -i, --include. This option overrides --trace and --trace-ascii."
            },
            {
                "flag": "-V",
                "long": "--version",
                "arg": null,
                "description": "Displays information about curl and the libcurl version it uses. The first line includes the full version of curl, libcurl and other 3rd party li‐ braries linked with the executable. The second line (starts with \"Protocols:\") shows all protocols that libcurl reports to support. The third line (starts with \"Features:\") shows specific features libcurl reports to offer. Available features include: alt-svc Support for the Alt-Svc: header is provided. AsynchDNS This curl uses asynchronous name resolves. Asynchronous name resolves can be done using either the c-ares or the threaded resolver backends. brotli Support for automatic brotli compression over HTTP(S). CharConv curl was built with support for character set conversions (like EBCDIC) Debug This curl uses a libcurl built with Debug. This enables more error-tracking and memory debugging etc. For curl-developers only! gsasl The built-in SASL authentication includes extensions to support SCRAM because libcurl was built with libgsasl. GSS-API GSS-API is supported. HSTS HSTS support is present. HTTP2 HTTP/2 support has been built-in. HTTP3 HTTP/3 support has been built-in. HTTPS-proxy This curl is built to support HTTPS proxy. IDN This curl supports IDN - international domain names. IPv6 You can use IPv6 with this. Kerberos Kerberos V5 authentication is supported. Largefile This curl supports transfers of large files, files larger than 2GB. libz Automatic decompression (via gzip, deflate) of compressed files over HTTP is supported. MultiSSL This curl supports multiple TLS backends. NTLM NTLM authentication is supported. NTLMWB NTLM delegation to winbind helper is supported. PSL PSL is short for Public Suffix List and means that this curl has been built with knowledge about \"public suffixes\". SPNEGO SPNEGO authentication is supported. SSL SSL versions of various protocols are supported, such as HTTPS, FTPS, POP3S and so on. SSPI SSPI is supported. TLS-SRP SRP (Secure Remote Password) authentication is supported for TLS. TrackMemory Debug memory tracking is supported. Unicode Unicode support on Windows. UnixSockets Unix sockets support is provided. zstd Automatic decompression (via zstd) of compressed files over HTTP is supported. Example: curl --version See also -h, --help and -M, --manual."
            },
            {
                "flag": "-w",
                "long": "--write-out",
                "arg": "<format>",
                "description": "Make curl display information on stdout after a completed transfer. The format is a string that may contain plain text mixed with any number of variables. The format can be specified as a literal \"string\", or you can have curl read the format from a file with \"@filename\" and to tell curl to read the format from stdin you write \"@-\". The variables present in the output format will be substituted by the value or text that curl thinks fit, as described below. All variables are specified as %{vari‐ ablename} and to output a normal % you just write them as %%. You can output a new‐ line by using \\n, a carriage return with \\r and a tab space with \\t. The output will be written to standard output, but this can be switched to standard error by using %{stderr}. NOTE: The %-symbol is a special symbol in the win32-environment, where all occurrences of % must be doubled when using this option. The variables available are: contenttype The Content-Type of the requested document, if there was any. errormsg The error message. (Added in 7.75.0) exitcode The numerical exitcode of the transfer. (Added in 7.75.0) filenameeffective The ultimate filename that curl writes out to. This is only meaningful if curl is told to write to a file with the -O, --remote-name or -o, --output option. It's most useful in combination with the -J, --remote- header-name option. ftpentrypath The initial path curl ended up in when logging on to the remote FTP server. httpcode The numerical response code that was found in the last retrieved HTTP(S) or FTP(s) transfer. httpconnect The numerical code that was found in the last response (from a proxy) to a curl CONNECT request. httpversion The http version that was effectively used. (Added in 7.50.0) json A JSON object with all available keys. localip The IP address of the local end of the most recently done connection - can be either IPv4 or IPv6. localport The local port number of the most recently done connection. method The http method used in the most recent HTTP request. (Added in 7.72.0) numconnects Number of new connects made in the recent transfer. numheaders The number of response headers in the most recent request (restarted at each redirect). Note that the status line IS NOT a header. (Added in 7.73.0) numredirects Number of redirects that were followed in the request. onerror The rest of the output is only shown if the transfer returned a non- zero error (Added in 7.75.0) proxysslverifyresult The result of the HTTPS proxy's SSL peer certificate verification that was requested. 0 means the verification was successful. (Added in 7.52.0) redirecturl When an HTTP request was made without -L, --location to follow redi‐ rects (or when --max-redirs is met), this variable will show the actual URL a redirect would have gone to. referer The Referer: header, if there was any. (Added in 7.76.0) remoteip The remote IP address of the most recently done connection - can be ei‐ ther IPv4 or IPv6. remoteport The remote port number of the most recently done connection. responsecode The numerical response code that was found in the last transfer (for‐ merly known as \"httpcode\"). scheme The URL scheme (sometimes called protocol) that was effectively used. (Added in 7.52.0) sizedownload The total amount of bytes that were downloaded. This is the size of the body/data that was transferred, excluding headers. sizeheader The total amount of bytes of the downloaded headers. sizerequest The total amount of bytes that were sent in the HTTP request. sizeupload The total amount of bytes that were uploaded. This is the size of the body/data that was transferred, excluding headers. speeddownload The average download speed that curl measured for the complete down‐ load. Bytes per second. speedupload The average upload speed that curl measured for the complete upload. Bytes per second. sslverifyresult The result of the SSL peer certificate verification that was requested. 