Transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). The command is designed to work without user interaction.

CURL was added to Windows 10 (1903) from build 17063 or later.

      curl [options...] url

These options are 'Case Sensitive' which is typical for Unix utilities but unusual for Microsoft Windows.

     --abstract-unix-socket path Connect via abstract Unix domain socket
     --anyauth       Pick any authentication method
 -a, --append        Append to target file when uploading
     --basic         Use HTTP Basic Authentication
 -A, --user-agent name  Send User-Agent name to server
     --cacert CA certificate CA certificate to verify peer against
     --capath dir    CA directory to verify peer against
 -B, --use-ascii     Use ASCII/text transfer
 -E, --cert certificate[:password] Client certificate file and password
     --cert-status   Verify the status of the server certificate
     --cert-type type Certificate file type (DER/PEM/ENG)
     --ciphers  SSL ciphers to use
     --compressed    Request compressed response
 -K, --config file   Read config from a file
     --connect-timeout seconds  Maximum time allowed for connection
     --connect-to HOST1:PORT1:HOST2:PORT2  Connect to host
 -C, --continue-at offset  Resumed transfer offset
 -b, --cookie data   Send cookies from string/file
 -c, --cookie-jar filename  Write cookies to filename after operation
     --create-dirs   Create necessary local directory hierarchy
     --crlf          Convert LF to CRLF in upload
     --crlfile file    Get a CRL list in PEM format from the given file
 -d, --data data       HTTP POST data
     --data-ascii data HTTP POST ASCII data
     --data-binary data HTTP POST binary data
     --data-raw data   HTTP POST data, '@' allowed
     --data-urlencode data  HTTP POST data url encoded
     --delegation LEVEL   GSS-API delegation permission
     --digest        Use HTTP Digest Authentication
 -q, --disable       Disable .curlrc
     --disable-eprt  Inhibit using EPRT or LPRT
     --disable-epsv  Inhibit using EPSV
     --dns-interface interface Interface to use for DNS requests
     --dns-ipv4-addr address   IPv4 address to use for DNS requests
     --dns-ipv6-addr address   IPv6 address to use for DNS requests
     --dns-servers addresses   DNS server addrs to use
 -D, --dump-header filename    Write the received headers to filename
     --egd-file file   EGD socket path for random data
     --engine name   Crypto engine to use
     --expect100-timeout seconds  How long to wait for 100-continue
 -f, --fail          Fail silently (no output at all) on HTTP errors
     --fail-early    Fail on first transfer error, do not continue
     --false-start   Enable TLS False Start
 -F, --form name=content  Specify HTTP multipart POST data
     --form-string name=string  Specify HTTP multipart POST data
     --ftp-account data  Account data string
     --ftp-alternative-to-user command  String to replace USER [name]
     --ftp-create-dirs  Create the remote dirs if not present
     --ftp-method method  Control CWD usage
     --ftp-pasv         Use PASV/EPSV instead of PORT
 -P, --ftp-port address  Use PORT instead of PASV
     --ftp-pret         Send PRET before PASV
     --ftp-skip-pasv-ip  Skip the IP address for PASV
     --ftp-ssl-ccc      Send CCC after authenticating
     --ftp-ssl-ccc-mode active/passive  Set CCC mode
     --ftp-ssl-control  Require SSL/TLS for FTP login, clear for transfer
 -G, --get              Put the post data in the URL and use GET
 -g, --globoff       Disable URL sequences and ranges using {} and []
 -I, --head          Show document info only
 -H, --header header/@file Pass custom header(s) to server
 -h, --help          This help text
     --hostpubmd5 md5  Acceptable MD5 hash of the host public key
 -0, --http1.0       Use HTTP 1.0
     --http1.1       Use HTTP 1.1
     --http2         Use HTTP 2
     --http2-prior-knowledge  Use HTTP 2 without HTTP/1.1 Upgrade
     --ignore-content-length  Ignore the size of the remote resource
 -i, --include       Include protocol response headers in the output
 -k, --insecure      Allow insecure server connections when using SSL
     --interface name  Use network INTERFACE (or address)
 -4, --ipv4          Resolve names to IPv4 addresses
 -6, --ipv6          Resolve names to IPv6 addresses
 -j, --junk-session-cookies  Ignore session cookies read from file
     --keepalive-time seconds Interval time for keepalive probes
     --key key      Private key file name
