Header issues often manifest themselves in two situations. First, your API will frequently return a 401 error. Second, when parsing a site, you'll often see blocks for no apparent reason. Similar situations can also occur if there are no headers at all.
Curl add header is exactly the kind of tool that experts would say is simple. But the real fun happens when you need to use it for unusual situations. If you send a standard GET request, of course, there won't cause any problems. However, if you need to use curl with headers, the situation becomes significantly more complicated. In this article, we'll explore how this works in practice with real-world scenarios.
Curl Add HTTP Header: Main Points and the Importance
Before jumping into commands, here is a quick context: HTTP headers are key-value pairs sent alongside a request or response. They tell the server (or client) metadata about the request β who sends it, what format the body is in, how to cache the response, the language, etc.
Common request headers are as following:
-
Authorizationβ for bearer tokens, API keys -
Content-Typeβ tells the web server what format your body is in (JSON, form data, etc.) -
Acceptβ shows what format you expect back -
User-Agentβ identifies the client (browser, script, app) -
X-API-Keyβ common custom headers for API authentication -
Cache-Controlβ controls caching behavior
When you make a curl command with headers, you're essentially showing up to a party with an invitation. Some endpoints don't care. Many do.
Curl Add Header with -H: How It Looks
The flag you'll use constantly is -H. It stands for "header," and you can use it multiple times in the same command.
curl -H "Header-Name: value" https://example.com/api
That's the core. Everything else is a variation on this.
Practical Use Cases from Professionals
At this stage, it's worth reviewing the most common headers used by specialists: Authorization, API Key, and Content-Type. We'll explain what they look like below.
Authorization Headers or as People Say "Bearer Token"
This is probably the most common reason people look up how to add header to curl. Most modern APIs use bearer token auth:
curl -H "Authorization: Bearer my_access_token" \
https://api.example.com/v1/users
Replace my_access_token with your actual token. The format Bearer <token> is the standard β don't skip that word Bearer, a lot of people do and then spend 20 minutes wondering why they're getting 403s.
API Key Header as the Conventional Pattern
Some services use a custom header for keys instead of Authorization:
curl -H "X-API-Key: your_api_key_here" \
https://api.example.com/data
Or they might want it in a different header name β always check the API docs. But X-API-Key is the conventional pattern you'll see most often.
Content-Type Header: Does It Good for POST Requests
Sending a curl POST request with a JSON body? You need to tell the server what it's receiving:
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer my_access_token" \
-d '{"username": "alex", "email": "alex@example.com"}' \
https://api.example.com/users
Without Content-Type: application/json, many servers will either reject the request or misparse the body. This trips up beginners a lot.
Send Multiple Headers Right
You just stack the -H flags. There is no special syntax to send multiple headers β it's the same flag repeated, as in our example below:
curl -H "Authorization: Bearer token123" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "X-Request-ID: abc-456" \
https://api.example.com/endpoint
Clean, readable, and exactly how you'd send headers in practice. The backslashes just allow line breaks in the terminal. The command is one continuous instruction.
Custom User-Agent Header and Why You Need to Set It Up
This one's useful for web scraping or when testing how a server responds to different clients. The default curl user agent is recognizable and sometimes blocked:
curl -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" \
https://example.com/page
If you're doing any kind of serious web scraping or rotating the user agent header, we recommend buying a private proxy server. It makes a significant difference in avoiding blocks.
Verbose Mode: Use It to Debug Headers
When something's wrong and you're not sure whether headers are being sent correctly, verbose mode is your friend:
curl -v -H "Authorization: Bearer token123" https://api.example.com/test
The -v flag outputs the full request and response cycle β including headers both sent and received. You'll see something like:
> GET /test HTTP/1.1
> Host: api.example.com
> Authorization: Bearer token123
> User-Agent: curl/7.88.1
> indicates outgoing (your request). < indicates incoming (server response). Super useful for sanity-checking that your curl headers are actually being sent.
To see just the response headers without the body, use -I:
curl -I https://example.com
Proxy and Curl Add Header Together: Use Them Right
You may be routing requests through a proxy for testing, anonymity, or scraping at scale. So, curl add headers become even more important. Some proxies add or strip certain headers automatically β a proxy for Twitter can do this too.
Remember that you can also set your own Authorization or User-Agent headers. This helps avoid detection and mimic natural traffic patterns.
Here is the typical combination:
curl -x http://proxy_ip:port \
-H "Authorization: Bearer token123" \
-H "User-Agent: Mozilla/5.0 ..." \
https://api.twitter.com/endpoint
Curl get request with headers and proxy is just a tool that helps you a lot to make work constant without fails.
Common Curl Header Commands: Use Cases and Examples
| Use Case | Header |
|---|---|
| Bearer auth | -H "Authorization: Bearer token" |
| API key | -H "X-API-Key: your_key" |
| JSON body | -H "Content-Type: application/json" |
| Custom user agent | -H "User-Agent: CustomBot/1.0" |
| Accept JSON response | -H "Accept: application/json" |
| Cache control | -H "Cache-Control: no-cache" |
Most Often Types of Mistakes and Error Messages
-
Headers in wrong format β must be
Name: value, notName=valueor"Name" "value".curlis strict about this. -
Forgetting quotes β if your header value has spaces (like
Bearer my access token), wrap the whole thing in double quotes. -
Sending headers to HTTP instead of HTTPS β some servers redirect, and in that redirect, headers might get dropped. Always use
HTTPSwhere possible. -
Wrong header name β
content-typeandContent-Typeare technically the same (HTTP headers are case-insensitive), but some custom implementations aren't. When in doubt, match the casing from the API docs.
Conclusions
Curl add header is one of those tools where learning it pays off. Experienced professionals around the world have shown that HTTP issues are primarily due to missing or malformed headers. The recipe for success in this situation isn't all that complicated. Learn the -H flag, then combine it with -v for debugging. Also, check HTTP headers. Ultimately, you'll be able to resolve up to 80% of API issues before you even touch your application code.