0 means the verification was successful. stderr From this point on, the -w, --write-out output will be written to stan‐ dard error. (Added in 7.63.0) stdout From this point on, the -w, --write-out output will be written to stan‐ dard output. This is the default, but can be used to switch back after switching to stderr. (Added in 7.63.0) timeappconnect The time, in seconds, it took from the start until the SSL/SSH/etc con‐ nect/handshake to the remote host was completed. timeconnect The time, in seconds, it took from the start until the TCP connect to the remote host (or proxy) was completed. timenamelookup The time, in seconds, it took from the start until the name resolving was completed. timepretransfer The time, in seconds, it took from the start until the file transfer was just about to begin. This includes all pre-transfer commands and negotiations that are specific to the particular protocol(s) involved. timeredirect The time, in seconds, it took for all redirection steps including name lookup, connect, pretransfer and transfer before the final transaction was started. timeredirect shows the complete execution time for multi‐ ple redirections. timestarttransfer The time, in seconds, it took from the start until the first byte was just about to be transferred. This includes timepretransfer and also the time the server needed to calculate the result. timetotal The total time, in seconds, that the full operation lasted. url The URL that was fetched. (Added in 7.75.0) urlnum The URL index number of this transfer, 0-indexed. De-globbed URLs share the same index number as the origin globbed URL. (Added in 7.75.0) urleffective The URL that was fetched last. This is most meaningful if you have told curl to follow location: headers. If this option is used several times, the last one will be used. Example: curl -w '%{httpcode}\\n' https://example.com See also -v, --verbose and -I, --head."
            },
            {
                "flag": "",
                "long": "--xattr",
                "arg": null,
                "description": "When saving output to a file, this option tells curl to store certain file metadata in extended file attributes. Currently, the URL is stored in the xdg.origin.url attribute and, for HTTP, the content type is stored in the mimetype attribute. If the file sys‐ tem does not support extended attributes, a warning is issued. Example: curl --xattr -o storage https://example.com See also -R, --remote-time, -w, --write-out and -v, --verbose."
            }
        ],
        "examples": [],
        "see_also": [
            {
                "name": "ftp",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/ftp/1/json"
            },
            {
                "name": "wget",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/wget/1/json"
            }
        ],
        "section_outline": [
            {
                "name": "NAME",
                "lines": 2,
                "subsections": []
            },
            {
                "name": "SYNOPSIS",
                "lines": 1,
                "subsections": [
                    {
                        "name": "curl [options / URLs]",
                        "lines": 1
                    }
                ]
            },
            {
                "name": "DESCRIPTION",
                "lines": 11,
                "subsections": []
            },
            {
                "name": "URL",
                "lines": 51,
                "subsections": []
            },
            {
                "name": "OUTPUT",
                "lines": 8,
                "subsections": []
            },
            {
                "name": "PROTOCOLS",
                "lines": 53,
                "subsections": []
            },
            {
                "name": "PROGRESS METER",
                "lines": 18,
                "subsections": []
            },
            {
                "name": "OPTIONS",
                "lines": 14,
                "subsections": [
                    {
                        "name": "--abstract-unix-socket <path>",
                        "lines": 9,
                        "long": "--abstract-unix-socket",
                        "arg": "<path>"
                    },
                    {
                        "name": "--alt-svc <file name>",
                        "lines": 15,
                        "long": "--alt-svc"
                    },
                    {
                        "name": "--anyauth",
                        "lines": 17,
                        "long": "--anyauth"
                    },
                    {
                        "name": "-a, --append",
                        "lines": 26,
                        "flag": "-a",
                        "long": "--append"
                    },
                    {
                        "name": "--basic",
                        "lines": 12,
                        "long": "--basic"
                    },
                    {
                        "name": "--cacert <file>",
                        "lines": 33,
                        "long": "--cacert",
                        "arg": "<file>"
                    },
                    {
                        "name": "--capath <dir>",
                        "lines": 15,
                        "long": "--capath",
                        "arg": "<dir>"
                    },
                    {
                        "name": "--cert-status",
                        "lines": 14,
                        "long": "--cert-status"
                    },
                    {
                        "name": "--cert-type <type>",
                        "lines": 55,
                        "long": "--cert-type",
                        "arg": "<type>"
                    },
                    {
                        "name": "--ciphers <list of ciphers>",
                        "lines": 12,
                        "long": "--ciphers"
                    },
                    {
                        "name": "--compressed-ssh",
                        "lines": 8,
                        "long": "--compressed-ssh"
                    },
                    {
                        "name": "--compressed",
                        "lines": 12,
                        "long": "--compressed"
                    },
                    {
                        "name": "-K, --config <file>",
                        "lines": 67,
                        "flag": "-K",
                        "long": "--config",
                        "arg": "<file>"
                    },
                    {
                        "name": "--connect-timeout <fractional seconds>",
                        "lines": 12,
                        "long": "--connect-timeout"
                    },
                    {
                        "name": "--connect-to <HOST1:PORT1:HOST2:PORT2>",
                        "lines": 19,
                        "long": "--connect-to",
                        "arg": "<HOST1:PORT1:HOST2:PORT2>"
                    },
                    {
                        "name": "-C, --continue-at <offset>",
                        "lines": 16,
                        "flag": "-C",
                        "long": "--continue-at",
                        "arg": "<offset>"
                    },
                    {
                        "name": "-c, --cookie-jar <filename>",
                        "lines": 22,
                        "flag": "-c",
                        "long": "--cookie-jar",
                        "arg": "<filename>"
                    },
                    {
                        "name": "-b, --cookie <data|filename>",
                        "lines": 34,
                        "flag": "-b",
                        "long": "--cookie",
                        "arg": "<data|filename>"
