prev in list next in list prev in thread next in thread List: curl-and-php Subject: CURLOPTHTTPHEADER From: 'Diana Castillo' Date: 2003-12-22 16:33:41 Download RAW message or body is this in a correct format? The CURLOPTHTTPHEADER option is used in combination with the curlsetopt function to add custom request headers when using the cURL library in PHP. Individual headers can be provided as elements in an indexed array, which is provided as a parameter to the culsetopt function.
- Get code examples like 'curlsetopt($ch, CURLOPTHTTPHEADER, array(' instantly right from your google search results with the Grepper Chrome Extension.
- In this case, I set three custom headers using the CURLOPTHTTPHEADER option: I set the Accept-Encoding header to gzip, deflate and br (Brotli). I provided a PHPSESSID value as the Cookie header. The HTTP referer header is set to the Google search engine.
File a bug about this page
View man page source
CURLOPT_HTTPHEADER - set custom HTTP headers
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPHEADER, struct curl_slist *headers);
Pass a pointer to a linked list of HTTP headers to pass to the server and/or proxy in your HTTP request. The same list can be used for both host and proxy requests!
The linked list should be a fully valid list of struct curl_slist structs properly filled in. Use curl_slist_append to create the list and curl_slist_free_all to clean up an entire list. If you add a header that is otherwise generated and used by libcurl internally, your added one will be used instead. If you add a header with no content as in 'Accept:' (no data on the right side of the colon), the internally used header will get disabled. With this option you can add new headers, replace internal headers and remove internal headers. To add a header with no content (nothing to the right side of the colon), use the form 'MyHeader;' (note the ending semicolon).
The headers included in the linked list must not be CRLF-terminated, because libcurl adds CRLF after each header item. Failure to comply with this will result in strange bugs because the server will most likely ignore part of the headers you specified.
The first line in a request (containing the method, usually a GET or POST) is not a header and cannot be replaced using this option. Only the lines following the request-line are headers. Adding this method line in this list of headers will only cause your request to send an invalid header. Use CURLOPT_CUSTOMREQUEST to change the method.
When this option is passed to curl_easy_setopt, libcurl will not copy the entire list so you must keep it around until you no longer use this handle for a transfer before you call curl_slist_free_all on the list.
Pass a NULL to this option to reset back to no custom headers.
The most commonly replaced headers have 'shortcuts' in the options CURLOPT_COOKIE, CURLOPT_USERAGENT and CURLOPT_REFERER. We recommend using those.
There's an alternative option that sets or replaces headers only for requests that are sent with CONNECT to a proxy: CURLOPT_PROXYHEADER. Use CURLOPT_HEADEROPT to control the behavior.
By default, this option makes libcurl send the given headers in all HTTP requests done by this handle. You should therefore use this option with caution if you for example connect to the remote site using a proxy and a CONNECT request, you should to consider if that proxy is supposed to also get the headers. They may be private or otherwise sensitive to leak.
Use CURLOPT_HEADEROPT to make the headers only get sent to where you intend them to get sent.
Custom headers are sent in all requests done by the easy handles, which implies that if you tell libcurl to follow redirects (CURLOPT_FOLLOWLOCATION), the same set of custom headers will be sent in the subsequent request. Redirects can of course go to other hosts and thus those servers will get all the contents of your custom headers too.
Starting in 7.58.0, libcurl will specifically prevent 'Authorization:' headers from being sent to other hosts than the first used one, unless specifically permitted with the CURLOPT_UNRESTRICTED_AUTH option.
Starting in 7.64.0, libcurl will specifically prevent 'Cookie:' headers from being sent to other hosts than the first used one, unless specifically permitted with the CURLOPT_UNRESTRICTED_AUTH option.
As long as HTTP is enabled
Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not.
CURLOPT_CUSTOMREQUEST(3), CURLOPT_HEADEROPT(3), CURLOPT_PROXYHEADER(3), CURLOPT_HEADER(3)
This HTML page was made with roffit.
When sending a POST request with curl it sometimes automaticallyadds an
Expect: 100-continue header. The following summarizes underwhich conditions curl/libcurl adds this header.
Expect: 100-continue header is specified in HTTP 1.1 andallows the server to acknowledge or reject a POST/PUT requestimmediately after the headers are send but before the clientstarts sending potentially large amounts of actual data (body ofthe request). Thus, a conforming client must then wait for a
HTTP/1.1 100 Continue before sending the data. This schemeis advantageous for larger POST/PUT requests since in the case ofrejection the client and server don't waste their time with superfluousnetwork communication.
Curl doesn't touch the 'Expect' header if it is explicitlyset.
Otherwise, curl automatically sets it, if either
- the request is a PUT, or
- the request is a POST and the data size is larger than 1024 bytes
By default, curl waits up to 1 second for a reply to the100-continue expectation. This timeout is configurable (e.g. via
Disabling Expect Logic¶
The expect logic can easily be disabled via setting the
Expect:header to the empty string.
For example, on the command line via:
libcurl the header can be configured via setting
Disabling the expect logic saves an additional network round-trip and isthus a good idea when the request isn't extremely large and theprobability for rejection is low.
For testing, the expect logic can also be explicitly turned on,e.g.: