.\"
.\" DO NOT EDIT. Generated by the curl project gen.pl man page generator.
.\"
-.TH curl 1 "16 Dec 2016" "Curl 7.52.0" "Curl Manual"
+.TH curl 1 "November 16, 2016" "Curl 7.59.0" "Curl Manual"
+
.SH NAME
curl \- transfer a URL
.SH SYNOPSIS
Used together with \fI-u, --user\fP.
See also \fI--proxy-basic\fP.
-.IP "--cacert <CA certificate>"
+.IP "--cacert <file>"
(TLS) Tells curl to use the specified certificate file to verify the peer. The file
may contain multiple CA certificates. The certificate(s) must be in PEM
format. Normally curl is built to use a default file for this, so this option
https://curl.haxx.se/docs/ssl-ciphers.html
If this option is used several times, the last one will be used.
+.IP "--compressed-ssh"
+(SCP SFTP) Enables built-in SSH compression.
+This is a request, not an order; the server may or may not do it.
+
+Added in 7.56.0.
.IP "--compressed"
(HTTP) Request a compressed response using one of the algorithms curl supports, and
save the uncompressed document. If this option is used and the server sends
an unsupported encoding, curl will report an error.
.IP "-K, --config <file>"
-Specify which config file to read curl arguments from. The config file is a
-text file in which command line arguments can be written which then will be
-used as if they were written on the actual command line.
-Options and their parameters must be specified on the same config file line,
+Specify a text file to read curl arguments from. The command line arguments
+found in the text file will be used as if they were provided on the command
+line.
+
+Options and their parameters must be specified on the same line in the file,
separated by whitespace, colon, or the equals sign. Long option names can
optionally be given in the config file without the initial double dashes and
if so, the colon or equals characters can be used as separators. If the option
url = "https://curl.haxx.se/docs/"
-When curl is invoked, it always (unless \fI-q, --disable\fP is used) checks for a
-default config file and uses it if found. The default config file is checked
-for in the following places in this order:
+When curl is invoked, it (unless \fI-q, --disable\fP is used) checks for a default
+config file and uses it if found. The default config file is checked for in
+the following places in this order:
1) curl tries to find the "home dir": It first checks for the CURL_HOME and
then the HOME environment variables. Failing that, it uses getpwuid() on
See also \fI-m, --max-time\fP.
.IP "--connect-to <HOST1:PORT1:HOST2:PORT2>"
-For a request to the given HOST:PORT pair, connect to
-CONNECT-TO-HOST:CONNECT-TO-PORT instead. This option is suitable to direct
-requests at a specific server, e.g. at a specific cluster node in a cluster of
-servers. This option is only used to establish the network connection. It
-does NOT affect the hostname/port that is used for TLS/SSL (e.g. SNI,
-certificate verification) or for the application protocols. "host" and "port"
-may be the empty string, meaning "any host/port". "connect-to-host" and
-"connect-to-port" may also be the empty string, meaning "use the request's
-original host/port".
+For a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead.
+This option is suitable to direct requests at a specific server, e.g. at a
+specific cluster node in a cluster of servers. This option is only used to
+establish the network connection. It does NOT affect the hostname/port that is
+used for TLS/SSL (e.g. SNI, certificate verification) or for the application
+protocols. "HOST1" and "PORT1" may be the empty string, meaning "any
+host/port". "HOST2" and "PORT2" may also be the empty string, meaning "use the
+request's original host/port".
+
+A "host" specified to this option is compared as a string, so it needs to
+match the name used in request URL. It can be either numerical such as
+"127.0.0.1" or the full host name such as "example.org".
This option can be used many times to add many connect rules.
(TLS) Select the OpenSSL crypto engine to use for cipher operations. Use \fI--engine\fP
list to print a list of build-time supported engines. Note that not all (or
none) of the engines may be available at run-time.
-.IP "--environment"
-Sets a range of environment variables, using the names the \fI-w, --write-out\fP option
-supports, to allow easier extraction of useful information after having run
-curl.