                    },
                    {
                        "name": "--create-dirs",
                        "lines": 14,
                        "long": "--create-dirs"
                    },
                    {
                        "name": "--create-file-mode <mode>",
                        "lines": 22,
                        "long": "--create-file-mode",
                        "arg": "<mode>"
                    },
                    {
                        "name": "--crlfile <file>",
                        "lines": 10,
                        "long": "--crlfile",
                        "arg": "<file>"
                    },
                    {
                        "name": "--curves <algorithm list>",
                        "lines": 15,
                        "long": "--curves"
                    },
                    {
                        "name": "--data-ascii <data>",
                        "lines": 7,
                        "long": "--data-ascii",
                        "arg": "<data>"
                    },
                    {
                        "name": "--data-binary <data>",
                        "lines": 19,
                        "long": "--data-binary",
                        "arg": "<data>"
                    },
                    {
                        "name": "--data-raw <data>",
                        "lines": 9,
                        "long": "--data-raw",
                        "arg": "<data>"
                    },
                    {
                        "name": "--data-urlencode <data>",
                        "lines": 38,
                        "long": "--data-urlencode",
                        "arg": "<data>"
                    },
                    {
                        "name": "-d, --data <data>",
                        "lines": 28,
                        "flag": "-d",
                        "long": "--data",
                        "arg": "<data>"
                    },
                    {
                        "name": "--delegation <LEVEL>",
                        "lines": 17,
                        "long": "--delegation",
                        "arg": "<LEVEL>"
                    },
                    {
                        "name": "--digest",
                        "lines": 12,
                        "long": "--digest"
                    },
                    {
                        "name": "--disable-eprt",
                        "lines": 20,
                        "long": "--disable-eprt"
                    },
                    {
                        "name": "--disable-epsv",
                        "lines": 18,
                        "long": "--disable-epsv"
                    },
                    {
                        "name": "-q, --disable",
                        "lines": 9,
                        "flag": "-q",
                        "long": "--disable"
                    },
                    {
                        "name": "--disallow-username-in-url",
                        "lines": 8,
                        "long": "--disallow-username-in-url"
                    },
                    {
                        "name": "--dns-interface <interface>",
                        "lines": 10,
                        "long": "--dns-interface",
                        "arg": "<interface>"
                    },
                    {
                        "name": "--dns-ipv4-addr <address>",
                        "lines": 11,
                        "long": "--dns-ipv4-addr",
                        "arg": "<address>"
                    },
                    {
                        "name": "--dns-ipv6-addr <address>",
                        "lines": 11,
                        "long": "--dns-ipv6-addr",
                        "arg": "<address>"
                    },
                    {
                        "name": "--dns-servers <addresses>",
                        "lines": 12,
                        "long": "--dns-servers",
                        "arg": "<addresses>"
                    },
                    {
                        "name": "--doh-cert-status",
                        "lines": 7,
                        "long": "--doh-cert-status"
                    },
                    {
                        "name": "--doh-insecure",
                        "lines": 7,
                        "long": "--doh-insecure"
                    },
                    {
                        "name": "--doh-url <URL>",
                        "lines": 14,
                        "long": "--doh-url",
                        "arg": "<URL>"
                    },
                    {
                        "name": "-D, --dump-header <filename>",
                        "lines": 13,
                        "flag": "-D",
                        "long": "--dump-header",
                        "arg": "<filename>"
                    },
                    {
                        "name": "--egd-file <file>",
                        "lines": 8,
                        "long": "--egd-file",
                        "arg": "<file>"
                    },
                    {
                        "name": "--engine <name>",
                        "lines": 9,
                        "long": "--engine",
                        "arg": "<name>"
                    },
                    {
                        "name": "--etag-compare <file>",
                        "lines": 14,
                        "long": "--etag-compare",
                        "arg": "<file>"
                    },
                    {
                        "name": "--etag-save <file>",
                        "lines": 10,
                        "long": "--etag-save",
                        "arg": "<file>"
                    },
                    {
                        "name": "--expect100-timeout <seconds>",
                        "lines": 10,
                        "long": "--expect100-timeout",
                        "arg": "<seconds>"
                    },
                    {
                        "name": "--fail-early",
                        "lines": 22,
                        "long": "--fail-early"
                    },
                    {
                        "name": "--fail-with-body",
                        "lines": 13,
                        "long": "--fail-with-body"
                    },
                    {
                        "name": "-f, --fail",
                        "lines": 15,
                        "flag": "-f",
                        "long": "--fail"
                    },
                    {
                        "name": "--false-start",
                        "lines": 12,
                        "long": "--false-start"
                    },
                    {
                        "name": "--form-escape",
                        "lines": 8,
                        "long": "--form-escape"
                    },
                    {
                        "name": "--form-string <name=string>",
                        "lines": 11,
                        "long": "--form-string",
                        "arg": "<name=string>"