     --key-type type  Private key file type (DER/PEM/ENG)
     --krb level    Enable Kerberos with security level
     --libcurl file  Dump libcurl equivalent code of this command line
     --limit-rate speed  Limit transfer speed to RATE
 -l, --list-only     List only mode
     --local-port num/range  Force use of RANGE for local port numbers
 -L, --location      Follow redirects
     --location-trusted  Like --location, and send auth to other hosts
     --login-options options  Server login options
     --mail-auth address  Originator address of the original email
     --mail-from address  Mail from this address
     --mail-rcpt address  Mail from this address
 -M, --manual         Display the full manual
     --max-filesize bytes  Maximum file size to download
     --max-redirs num  Maximum number of redirects allowed
 -m, --max-time time   Maximum time allowed for the transfer
     --metalink        Process given URLs as metalink XML file
     --negotiate       Use HTTP Negotiate (SPNEGO) authentication
 -n, --netrc           Must read .netrc for user name and password
     --netrc-file filename  Specify FILE for netrc
     --netrc-optional Use either .netrc or URL
 -:, --next           Make next URL use its separate set of options
     --no-alpn        Disable the ALPN TLS extension
 -N, --no-buffer      Disable buffering of the output stream
     --no-keepalive   Disable TCP keepalive on the connection
     --no-npn         Disable the NPN TLS extension
     --no-sessionid   Disable SSL session-ID reusing
     --noproxy no-proxy-list  List of hosts which do not use proxy
     --ntlm          Use HTTP NTLM authentication
     --ntlm-wb       Use HTTP NTLM authentication with winbind
     --oauth2-bearer token  OAuth 2 Bearer Token
 -o, --output file   Write to file instead of stdout
     --pass phrase   Pass phrase for the private key
     --path-as-is    Do not squash .. sequences in URL path
     --pinnedpubkey hashes FILE/HASHES  Public key to verify peer against
     --post301       Do not switch to GET after following a 301
     --post302       Do not switch to GET after following a 302
     --post303       Do not switch to GET after following a 303
     --preproxy [protocol://]host[:port]  Use this proxy first
 -#, --progress-bar  Display transfer progress as a bar
     --proto protocols  Enable/disable PROTOCOLS
     --proto-default protocol  Use PROTOCOL for any URL missing a scheme
     --proto-redir protocols  Enable/disable PROTOCOLS on redirect
 -x, --proxy [protocol://]host[:port]  Use this proxy
     --proxy-anyauth      Pick any proxy authentication method
     --proxy-basic        Use Basic authentication on the proxy
     --proxy-cacert file  CA certificate to verify peer against for proxy
     --proxy-capath dir   CA directory to verify peer against for proxy
     --proxy-cert cert[:passwd]  Set client certificate for proxy
     --proxy-cert-type type  Client certificate type for HTTS proxy
     --proxy-ciphers list  SSL ciphers to use for proxy
     --proxy-crlfile file  Set a CRL list for proxy
     --proxy-digest        Use Digest authentication on the proxy
     --proxy-header header/@file  Pass custom header(s) to proxy
     --proxy-insecure      Do HTTPS proxy connections without verifying the proxy
     --proxy-key key       Private key for HTTPS proxy
     --proxy-key-type type Private key file type for proxy
     --proxy-negotiate     Use HTTP Negotiate (SPNEGO) authentication on the proxy
     --proxy-ntlm          Use NTLM authentication on the proxy
     --proxy-pass phrase   Pass phrase for the private key for HTTPS proxy
     --proxy-service-name name  SPNEGO proxy service name
     --proxy-ssl-allow-beast  Allow security flaw for interop for HTTPS proxy
     --proxy-tlsauthtype type  TLS authentication type for HTTPS proxy
     --proxy-tlspassword string  TLS password for HTTPS proxy
     --proxy-tlsuser name  TLS username for HTTPS proxy
     --proxy-tlsv1       Use TLSv1 for HTTPS proxy
 -U, --proxy-user user:password  Proxy user and password
     --proxy1.0 host[:port]  Use HTTP/1.0 proxy on given port
 -p, --proxytunnel       Operate through a HTTP proxy tunnel (using CONNECT)
     --pubkey key        SSH Public key file name
 -Q, --quote             Send command(s) to server before transfer
     --random-file file  File for reading random data from
 -r, --range range       Retrieve only the bytes within RANGE
     --raw               Do HTTP "raw"; no transfer decoding