-
-\fI--environment\fP requires that the underlying libcurl was built to support RISC OS.
.IP "--expect100-timeout <seconds>"
(HTTP) Maximum time in seconds that you allow curl to wait for a 100-continue
response when curl emits an Expects: 100-continue header in its request. By
See also \fI--connect-timeout\fP. Added in 7.47.0.
.IP "--fail-early"
-Fail and exit on first detected error.
+Fail and exit on the first detected transfer error.
When curl is used to do multiple transfers on the command line, it will
attempt to operate on each given URL, one by one. By default, it will ignore
the error code curl returns. So early failures will be "hidden" by subsequent
successful transfers.
-Using this option, curl will instead return an error on the first transfers
-that fails, independent on the amount of more URLs that are given on the
-command line. This way, no transfer failures go undetected by scripts and
-similar.
+Using this option, curl will instead return an error on the first transfer
+that fails, independent of the amount of URLs that are given on the command
+line. This way, no transfer failures go undetected by scripts and similar.
-This option will apply for all given URLs even if you use \fI-:, --next\fP.
+This option is global and does not need to be specified for each use of \fI-:, --next\fP.
+
+This option does not imply \fI-f, --fail\fP, which causes transfers to fail due to the
+server's HTTP status code. You can combine the two options, however note \fI-f, --fail\fP
+is not global and is therefore contained by \fI-:, --next\fP.
Added in 7.52.0.
.IP "-f, --fail"
Added in 7.42.0.
.IP "--form-string <name=string>"
-(HTTP) Similar to \fI-F, --form\fP except that the value string for the named parameter is used
+(HTTP SMTP IMAP) Similar to \fI-F, --form\fP except that the value string for the named parameter is used
literally. Leading \&'@' and \&'<' characters, and the \&';type=' string in
the value have no special meaning. Use this in preference to \fI-F, --form\fP if
there's any possibility that the string value may accidentally trigger the
See also \fI-F, --form\fP.
.IP "-F, --form <name=content>"
-(HTTP) This lets curl emulate a filled-in form in which a user has pressed the submit
-button. This causes curl to POST data using the Content-Type
-multipart/form-data according to RFC 2388. This enables uploading of binary
-files etc. To force the 'content' part to be a file, prefix the file name with
-an @ sign. To just get the content part from a file, prefix the file name with
-the symbol <. The difference between @ and < is then that @ makes a file get
-attached in the post as a file upload, while the < makes a text field and just
-get the contents for that text field from a file.
-
-Example: to send an image to a server, where \&'profile' is the name of the
-form-field to which portrait.jpg will be the input:
+(HTTP SMTP IMAP) For HTTP protocol family, this lets curl emulate a filled-in form in which a
+user has pressed the submit button. This causes curl to POST data using the
+Content-Type multipart/form-data according to RFC 2388.
+
+For SMTP and IMAP protocols, this is the mean to compose a multipart mail
+message to transmit.
+
+This enables uploading of binary files etc. To force the 'content' part to be
+a file, prefix the file name with an @ sign. To just get the content part from
+a file, prefix the file name with the symbol <. The difference between @ and <
+is then that @ makes a file get attached in the post as a file upload, while
+the < makes a text field and just get the contents for that text field from a
+file.
+
+Tell curl to read content from stdin instead of a file by using - as
+filename. This goes for both @ and < constructs. When stdin is used, the
+contents is buffered in memory first by curl to determine its size and allow a
+possible resend. Defining a part's data from a named non-regular file (such
+as a named pipe or similar) is unfortunately not subject to buffering and will
+be effectively read at transmission time; since the full size is unknown
+before the transfer starts, such data is sent as chunks by HTTP and rejected
+by IMAP.