                    },
                    {
                        "name": "-F, --form <name=content>",
                        "lines": 122,
                        "flag": "-F",
                        "long": "--form",
                        "arg": "<name=content>"
                    },
                    {
                        "name": "--ftp-account <data>",
                        "lines": 10,
                        "long": "--ftp-account",
                        "arg": "<data>"
                    },
                    {
                        "name": "--ftp-alternative-to-user <command>",
                        "lines": 10,
                        "long": "--ftp-alternative-to-user",
                        "arg": "<command>"
                    },
                    {
                        "name": "--ftp-create-dirs",
                        "lines": 9,
                        "long": "--ftp-create-dirs"
                    },
                    {
                        "name": "--ftp-method <method>",
                        "lines": 23,
                        "long": "--ftp-method",
                        "arg": "<method>"
                    },
                    {
                        "name": "--ftp-pasv",
                        "lines": 15,
                        "long": "--ftp-pasv"
                    },
                    {
                        "name": "-P, --ftp-port <address>",
                        "lines": 34,
                        "flag": "-P",
                        "long": "--ftp-port",
                        "arg": "<address>"
                    },
                    {
                        "name": "--ftp-pret",
                        "lines": 9,
                        "long": "--ftp-pret"
                    },
                    {
                        "name": "--ftp-skip-pasv-ip",
                        "lines": 13,
                        "long": "--ftp-skip-pasv-ip"
                    },
                    {
                        "name": "--ftp-ssl-ccc-mode <active/passive>",
                        "lines": 9,
                        "long": "--ftp-ssl-ccc-mode",
                        "arg": "<active/passive>"
                    },
                    {
                        "name": "--ftp-ssl-ccc",
                        "lines": 9,
                        "long": "--ftp-ssl-ccc"
                    },
                    {
                        "name": "--ftp-ssl-control",
                        "lines": 9,
                        "long": "--ftp-ssl-control"
                    },
                    {
                        "name": "-G, --get",
                        "lines": 18,
                        "flag": "-G",
                        "long": "--get"
                    },
                    {
                        "name": "-g, --globoff",
                        "lines": 10,
                        "flag": "-g",
                        "long": "--globoff"
                    },
                    {
                        "name": "--happy-eyeballs-timeout-ms <milliseconds>",
                        "lines": 18,
                        "long": "--happy-eyeballs-timeout-ms",
                        "arg": "<milliseconds>"
                    },
                    {
                        "name": "--haproxy-protocol",
                        "lines": 12,
                        "long": "--haproxy-protocol"
                    },
                    {
                        "name": "-I, --head",
                        "lines": 9,
                        "flag": "-I",
                        "long": "--head"
                    },
                    {
                        "name": "-H, --header <header/@file>",
                        "lines": 38,
                        "flag": "-H",
                        "long": "--header",
                        "arg": "<header/@file>"
                    },
                    {
                        "name": "-h, --help <category>",
                        "lines": 10,
                        "flag": "-h",
                        "long": "--help",
                        "arg": "<category>"
                    },
                    {
                        "name": "--hostpubmd5 <md5>",
                        "lines": 9,
                        "long": "--hostpubmd5",
                        "arg": "<md5>"
                    },
                    {
                        "name": "--hostpubsha256 <sha256>",
                        "lines": 8,
                        "long": "--hostpubsha256",
                        "arg": "<sha256>"
                    },
                    {
                        "name": "--hsts <file name>",
                        "lines": 47,
                        "long": "--hsts"
                    },
                    {
                        "name": "--http2-prior-knowledge",
                        "lines": 12,
                        "long": "--http2-prior-knowledge"
                    },
                    {
                        "name": "--http2",
                        "lines": 15,
                        "long": "--http2"
                    },
                    {
                        "name": "--http3",
                        "lines": 17,
                        "long": "--http3"
                    },
                    {
                        "name": "--ignore-content-length",
                        "lines": 14,
                        "long": "--ignore-content-length"
                    },
                    {
                        "name": "-i, --include",
                        "lines": 10,
                        "flag": "-i",
                        "long": "--include"
                    },
                    {
                        "name": "-k, --insecure",
                        "lines": 21,
                        "flag": "-k",
                        "long": "--insecure"
                    },
                    {
                        "name": "--interface <name>",
                        "lines": 34,
                        "long": "--interface",
                        "arg": "<name>"
                    },
                    {
                        "name": "-j, --junk-session-cookies",
                        "lines": 10,
                        "flag": "-j",
                        "long": "--junk-session-cookies"
                    },
                    {
                        "name": "--keepalive-time <seconds>",
                        "lines": 14,
                        "long": "--keepalive-time",
                        "arg": "<seconds>"
                    },
                    {
                        "name": "--key-type <type>",
                        "lines": 10,
                        "long": "--key-type",
                        "arg": "<type>"
                    },
                    {
                        "name": "--key <key>",
                        "lines": 17,
                        "long": "--key",
                        "arg": "<key>"
                    },
                    {
                        "name": "--krb <level>",