 -e, --referer URL       Referrer URL
 -J, --remote-header-name  Use the header-provided filename
 -O, --remote-name       Write output to a file named as the remote file
     --remote-name-all   Use the remote file name for all URLs
 -R, --remote-time       Set the remote file's time on the local output
 -X, --request command   Specify request command to use
     --request-target    Specify the target for this request
     --resolve host:port:address  Resolve the host+port to this address
     --retry num         Retry request if transient problems occur
     --retry-connrefused Retry on connection refused (use with --retry)
     --retry-delay seconds  Wait time between retries
     --retry-max-time seconds  Retry only within this period
     --sasl-ir           Enable initial response in SASL authentication
     --service-name name  SPNEGO service name
 -S, --show-error        Show error even when -s is used
 -s, --silent            Silent mode
     --socks4 host[:port]  SOCKS4 proxy on given host + port
     --socks4a host[:port] SOCKS4a proxy on given host + port
     --socks5 host[:port]  SOCKS5 proxy on given host + port
     --socks5-basic       Enable username/password auth for SOCKS5 proxies
     --socks5-gssapi      Enable GSS-API auth for SOCKS5 proxies
     --socks5-gssapi-nec  Compatibility with NEC SOCKS5 server
     --socks5-gssapi-service name  SOCKS5 proxy service name for GSS-API
     --socks5-hostname host[:port]  SOCKS5 proxy, pass host name to proxy
 -Y, --speed-limit speed  Stop transfers slower than this
 -y, --speed-time seconds Trigger 'speed-limit' abort after this time
     --ssl                Try SSL/TLS
     --ssl-allow-beast    Allow security flaw to improve interop
     --ssl-no-revoke   Disable cert revocation checks (WinSSL)
     --ssl-reqd        Require SSL/TLS
 -2, --sslv2           Use SSLv2
 -3, --sslv3           Use SSLv3
     --stderr          Where to redirect stderr
     --suppress-connect-headers  Suppress proxy CONNECT response headers
     --tcp-fastopen    Use TCP Fast Open
     --tcp-nodelay     Use the TCP_NODELAY option
 -t, --telnet-option opt=val  Set telnet option
     --tftp-blksize value     Set TFTP BLKSIZE option
     --tftp-no-options   Do not send any TFTP options
 -z, --time-cond time    Transfer based on a time condition
     --tls-max VERSION   Use TLSv1.0 or greater
     --tlsauthtype type  TLS authentication type
     --tlspassword       TLS password
     --tlsuser name      TLS user name
 -1, --tlsv1         Use TLSv1.0 or greater
     --tlsv1.0       Use TLSv1.0
     --tlsv1.1       Use TLSv1.1
     --tlsv1.2       Use TLSv1.2
     --tlsv1.3       Use TLSv1.3
     --tr-encoding   Request compressed transfer encoding
     --trace file    Write a debug trace to FILE
     --trace-ascii file  Like --trace, but without hex output
     --trace-time    Add time stamps to trace/verbose output
     --unix-socket path  Connect through this Unix domain socket
 -T, --upload-file file  Transfer local FILE to destination
     --url url       URL to work with
 -B, --use-ascii     Use ASCII/text transfer
 -u, --user user:password  Server user and password
 -A, --user-agent name  Send User-Agent name to server
 -v, --verbose       Make the operation more talkative
 -V, --version       Show version number and quit
 -w, --write-out format  Use output FORMAT after completion
     --xattr         Store metadata in extended file attributes

curl is a powerful tool, please use it responsibly.


The domain is used for these examples, it contains simple demonstration text and allows both HTTP and HTTPS connections.

Retrieve a web page, display the status code and all the raw content of the page:

C:\> curl
StatusCode        : 200
StatusDescription : OK
Content           : <!doctype html>

Retrieve a web page, display the status code and header information only:

C:\> curl -I
HTTP /1.1 200 OK
Content-Encoding: gzip

Retrieve a web page, passing a specific User-Agent HTTP header (some websites use this to sniff the browser used):

C:\> curl -A "Mozilla FireFox(72.0)"

Download the home page of as a file (testing.html):

C:\> curl -o C:\demo\testing.html

Retrieve a file listing from an FTP server (null password):

C:\> curl

“Let us curl, my lady. Let us throw and sweep between until the heavens themselves droop their jaws in wonder and envy” - Homer Simpson (Boy Meets Curl)

Related commands

FTP - File Transfer Protocol.
SSH - OpenSSH remote login client.

Copyright © 1999-2023
Some rights reserved