+
+Example: send an image to an HTTP server, where \&'profile' is the name of the
+form-field to which the file portrait.jpg will be the input:
curl -F profile=@portrait.jpg https://example.com/upload.cgi
-To read content from stdin instead of a file, use - as the filename. This goes
-for both @ and < constructs. Unfortunately it does not support reading the
-file from a named pipe or similar, as it needs the full size before the
-transfer starts.
+Example: send a your name and shoe size in two text fields to the server:
+
+ curl -F name=John -F shoesize=11 https://example.com/
+
+Example: send a your essay in a text field to the server. Send it as a plain
+text field, but get the contents for it from a local file:
+
+ curl -F "story=<hugefile.txt" https://example.com/
You can also tell curl what Content-Type to use by using 'type=', in a manner
similar to:
Note that if a filename/path is quoted by double-quotes, any double-quote
or backslash within the filename must be escaped by backslash.
+Quoting must also be applied to non-file data if it contains semicolons,
+leading/trailing spaces or leading double quotes:
+
+ curl -F 'colors="red; green; blue";type=text/x-myapp' example.com
+
+You can add custom headers to the field by setting headers=, like
+
+ curl -F "submit=OK;headers=\\"X-submit-type: OK\\"" example.com
+
+or
+
+ curl -F "submit=OK;headers=@headerfile" example.com
+
+The headers= keyword may appear more that once and above notes about quoting
+apply. When headers are read from a file, Empty lines and lines starting
+with '#' are comments and ignored; each header can be folded by splitting
+between two words and starting the continuation line with a space; embedded
+carriage-returns and trailing spaces are stripped.
+Here is an example of a header file contents:
+
+ # This file contain two headers.
+.br
+ X-header-1: this is a header
+
+ # The following header is folded.
+.br
+ X-header-2: this is
+.br
+ another header
+
+
+To support sending multipart mail messages, the syntax is extended as follows:
+.br
+- name can be omitted: the equal sign is the first character of the argument,
+.br
+- if data starts with '(', this signals to start a new multipart: it can be
+followed by a content type specification.
+.br
+- a multipart can be terminated with a '=)' argument.
+
+Example: the following command sends an SMTP mime e-mail consisting in an
+inline part in two alternative formats: plain text and HTML. It attaches a
+text file:
+
+ curl -F '=(;type=multipart/alternative' \\
+.br
+ -F '=plain text message' \\
+.br
+ -F '= <body>HTML message</body>;type=text/html' \\
+.br
+ -F '=)' -F '=@textfile.txt' ... smtp://example.com
+
+Data can be encoded for transfer using encoder=. Available encodings are
+\fIbinary\fP and \fI8bit\fP that do nothing else than adding the corresponding
+Content-Transfer-Encoding header, \fI7bit\fP that only rejects 8-bit characters
+with a transfer error, \fIquoted-printable\fP and \fIbase64\fP that encodes
+data according to the corresponding schemes, limiting lines length to
+76 characters.
+
+Example: send multipart mail with a quoted-printable text message and a
+base64 attached file:
+
+ curl -F '=text message;encoder=quoted-printable' \\
+.br
+ -F '=@localfile;encoder=base64' ... smtp://example.com
+
See further examples and details in the MANUAL.
This option can be used multiple times.
you can specify URLs that contain the letters {}[] without having them being
interpreted by curl itself. Note that these letters are not normal legal URL
contents but they should be encoded according to the URI standard.
+.IP "--happy-eyeballs-timeout-ms <milliseconds>"
+Happy eyeballs is an algorithm that attempts to connect to both IPv4 and IPv6
+addresses for dual-stack hosts, preferring IPv6 first for the number of
+milliseconds. If the IPv6 address cannot be connected to within that time then
+a connection attempt is made to the IPv4 address in parallel. The first
+connection to be established is the one that is used.
+
+The range of suggested useful values is limited. Happy Eyeballs RFC 6555 says
+"It is RECOMMENDED that connection attempts be paced 150-250 ms apart to
+balance human factors against network load." libcurl currently defaults to
+200 ms. Firefox and Chrome currently default to 300 ms.