                        "lines": 12,
                        "long": "--krb",
                        "arg": "<level>"
                    },
                    {
                        "name": "--libcurl <file>",
                        "lines": 13,
                        "long": "--libcurl",
                        "arg": "<file>"
                    },
                    {
                        "name": "--limit-rate <speed>",
                        "lines": 26,
                        "long": "--limit-rate",
                        "arg": "<speed>"
                    },
                    {
                        "name": "-l, --list-only",
                        "lines": 22,
                        "flag": "-l",
                        "long": "--list-only"
                    },
                    {
                        "name": "--local-port <num/range>",
                        "lines": 10,
                        "long": "--local-port",
                        "arg": "<num/range>"
                    },
                    {
                        "name": "--location-trusted",
                        "lines": 10,
                        "long": "--location-trusted"
                    },
                    {
                        "name": "-L, --location",
                        "lines": 25,
                        "flag": "-L",
                        "long": "--location"
                    },
                    {
                        "name": "--login-options <options>",
                        "lines": 14,
                        "long": "--login-options",
                        "arg": "<options>"
                    },
                    {
                        "name": "--mail-auth <address>",
                        "lines": 8,
                        "long": "--mail-auth",
                        "arg": "<address>"
                    },
                    {
                        "name": "--mail-from <address>",
                        "lines": 7,
                        "long": "--mail-from",
                        "arg": "<address>"
                    },
                    {
                        "name": "--mail-rcpt-allowfails",
                        "lines": 16,
                        "long": "--mail-rcpt-allowfails"
                    },
                    {
                        "name": "--mail-rcpt <address>",
                        "lines": 16,
                        "long": "--mail-rcpt",
                        "arg": "<address>"
                    },
                    {
                        "name": "-M, --manual",
                        "lines": 7,
                        "flag": "-M",
                        "long": "--manual"
                    },
                    {
                        "name": "--max-filesize <bytes>",
                        "lines": 15,
                        "long": "--max-filesize",
                        "arg": "<bytes>"
                    },
                    {
                        "name": "--max-redirs <num>",
                        "lines": 11,
                        "long": "--max-redirs",
                        "arg": "<num>"
                    },
                    {
                        "name": "-m, --max-time <fractional seconds>",
                        "lines": 13,
                        "flag": "-m",
                        "long": "--max-time"
                    },
                    {
                        "name": "--metalink",
                        "lines": 8,
                        "long": "--metalink"
                    },
                    {
                        "name": "--negotiate",
                        "lines": 16,
                        "long": "--negotiate"
                    },
                    {
                        "name": "--netrc-file <filename>",
                        "lines": 12,
                        "long": "--netrc-file",
                        "arg": "<filename>"
                    },
                    {
                        "name": "--netrc-optional",
                        "lines": 8,
                        "long": "--netrc-optional"
                    },
                    {
                        "name": "-n, --netrc",
                        "lines": 39,
                        "flag": "-n",
                        "long": "--netrc"
                    },
                    {
                        "name": "--no-alpn",
                        "lines": 10,
                        "long": "--no-alpn"
                    },
                    {
                        "name": "-N, --no-buffer",
                        "lines": 13,
                        "flag": "-N",
                        "long": "--no-buffer"
                    },
                    {
                        "name": "--no-keepalive",
                        "lines": 11,
                        "long": "--no-keepalive"
                    },
                    {
                        "name": "--no-npn",
                        "lines": 10,
                        "long": "--no-npn"
                    },
                    {
                        "name": "--no-progress-meter",
                        "lines": 11,
                        "long": "--no-progress-meter"
                    },
                    {
                        "name": "--no-sessionid",
                        "lines": 13,
                        "long": "--no-sessionid"
                    },
                    {
                        "name": "--noproxy <no-proxy-list>",
                        "lines": 15,
                        "long": "--noproxy",
                        "arg": "<no-proxy-list>"
                    },
                    {
                        "name": "--ntlm-wb",
                        "lines": 24,
                        "long": "--ntlm-wb"
                    },
                    {
                        "name": "--oauth2-bearer <token>",
                        "lines": 13,
                        "long": "--oauth2-bearer",
                        "arg": "<token>"
                    },
                    {
                        "name": "--output-dir <dir>",
                        "lines": 16,
                        "long": "--output-dir",
                        "arg": "<dir>"
                    },
                    {
                        "name": "-o, --output <file>",
                        "lines": 40,
                        "flag": "-o",
                        "long": "--output",
                        "arg": "<file>"
                    },
                    {
                        "name": "--parallel-immediate",
                        "lines": 11,
                        "long": "--parallel-immediate"
                    },
                    {
                        "name": "--parallel-max <num>",
                        "lines": 12,
                        "long": "--parallel-max",
                        "arg": "<num>"
                    },
                    {
                        "name": "-Z, --parallel",
                        "lines": 9,
                        "flag": "-Z",
                        "long": "--parallel"
                    },
                    {
                        "name": "--pass <phrase>",
                        "lines": 9,
                        "long": "--pass",
                        "arg": "<phrase>"
                    },
                    {
                        "name": "--path-as-is",
                        "lines": 9,
                        "long": "--path-as-is"
                    },
                    {
                        "name": "--pinnedpubkey <hashes>",
                        "lines": 34,
                        "long": "--pinnedpubkey",
                        "arg": "<hashes>"
                    },
                    {
                        "name": "--post301",
                        "lines": 11,
                        "long": "--post301"
                    },
                    {
                        "name": "--post302",
                        "lines": 11,
                        "long": "--post302"
                    },
                    {
                        "name": "--post303",
                        "lines": 48,
                        "long": "--post303"
                    },
                    {
                        "name": "--proto-default <protocol>",
                        "lines": 14,
                        "long": "--proto-default",
                        "arg": "<protocol>"
                    },
                    {
                        "name": "--proto-redir <protocols>",
                        "lines": 16,
                        "long": "--proto-redir",
                        "arg": "<protocols>"
                    },
                    {
                        "name": "--proto <protocols>",
                        "lines": 34,
                        "long": "--proto",
                        "arg": "<protocols>"
                    },
                    {
                        "name": "--proxy-anyauth",
                        "lines": 8,
                        "long": "--proxy-anyauth"
                    },
                    {
                        "name": "--proxy-basic",
                        "lines": 9,
                        "long": "--proxy-basic"
                    },
                    {
                        "name": "--proxy-cacert <file>",
                        "lines": 7,
                        "long": "--proxy-cacert",
                        "arg": "<file>"
                    },
                    {
                        "name": "--proxy-capath <dir>",
                        "lines": 7,
                        "long": "--proxy-capath",
                        "arg": "<dir>"
                    },
                    {
                        "name": "--proxy-cert-type <type>",
                        "lines": 15,
                        "long": "--proxy-cert-type",
                        "arg": "<type>"
                    },
                    {
                        "name": "--proxy-ciphers <list>",
                        "lines": 7,
                        "long": "--proxy-ciphers",
                        "arg": "<list>"
                    },
                    {
                        "name": "--proxy-crlfile <file>",
                        "lines": 7,
                        "long": "--proxy-crlfile",
                        "arg": "<file>"
                    },
                    {
                        "name": "--proxy-digest",
                        "lines": 8,
                        "long": "--proxy-digest"
                    },
                    {
                        "name": "--proxy-header <header/@file>",
                        "lines": 25,
                        "long": "--proxy-header",
                        "arg": "<header/@file>"
                    },
                    {
                        "name": "--proxy-insecure",
                        "lines": 7,
                        "long": "--proxy-insecure"
                    },
                    {
                        "name": "--proxy-key-type <type>",
                        "lines": 7,
                        "long": "--proxy-key-type",
                        "arg": "<type>"
                    },
                    {
                        "name": "--proxy-key <key>",
                        "lines": 7,
                        "long": "--proxy-key",
                        "arg": "<key>"
                    },
                    {
                        "name": "--proxy-negotiate",
                        "lines": 8,
                        "long": "--proxy-negotiate"
                    },
                    {
                        "name": "--proxy-ntlm",
                        "lines": 8,
                        "long": "--proxy-ntlm"
                    },
                    {
                        "name": "--proxy-pass <phrase>",
                        "lines": 7,
                        "long": "--proxy-pass",
                        "arg": "<phrase>"
                    },
                    {
                        "name": "--proxy-pinnedpubkey <hashes>",
                        "lines": 18,
                        "long": "--proxy-pinnedpubkey",
                        "arg": "<hashes>"
                    },
                    {
                        "name": "--proxy-service-name <name>",
                        "lines": 7,
                        "long": "--proxy-service-name",
                        "arg": "<name>"
                    },
                    {
                        "name": "--proxy-ssl-allow-beast",
                        "lines": 7,
                        "long": "--proxy-ssl-allow-beast"
                    },
                    {
                        "name": "--proxy-ssl-auto-client-cert",
                        "lines": 7,
                        "long": "--proxy-ssl-auto-client-cert"
                    },
                    {
                        "name": "--proxy-tls13-ciphers <ciphersuite list>",
                        "lines": 17,
                        "long": "--proxy-tls13-ciphers"
                    },
                    {
                        "name": "--proxy-tlsauthtype <type>",
                        "lines": 7,
                        "long": "--proxy-tlsauthtype",
                        "arg": "<type>"
                    },
                    {
                        "name": "--proxy-tlspassword <string>",
                        "lines": 7,
                        "long": "--proxy-tlspassword",
                        "arg": "<string>"
                    },
                    {
                        "name": "--proxy-tlsuser <name>",
                        "lines": 7,
                        "long": "--proxy-tlsuser",
                        "arg": "<name>"
                    },
                    {
                        "name": "--proxy-tlsv1",
                        "lines": 7,
                        "long": "--proxy-tlsv1"
                    },
                    {
                        "name": "-U, --proxy-user <user:password>",
                        "lines": 71,
                        "flag": "-U",
                        "long": "--proxy-user",
