Bootstrap FreeKB - Curl - Display request and response headers
Curl - Display request and response headers
Updated:   |  Curl articles

The curl command with the -I or --head flag can be used to view the HTTP headers. For example, here is how to view the headers of www.example.com.

~]$ curl --head http://www.example.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 400945
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Wed, 21 Oct 2020 02:43:57 GMT
Etag: "3147526947"
Expires: Wed, 28 Oct 2020 02:43:57 GMT
Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
Server: ECS (ord/572F)
X-Cache: HIT
Content-Length: 1256

 

Likewise, the -v or --verbose flags will also display the HTTP headers. Additionally, the > character will be used for the request (from the client to the target server) and the < character for the response (from the target server to the client).

~]$ curl --verbose http://www.example.com
* About to connect() to www.example.com port 80 (#0)
*   Trying 93.184.216.34... connected
* Connected to www.example.com (93.184.216.34) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.44 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: www.example.com
> Accept: */*
> 
< HTTP/1.1 200 OK
< Age: 409564
< Cache-Control: max-age=604800
< Content-Type: text/html; charset=UTF-8
< Date: Wed, 21 Oct 2020 02:47:07 GMT
< Etag: "3147526947+ident"
< Expires: Wed, 28 Oct 2020 02:47:07 GMT
< Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
< Server: ECS (ord/573B)
< Vary: Accept-Encoding
< X-Cache: HIT
< Content-Length: 1256

 

Or, sometimes it's best to use the -i or --include flag, which should only return the response headers, not the request headers.

~]$ curl --include http://www.example.com

 

SSL

When connecting to an HTTPS URL that uses SSL, and the -k or --insecure flag is used, something like this will be included in the output.

* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=www.example.com,OU=Acme,O=Acme,L=Guam,ST=AB,C=US
*       start date: Jul 29 00:07:04 2020 GMT
*       expire date: Jul 27 00:07:04 2030 GMT
*       common name: www.example.com
*       issuer: CN=www.example.com,OU=Acme,O=Acme,L=Guam,ST=AB,C=US

 

Basic Authentication

When connecting to a URL that uses basic authentication (username, password), and the -u or --user option is used, something like this will be included in the output.

* Server auth using Basic with user 'john.doe'
> Authorization: Basic amVyZW15LmNhbmZpZWxkQGZyZWVrYi5uZXQ6QWRtaW4hNWc=

 

Cookie

If a cookie is created as part of the connection, something like this will be included in the output.

< Set-Cookie: PHPSESSID=emcbkuojp5150n0hhrgfcjbe52; path=/; domain=.example.com; HttpOnly

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 5db731 in the box below so that we can be sure you are a human.