+
+If this option is used several times, the last one will be used.
+
+Added in 7.59.0.
.IP "-I, --head"
(HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the command HEAD which this uses
to get nothing but the header of a document. When used on an FTP or FILE file,
curl displays the file size and last modification time only.
-.IP "-H, --header <header>"
-(HTTP)
-Extra header to include in the request when sending HTTP to a server. You may
+.IP "-H, --header <header/@file>"
+(HTTP) Extra header to include in the request when sending HTTP to a server. You may
specify any number of extra headers. Note that if you should add a custom
header that has the same name as one of the internal ones curl would use, your
externally set header will be used instead of the internal one. This allows
content: do not add newlines or carriage returns, they will only mess things up
for you.
+Starting in 7.55.0, this option can take an argument in @filename style, which
+then adds a header for each line in the input file. Using @- will make curl
+read the header file from stdin.
+
See also the \fI-A, --user-agent\fP and \fI-e, --referer\fP options.
Starting in 7.37.0, you need \fI--proxy-header\fP to send custom headers intended
For FTP (since 7.46.0), skip the RETR command to figure out the size before
downloading a file.
.IP "-i, --include"
-Include the HTTP-header in the output. The HTTP-header includes things like
-server-name, date of the document, HTTP-version and more...
+Include the HTTP response headers in the output. The HTTP response headers can
+include things like server name, cookies, date of the document, HTTP version
+and more...
+
+To view the request headers, consider the \fI-v, --verbose\fP option.
See also \fI-v, --verbose\fP.
.IP "-k, --insecure"
-(TLS) This option explicitly allows curl to perform "insecure" SSL connections and
-transfers. All SSL connections are attempted to be made secure by using the CA
-certificate bundle installed by default. This makes all connections considered
-\&"insecure" fail unless \fI-k, --insecure\fP is used.
+(TLS)
+By default, every SSL connection curl makes is verified to be secure. This
+option allows curl to proceed and operate even for server connections
+otherwise considered insecure.
+
+The server connection is verified by making sure the server's certificate
+contains the right name and verifies successfully using the cert store.
See this online resource for further details:
https://curl.haxx.se/docs/sslcerts.html
+
+See also \fI--proxy-insecure\fP and \fI--cacert\fP.
.IP "--interface <name>"
Perform an operation using a specified interface. You can enter interface
If this option is used several times, the last one will be used.
+On Linux it can be used to specify a VRF, but the binary needs to either
+have CAP_NET_RAW or to be ran as root. More information about Linux VRF:
+https://www.kernel.org/doc/Documentation/networking/vrf.txt
+
See also \fI--dns-interface\fP.
.IP "-4, --ipv4"
This option tells curl to resolve names to IPv4 addresses only, and not for
otherwise would be.
The given speed is measured in bytes/second, unless a suffix is appended.
-Appending 'k' or 'K' will count the number as kilobytes, 'm' or M' makes it
+Appending 'k' or 'K' will count the number as kilobytes, 'm' or 'M' makes it
megabytes, while 'g' or 'G' makes it gigabytes. Examples: 200K, 3m and 1G.
If you also use the \fI-Y, --speed-limit\fP option, that option will take precedence and
requested is larger than this value, the transfer will not start and curl will
return with exit code 63.
+A size modifier may be used. For example, Appending 'k' or 'K' will count the
+number as kilobytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it
+gigabytes. Examples: 200K, 3m and 1G. (Added in 7.58.0)
+
\fBNOTE:\fP The file size is not always known prior to download, and for such
files this option has no effect even if the file transfer ends up being larger
than this given limit. This concerns both FTP and HTTP transfers.
If this option is used several times, only the first one is used.
See also \fI--basic\fP and \fI--ntlm\fP and \fI--anyauth\fP and \fI--proxy-negotiate\fP.