                        "arg": "<user:password>"
                    },
                    {
                        "name": "-p, --proxytunnel",
                        "lines": 13,
                        "flag": "-p",
                        "long": "--proxytunnel"
                    },
                    {
                        "name": "--pubkey <key>",
                        "lines": 15,
                        "long": "--pubkey",
                        "arg": "<key>"
                    },
                    {
                        "name": "-Q, --quote <command>",
                        "lines": 72,
                        "flag": "-Q",
                        "long": "--quote",
                        "arg": "<command>"
                    },
                    {
                        "name": "--random-file <file>",
                        "lines": 9,
                        "long": "--random-file",
                        "arg": "<file>"
                    },
                    {
                        "name": "-r, --range <range>",
                        "lines": 45,
                        "flag": "-r",
                        "long": "--range",
                        "arg": "<range>"
                    },
                    {
                        "name": "-e, --referer <URL>",
                        "lines": 15,
                        "flag": "-e",
                        "long": "--referer",
                        "arg": "<URL>"
                    },
                    {
                        "name": "-J, --remote-header-name",
                        "lines": 19,
                        "flag": "-J",
                        "long": "--remote-header-name"
                    },
                    {
                        "name": "--remote-name-all",
                        "lines": 9,
                        "long": "--remote-name-all"
                    },
                    {
                        "name": "-O, --remote-name",
                        "lines": 23,
                        "flag": "-O",
                        "long": "--remote-name"
                    },
                    {
                        "name": "-R, --remote-time",
                        "lines": 8,
                        "flag": "-R",
                        "long": "--remote-time"
                    },
                    {
                        "name": "--request-target <path>",
                        "lines": 10,
                        "long": "--request-target",
                        "arg": "<path>"
                    },
                    {
                        "name": "-X, --request <method>",
                        "lines": 71,
                        "flag": "-X",
                        "long": "--request",
                        "arg": "<method>"
                    },
                    {
                        "name": "--retry-all-errors",
                        "lines": 27,
                        "long": "--retry-all-errors"
                    },
                    {
                        "name": "--retry-connrefused",
                        "lines": 8,
                        "long": "--retry-connrefused"
                    },
                    {
                        "name": "--retry-delay <seconds>",
                        "lines": 12,
                        "long": "--retry-delay",
                        "arg": "<seconds>"
                    },
                    {
                        "name": "--retry-max-time <seconds>",
                        "lines": 13,
                        "long": "--retry-max-time",
                        "arg": "<seconds>"
                    },
                    {
                        "name": "--retry <num>",
                        "lines": 21,
                        "long": "--retry",
                        "arg": "<num>"
                    },
                    {
                        "name": "--sasl-authzid <identity>",
                        "lines": 13,
                        "long": "--sasl-authzid",
                        "arg": "<identity>"
                    },
                    {
                        "name": "--sasl-ir",
                        "lines": 7,
                        "long": "--sasl-ir"
                    },
                    {
                        "name": "--service-name <name>",
                        "lines": 9,
                        "long": "--service-name",
                        "arg": "<name>"
                    },
                    {
                        "name": "-S, --show-error",
                        "lines": 9,
                        "flag": "-S",
                        "long": "--show-error"
                    },
                    {
                        "name": "-s, --silent",
                        "lines": 53,
                        "flag": "-s",
                        "long": "--silent"
                    },
                    {
                        "name": "--socks5-basic",
                        "lines": 9,
                        "long": "--socks5-basic"
                    },
                    {
                        "name": "--socks5-gssapi-nec",
                        "lines": 10,
                        "long": "--socks5-gssapi-nec"
                    },
                    {
                        "name": "--socks5-gssapi-service <name>",
                        "lines": 12,
                        "long": "--socks5-gssapi-service",
                        "arg": "<name>"
                    },
                    {
                        "name": "--socks5-gssapi",
                        "lines": 51,
                        "long": "--socks5-gssapi"
                    },
                    {
                        "name": "-Y, --speed-limit <speed>",
                        "lines": 10,
                        "flag": "-Y",
                        "long": "--speed-limit",
                        "arg": "<speed>"
                    },
                    {
                        "name": "-y, --speed-time <seconds>",
                        "lines": 14,
                        "flag": "-y",
                        "long": "--speed-time",
                        "arg": "<seconds>"
                    },
                    {
                        "name": "--ssl-allow-beast",
                        "lines": 12,
                        "long": "--ssl-allow-beast"
                    },
                    {
                        "name": "--ssl-auto-client-cert",
                        "lines": 11,
                        "long": "--ssl-auto-client-cert"
                    },
                    {
                        "name": "--ssl-no-revoke",
                        "lines": 8,
                        "long": "--ssl-no-revoke"
                    },
                    {
                        "name": "--ssl-reqd",
                        "lines": 13,
                        "long": "--ssl-reqd"
                    },
                    {
                        "name": "--ssl-revoke-best-effort",
                        "lines": 48,
                        "long": "--ssl-revoke-best-effort"
