1--- 2c: Copyright (C) Daniel Stenberg, <daniel.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_HTTPHEADER 5Section: 3 6Source: libcurl 7See-also: 8 - CURLOPT_CUSTOMREQUEST (3) 9 - CURLOPT_HEADER (3) 10 - CURLOPT_HEADEROPT (3) 11 - CURLOPT_MIMEPOST (3) 12 - CURLOPT_PROXYHEADER (3) 13 - curl_mime_init (3) 14--- 15 16# NAME 17 18CURLOPT_HTTPHEADER - set of HTTP headers 19 20# SYNOPSIS 21 22~~~c 23#include <curl/curl.h> 24 25CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPHEADER, 26 struct curl_slist *headers); 27~~~ 28 29# DESCRIPTION 30 31Pass a pointer to a linked list of HTTP headers to pass to the server and/or 32proxy in your HTTP request. The same list can be used for both host and proxy 33requests! 34 35When used within an IMAP or SMTP request to upload a MIME mail, the given 36header list establishes the document-level MIME headers to prepend to the 37uploaded document described by CURLOPT_MIMEPOST(3). This does not affect 38raw mail uploads. 39 40The linked list should be a fully valid list of **struct curl_slist** 41structs properly filled in. Use curl_slist_append(3) to create the list 42and curl_slist_free_all(3) to clean up an entire list. If you add a 43header that is otherwise generated and used by libcurl internally, your added 44header is used instead. If you add a header with no content as in 'Accept:' 45(no data on the right side of the colon), the internally used header is 46disabled/removed. With this option you can add new headers, replace internal 47headers and remove internal headers. To add a header with no content (nothing 48to the right side of the colon), use the form 'name;' (note the ending 49semicolon). 50 51The headers included in the linked list **must not** be CRLF-terminated, 52because libcurl adds CRLF after each header item itself. Failure to comply 53with this might result in strange behavior. libcurl passes on the verbatim 54strings you give it, without any filter or other safe guards. That includes 55white space and control characters. 56 57The first line in an HTTP request (containing the method, usually a GET or 58POST) is not a header and cannot be replaced using this option. Only the lines 59following the request-line are headers. Adding this method line in this list 60of headers only causes your request to send an invalid header. Use 61CURLOPT_CUSTOMREQUEST(3) to change the method. 62 63When this option is passed to curl_easy_setopt(3), libcurl does not copy 64the entire list so you **must** keep it around until you no longer use this 65*handle* for a transfer before you call curl_slist_free_all(3) on 66the list. 67 68Pass a NULL to this option to reset back to no custom headers. 69 70The most commonly replaced HTTP headers have "shortcuts" in the options 71CURLOPT_COOKIE(3), CURLOPT_USERAGENT(3) and 72CURLOPT_REFERER(3). We recommend using those. 73 74There is an alternative option that sets or replaces headers only for requests 75that are sent with CONNECT to a proxy: CURLOPT_PROXYHEADER(3). Use 76CURLOPT_HEADEROPT(3) to control the behavior. 77 78# SPECIFIC HTTP HEADERS 79 80Setting some specific headers causes libcurl to act differently. 81 82## Host: 83 84The specified hostname is used for cookie matching if the cookie engine is 85also enabled for this transfer. If the request is done over HTTP/2 or HTTP/3, 86the custom hostname is instead used in the ":authority" header field and 87Host: is not sent at all over the wire. 88 89## Transfer-Encoding: chunked 90 91Tells libcurl the upload is to be done using this chunked encoding instead of 92providing the Content-Length: field in the request. 93 94# SPECIFIC MIME HEADERS 95 96When used to build a MIME email for IMAP or SMTP, the following document-level 97headers can be set to override libcurl-generated values: 98 99## Mime-Version: 100 101Tells the parser at the receiving site how to interpret the MIME framing. 102It defaults to "1.0" and should normally not be altered. 103 104## Content-Type: 105 106Indicates the document's global structure type. By default, libcurl sets it 107to "multipart/mixed", describing a document made of independent parts. When a 108MIME mail is only composed of alternative representations of the same data 109(i.e.: HTML and plain text), this header must be set to "multipart/alternative". 110In all cases the value must be of the form "multipart/*" to respect the 111document structure and may not include the "boundary=" parameter. 112 113Other specific headers that do not have a libcurl default value but are 114strongly desired by mail delivery and user agents should also be included. 115These are "From:", "To:", "Date:" and "Subject:" among others and their 116presence and value is generally checked by anti-spam utilities. 117 118# SECURITY CONCERNS 119 120By default, this option makes libcurl send the given headers in all HTTP 121requests done by this handle. You should therefore use this option with 122caution if you for example connect to the remote site using a proxy and a 123CONNECT request, you should to consider if that proxy is supposed to also get 124the headers. They may be private or otherwise sensitive to leak. 125 126Use CURLOPT_HEADEROPT(3) to make the headers only get sent to where you 127intend them to get sent. 128 129Custom headers are sent in all requests done by the easy handle, which implies 130that if you tell libcurl to follow redirects 131(CURLOPT_FOLLOWLOCATION(3)), the same set of custom headers is sent in 132the subsequent request. Redirects can of course go to other hosts and thus 133those servers get all the contents of your custom headers too. 134 135Starting in 7.58.0, libcurl specifically prevents "Authorization:" headers 136from being sent to other hosts than the first used one, unless specifically 137permitted with the CURLOPT_UNRESTRICTED_AUTH(3) option. 138 139Starting in 7.64.0, libcurl specifically prevents "Cookie:" headers from being 140sent to other hosts than the first used one, unless specifically permitted 141with the CURLOPT_UNRESTRICTED_AUTH(3) option. 142 143# DEFAULT 144 145NULL 146 147# PROTOCOLS 148 149HTTP, IMAP and SMTP 150 151# EXAMPLE 152 153~~~c 154int main(void) 155{ 156 CURL *curl = curl_easy_init(); 157 158 struct curl_slist *list = NULL; 159 160 if(curl) { 161 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); 162 163 list = curl_slist_append(list, "Shoesize: 10"); 164 list = curl_slist_append(list, "Accept:"); 165 166 curl_easy_setopt(curl, CURLOPT_HTTPHEADER, list); 167 168 curl_easy_perform(curl); 169 170 curl_slist_free_all(list); /* free the list */ 171 } 172} 173~~~ 174 175# AVAILABILITY 176 177As long as HTTP is enabled. Use in MIME mail added in 7.56.0. 178 179# RETURN VALUE 180 181Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not. 182