-.IP "--netrc-file <filemame>"
+.IP "--netrc-file <filename>"
This option is similar to \fI-n, --netrc\fP, except that you provide the path (absolute
or relative) to the netrc file that Curl should use. You can only specify one
netrc file per invocation. If several \fI--netrc-file\fP options are provided,
Note that this is the negated option name documented. You can thus use
--buffer to enforce the buffering.
.IP "--no-keepalive"
-Disables the use of keepalive messages on the TCP connection. curl otherwis
+Disables the use of keepalive messages on the TCP connection. curl otherwise
enables them by default.
Note that this is the negated option name documented. You can thus use
If this option is used several times, only the first one is used.
See also \fI--proxy-ntlm\fP. \fI--ntlm\fP requires that the underlying libcurl was built to support TLS. This option overrides \fI--basic\fP and \fI--negotiated\fP and \fI--digest\fP and \fI--anyauth\fP.
-.IP "--oauth2-bearer"
+.IP "--oauth2-bearer <token>"
(IMAP POP3 SMTP) Specify the Bearer Token for OAUTH 2.0 server authentication. The Bearer Token
is used in conjunction with the user name which can be specified as part of
the \fI--url\fP or \fI-u, --user\fP options.
This progress bar draws a single line of '#' characters across the screen and
shows a percentage if the transfer size is known. For transfers without a
-known size, it will instead output one '#' character for every 1024 bytes
-transferred.
+known size, there will be space ship (-=o=-) that moves back and forth but
+only while data is being transferred, with a set of flying hash sign symbols on
+top.
.IP "--proto-default <protocol>"
Tells curl to use \fIprotocol\fP for any URL missing a scheme name.
proxy. Use \fI--digest\fP for enabling HTTP Digest with a remote host.
See also \fI-x, --proxy\fP and \fI--proxy-anyauth\fP and \fI--proxy-basic\fP.
-.IP "--proxy-header <header>"
+.IP "--proxy-header <header/@file>"
(HTTP) Extra header to include in the request when sending HTTP to a proxy. You may
specify any number of extra headers. This is the equivalent option to \fI-H, --header\fP
but is for proxy communication only like in CONNECT requests when you want a
Headers specified with this option will not be included in requests that curl
knows will not be sent to a proxy.
+Starting in 7.55.0, this option can take an argument in @filename style, which
+then adds a header for each line in the input file. Using @- will make curl
+read the header file from stdin.
+
This option can be used multiple times to add/replace/remove multiple headers.
Added in 7.37.0.
Same as \fI--pass\fP but used in HTTPS proxy context.
Added in 7.52.0.
+.IP "--proxy-pinnedpubkey <hashes>"
+(TLS) Tells curl to use the specified public key file (or hashes) to verify the
+proxy. This can be a path to a file which contains a single public key in PEM
+or DER format, or any number of base64 encoded sha256 hashes preceded by
+\'sha256//\' and separated by \';\'
+
+When negotiating a TLS or SSL connection, the server sends a certificate
+indicating its identity. A public key is extracted from this certificate and
+if it does not exactly match the public key provided to this option, curl will
+abort the connection before sending or receiving any data.
+
+If this option is used several times, the last one will be used.
.IP "--proxy-service-name <name>"
This option allows you to change the service name for proxy negotiation.
request and requires that the proxy allows direct connect to the remote port
number curl wants to tunnel through to.
+To suppress proxy CONNECT response headers when curl is set to output headers
+use \fI--suppress-connect-headers\fP.
+
See also \fI-x, --proxy\fP.
.IP "--pubkey <key>"
(SFTP SCP) Public key file name. Allows you to provide your public key in this separate
When used, this will make curl attempt to figure out the timestamp of the
remote file, and if that is available make the local file get that same
timestamp.
+.IP "--request-target"
+(HTTP) Tells curl to use an alternative "target" (path) instead of using the path as
+provided in the URL. Particularly useful when wanting to issue HTTP requests
+without leading slash or other data that doesn't follow the regular URL
+pattern, like "OPTIONS *".
+
+Added in 7.55.0.