                    },
                    {
                        "name": "--stderr <file>",
                        "lines": 12,
                        "long": "--stderr",
                        "arg": "<file>"
                    },
                    {
                        "name": "--styled-output",
                        "lines": 10,
                        "long": "--styled-output"
                    },
                    {
                        "name": "--suppress-connect-headers",
                        "lines": 10,
                        "long": "--suppress-connect-headers"
                    },
                    {
                        "name": "--tcp-fastopen",
                        "lines": 7,
                        "long": "--tcp-fastopen"
                    },
                    {
                        "name": "--tcp-nodelay",
                        "lines": 11,
                        "long": "--tcp-nodelay"
                    },
                    {
                        "name": "-t, --telnet-option <opt=val>",
                        "lines": 13,
                        "flag": "-t",
                        "long": "--telnet-option",
                        "arg": "<opt=val>"
                    },
                    {
                        "name": "--tftp-blksize <value>",
                        "lines": 11,
                        "long": "--tftp-blksize",
                        "arg": "<value>"
                    },
                    {
                        "name": "--tftp-no-options",
                        "lines": 10,
                        "long": "--tftp-no-options"
                    },
                    {
                        "name": "-z, --time-cond <time>",
                        "lines": 19,
                        "flag": "-z",
                        "long": "--time-cond",
                        "arg": "<time>"
                    },
                    {
                        "name": "--tls-max <VERSION>",
                        "lines": 25,
                        "long": "--tls-max",
                        "arg": "<VERSION>"
                    },
                    {
                        "name": "--tls13-ciphers <ciphersuite list>",
                        "lines": 17,
                        "long": "--tls13-ciphers"
                    },
                    {
                        "name": "--tlsauthtype <type>",
                        "lines": 10,
                        "long": "--tlsauthtype",
                        "arg": "<type>"
                    },
                    {
                        "name": "--tlspassword <string>",
                        "lines": 10,
                        "long": "--tlspassword",
                        "arg": "<string>"
                    },
                    {
                        "name": "--tlsuser <name>",
                        "lines": 73,
                        "long": "--tlsuser",
                        "arg": "<name>"
                    },
                    {
                        "name": "--tr-encoding",
                        "lines": 8,
                        "long": "--tr-encoding"
                    },
                    {
                        "name": "--trace-ascii <file>",
                        "lines": 17,
                        "long": "--trace-ascii",
                        "arg": "<file>"
                    },
                    {
                        "name": "--trace-time",
                        "lines": 9,
                        "long": "--trace-time"
                    },
                    {
                        "name": "--trace <file>",
                        "lines": 14,
                        "long": "--trace",
                        "arg": "<file>"
                    },
                    {
                        "name": "--unix-socket <path>",
                        "lines": 7,
                        "long": "--unix-socket",
                        "arg": "<path>"
                    },
                    {
                        "name": "-T, --upload-file <file>",
                        "lines": 28,
                        "flag": "-T",
                        "long": "--upload-file",
                        "arg": "<file>"
                    },
                    {
                        "name": "--url <url>",
                        "lines": 20,
                        "long": "--url",
                        "arg": "<url>"
                    },
                    {
                        "name": "-B, --use-ascii",
                        "lines": 9,
                        "flag": "-B",
                        "long": "--use-ascii"
                    },
                    {
                        "name": "-A, --user-agent <name>",
                        "lines": 15,
                        "flag": "-A",
                        "long": "--user-agent",
                        "arg": "<name>"
                    },
                    {
                        "name": "-u, --user <user:password>",
                        "lines": 35,
                        "flag": "-u",
                        "long": "--user",
                        "arg": "<user:password>"
                    },
                    {
                        "name": "-v, --verbose",
                        "lines": 20,
                        "flag": "-v",
                        "long": "--verbose"
                    },
                    {
                        "name": "-V, --version",
                        "lines": 91,
                        "flag": "-V",
                        "long": "--version"
                    },
                    {
                        "name": "-w, --write-out <format>",
                        "lines": 153,
                        "flag": "-w",
                        "long": "--write-out",
                        "arg": "<format>"
                    },
                    {
                        "name": "--xattr",
                        "lines": 10,
                        "long": "--xattr"
                    }
                ]
            },
            {
                "name": "FILES",
                "lines": 3,
                "subsections": []
            },
            {
                "name": "ENVIRONMENT",
                "lines": 95,
                "subsections": []
            },
            {
                "name": "PROXY PROTOCOL PREFIXES",
                "lines": 26,
                "subsections": []
            },
            {
                "name": "EXIT CODES",
                "lines": 193,
                "subsections": []
            },
            {
                "name": "BUGS",
                "lines": 3,
                "subsections": []
            },
            {
                "name": "AUTHORS / CONTRIBUTORS",
                "lines": 3,
                "subsections": []
            },
            {
                "name": "WWW",
                "lines": 2,
                "subsections": []
            },
            {
                "name": "SEE ALSO",
                "lines": 5,
                "subsections": []
            }
        ]
    }
}