.\" ************************************************************************** .\" * _ _ ____ _ .\" * Project ___| | | | _ \| | .\" * / __| | | | |_) | | .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * .\" * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms .\" * are also available at https://curl.haxx.se/docs/copyright.html. .\" * .\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell .\" * copies of the Software, and permit persons to whom the Software is .\" * furnished to do so, under the terms of the COPYING file. .\" * .\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY .\" * KIND, either express or implied. .\" * .\" ************************************************************************** .\" .TH CURLOPT_HTTPHEADER 3 "September 16, 2020" "libcurl 7.73.0" "curl_easy_setopt options" .SH NAME CURLOPT_HTTPHEADER \- set custom HTTP headers .SH SYNOPSIS #include CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPHEADER, struct curl_slist *headers); .SH DESCRIPTION Pass a pointer to a linked list of HTTP headers to pass to the server and/or proxy in your HTTP request. The same list can be used for both host and proxy requests! The linked list should be a fully valid list of \fBstruct curl_slist\fP structs properly filled in. Use \fIcurl_slist_append(3)\fP to create the list and \fIcurl_slist_free_all(3)\fP to clean up an entire list. If you add a header that is otherwise generated and used by libcurl internally, your added one will be used instead. If you add a header with no content as in 'Accept:' (no data on the right side of the colon), the internally used header will get disabled. With this option you can add new headers, replace internal headers and remove internal headers. To add a header with no content (nothing to the right side of the colon), use the form 'MyHeader;' (note the ending semicolon). The headers included in the linked list \fBmust not\fP be CRLF-terminated, because libcurl adds CRLF after each header item. Failure to comply with this will result in strange bugs because the server will most likely ignore part of the headers you specified. The first line in a request (containing the method, usually a GET or POST) is not a header and cannot be replaced using this option. Only the lines following the request-line are headers. Adding this method line in this list of headers will only cause your request to send an invalid header. Use \fICURLOPT_CUSTOMREQUEST(3)\fP to change the method. When this option is passed to \fIcurl_easy_setopt(3)\fP, libcurl will not copy the entire list so you \fBmust\fP keep it around until you no longer use this \fIhandle\fP for a transfer before you call \fIcurl_slist_free_all(3)\fP on the list. Pass a NULL to this option to reset back to no custom headers. The most commonly replaced headers have "shortcuts" in the options \fICURLOPT_COOKIE(3)\fP, \fICURLOPT_USERAGENT(3)\fP and \fICURLOPT_REFERER(3)\fP. We recommend using those. There's an alternative option that sets or replaces headers only for requests that are sent with CONNECT to a proxy: \fICURLOPT_PROXYHEADER(3)\fP. Use \fICURLOPT_HEADEROPT(3)\fP to control the behavior. .SH SECURITY CONCERNS By default, this option makes libcurl send the given headers in all HTTP requests done by this handle. You should therefore use this option with caution if you for example connect to the remote site using a proxy and a CONNECT request, you should to consider if that proxy is supposed to also get the headers. They may be private or otherwise sensitive to leak. Use \fICURLOPT_HEADEROPT(3)\fP to make the headers only get sent to where you intend them to get sent. Custom headers are sent in all requests done by the easy handles, which implies that if you tell libcurl to follow redirects (\fICURLOPT_FOLLOWLOCATION(3)\fP), the same set of custom headers will be sent in the subsequent request. Redirects can of course go to other hosts and thus those servers will get all the contents of your custom headers too. Starting in 7.58.0, libcurl will specifically prevent "Authorization:" headers from being sent to other hosts than the first used one, unless specifically permitted with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option. Starting in 7.64.0, libcurl will specifically prevent "Cookie:" headers from being sent to other hosts than the first used one, unless specifically permitted with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option. .SH DEFAULT NULL .SH PROTOCOLS HTTP .SH EXAMPLE .nf CURL *curl = curl_easy_init(); struct curl_slist *list = NULL; if(curl) { curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); list = curl_slist_append(list, "Shoesize: 10"); list = curl_slist_append(list, "Accept:"); curl_easy_setopt(curl, CURLOPT_HTTPHEADER, list); curl_easy_perform(curl); curl_slist_free_all(list); /* free the list again */ } .fi .SH AVAILABILITY As long as HTTP is enabled .SH RETURN VALUE Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not. .SH "SEE ALSO" .BR CURLOPT_CUSTOMREQUEST "(3), " CURLOPT_HEADEROPT "(3), " .BR CURLOPT_PROXYHEADER "(3), " CURLOPT_HEADER "(3)"