1---
2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
3SPDX-License-Identifier: curl
4Title: CURLOPT_HTTPHEADER
5Section: 3
6Source: libcurl
7Protocol:
8  - HTTP
9  - SMTP
10  - IMAP
11See-also:
12  - CURLOPT_CUSTOMREQUEST (3)
13  - CURLOPT_HEADER (3)
14  - CURLOPT_HEADEROPT (3)
15  - CURLOPT_MIMEPOST (3)
16  - CURLOPT_PROXYHEADER (3)
17  - curl_mime_init (3)
18Added-in: 7.1
19---
20
21# NAME
22
23CURLOPT_HTTPHEADER - set of HTTP headers
24
25# SYNOPSIS
26
27~~~c
28#include <curl/curl.h>
29
30CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPHEADER,
31                          struct curl_slist *headers);
32~~~
33
34# DESCRIPTION
35
36Pass a pointer to a linked list of HTTP headers to pass to the server and/or
37proxy in your HTTP request. The same list can be used for both host and proxy
38requests.
39
40When used within an IMAP or SMTP request to upload a MIME mail, the given
41header list establishes the document-level MIME headers to prepend to the
42uploaded document described by CURLOPT_MIMEPOST(3). This does not affect raw
43mail uploads.
44
45The linked list should be a fully valid list of **struct curl_slist** structs
46properly filled in. Use curl_slist_append(3) to create the list and
47curl_slist_free_all(3) to clean up an entire list. If you add a header that is
48otherwise generated and used by libcurl internally, your added header is used
49instead. If you add a header with no content as in 'Accept:' (no data on the
50right side of the colon), the internally used header is disabled/removed. With
51this option you can add new headers, replace internal headers and remove
52internal headers. To add a header with no content (nothing to the right side
53of the colon), use the form 'name;' (note the ending semicolon).
54
55The headers included in the linked list **must not** be CRLF-terminated,
56because libcurl adds CRLF after each header item itself. Failure to comply
57with this might result in strange behavior. libcurl passes on the verbatim
58strings you give it, without any filter or other safe guards. That includes
59white space and control characters.
60
61The first line in an HTTP request (containing the method, usually a GET or
62POST) is not a header and cannot be replaced using this option. Only the lines
63following the request-line are headers. Adding this method line in this list
64of headers only causes your request to send an invalid header. Use
65CURLOPT_CUSTOMREQUEST(3) to change the method.
66
67When this option is passed to curl_easy_setopt(3), libcurl does not copy the
68entire list so you **must** keep it around until you no longer use this
69*handle* for a transfer before you call curl_slist_free_all(3) on the list.
70
71Using this option multiple times makes the last set list override the previous
72ones. Set it to NULL to disable its use again.
73
74The most commonly replaced HTTP headers have "shortcuts" in the options
75CURLOPT_COOKIE(3), CURLOPT_USERAGENT(3) and CURLOPT_REFERER(3). We recommend
76using those.
77
78There is an alternative option that sets or replaces headers only for requests
79that are sent with CONNECT to a proxy: CURLOPT_PROXYHEADER(3). Use
80CURLOPT_HEADEROPT(3) to control the behavior.
81
82# SPECIFIC HTTP HEADERS
83
84Setting some specific headers causes libcurl to act differently.
85
86## Host:
87
88The specified hostname is used for cookie matching if the cookie engine is
89also enabled for this transfer. If the request is done over HTTP/2 or HTTP/3,
90the custom hostname is instead used in the ":authority" header field and
91Host: is not sent at all over the wire.
92
93## Transfer-Encoding: chunked
94
95Tells libcurl the upload is to be done using this chunked encoding instead of
96providing the Content-Length: field in the request.
97
98# SPECIFIC MIME HEADERS
99
100When used to build a MIME email for IMAP or SMTP, the following document-level
101headers can be set to override libcurl-generated values:
102
103## Mime-Version:
104
105Tells the parser at the receiving site how to interpret the MIME framing.
106It defaults to "1.0" and should normally not be altered.
107
108## Content-Type:
109
110Indicates the document's global structure type. By default, libcurl sets it
111to "multipart/mixed", describing a document made of independent parts. When a
112MIME mail is only composed of alternative representations of the same data
113(i.e.: HTML and plain text), this header must be set to "multipart/alternative".
114In all cases the value must be of the form "multipart/*" to respect the
115document structure and may not include the "boundary=" parameter.
116
117##
118
119Other specific headers that do not have a libcurl default value but are
120strongly desired by mail delivery and user agents should also be included.
121These are `From:`, `To:`, `Date:` and `Subject:` among others and their
122presence and value is generally checked by anti-spam utilities.
123
124# SECURITY CONCERNS
125
126By default, this option makes libcurl send the given headers in all HTTP
127requests done by this handle. You should therefore use this option with
128caution if you for example connect to the remote site using a proxy and a
129CONNECT request, you should to consider if that proxy is supposed to also get
130the headers. They may be private or otherwise sensitive to leak.
131
132Use CURLOPT_HEADEROPT(3) to make the headers only get sent to where you
133intend them to get sent.
134
135Custom headers are sent in all requests done by the easy handle, which implies
136that if you tell libcurl to follow redirects
137(CURLOPT_FOLLOWLOCATION(3)), the same set of custom headers is sent in
138the subsequent request. Redirects can of course go to other hosts and thus
139those servers get all the contents of your custom headers too.
140
141Starting in 7.58.0, libcurl specifically prevents "Authorization:" headers
142from being sent to other hosts than the first used one, unless specifically
143permitted with the CURLOPT_UNRESTRICTED_AUTH(3) option.
144
145Starting in 7.64.0, libcurl specifically prevents "Cookie:" headers from being
146sent to other hosts than the first used one, unless specifically permitted
147with the CURLOPT_UNRESTRICTED_AUTH(3) option.
148
149# DEFAULT
150
151NULL
152
153# %PROTOCOLS%
154
155# EXAMPLE
156
157~~~c
158int main(void)
159{
160  CURL *curl = curl_easy_init();
161
162  struct curl_slist *list = NULL;
163
164  if(curl) {
165    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
166
167    list = curl_slist_append(list, "Shoesize: 10");
168    list = curl_slist_append(list, "Accept:");
169
170    curl_easy_setopt(curl, CURLOPT_HTTPHEADER, list);
171
172    curl_easy_perform(curl);
173
174    curl_slist_free_all(list); /* free the list */
175  }
176}
177~~~
178
179# HISTORY
180
181Use for MIME mail added in 7.56.0.
182
183# %AVAILABILITY%
184
185# RETURN VALUE
186
187Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not.
188