.IP "-X, --request <command>"
(HTTP) Specifies a custom request method to use when communicating with the
HTTP server. The specified request method will be used instead of the method
Specifies a custom SMTP command to use instead of HELP or VRFY. (Added in 7.34.0)
If this option is used several times, the last one will be used.
-.IP "--resolve <host:port:address>"
+.IP "--resolve <host:port:address[,address]...>"
Provide a custom address for a specific host and port pair. Using this, you
can make the curl requests(s) use a specified address and prevent the
otherwise normally resolved address to be used. Consider it a sort of
The provided address set by this option will be used even if \fI-4, --ipv4\fP or \fI-6, --ipv6\fP
is set to make curl use another IP version.
+Support for providing the IP address within [brackets] was added in 7.57.0.
+
+Support for providing multiple IP addresses per entry was added in 7.59.0.
+
This option can be used many times to add many host names to resolve.
Added in 7.21.3.
If this option is used several times, the last one will be used.
Added in 7.18.0.
+.IP "--socks5-basic"
+Tells curl to use username/password authentication when connecting to a SOCKS5
+proxy. The username/password authentication is enabled by default. Use
+\fI--socks5-gssapi\fP to force GSS-API authentication to SOCKS5 proxies.
+
+Added in 7.55.0.
.IP "--socks5-gssapi-nec"
As part of the GSS-API negotiation a protection mode is negotiated. RFC 1961
says in section 4.3/4.4 it should be protected, but the NEC reference
principal name.
Added in 7.19.4.
+.IP "--socks5-gssapi"
+Tells curl to use GSS-API authentication when connecting to a SOCKS5 proxy.
+The GSS-API authentication is enabled by default (if curl is compiled with
+GSS-API support). Use \fI--socks5-basic\fP to force username/password authentication
+to SOCKS5 proxies.
+
+Added in 7.55.0.
.IP "--socks5-hostname <host[:port]>"
Use the specified SOCKS5 proxy (and let the proxy resolve the host name). If
the port number is not specified, it is assumed at port 1080.
If this option is used several times, the last one will be used.
See also \fI-v, --verbose\fP and \fI-s, --silent\fP.
+.IP "--suppress-connect-headers"
+When \fI-p, --proxytunnel\fP is used and a CONNECT request is made don't output proxy
+CONNECT response headers. This option is meant to be used with \fI-D, --dump-header\fP or
+\fI-i, --include\fP which are used to show protocol headers in the output. It has no
+effect on debug options such as \fI-v, --verbose\fP or \fI--trace\fP, or any statistics.
+
+See also \fI-D, --dump-header\fP and \fI-i, --include\fP and \fI-p, --proxytunnel\fP.
.IP "--tcp-fastopen"
Enable use of TCP Fast Open (RFC7413).
Turn on the TCP_NODELAY option. See the \fIcurl_easy_setopt(3)\fP man page for
details about this option.
-Since 7.50.2, curl sets this option by default and you need to explictitly
+Since 7.50.2, curl sets this option by default and you need to explicitly
switch it off if you don't want it on.
Added in 7.11.2.
than the specified date/time.
If this option is used several times, the last one will be used.
+.IP "--tls-max <VERSION>"
+(SSL) VERSION defines maximum supported TLS version. A minimum is defined
+by arguments tlsv1.0 or tlsv1.1 or tlsv1.2.
+
+.RS
+.IP "default"
+Use up to recommended TLS version.
+.IP "1.0"
+Use up to TLSv1.0.
+.IP "1.1"
+Use up to TLSv1.1.
+.IP "1.2"
+Use up to TLSv1.2.
+.IP "1.3"
+Use up to TLSv1.3.
+.RE
+
+See also \fI--tlsv1.0\fP and \fI--tlsv1.1\fP and \fI--tlsv1.2\fP. \fI--tls-max\fP requires that the underlying libcurl was built to support TLS. Added in 7.54.0.
.IP "--tlsauthtype <type>"
Set TLS authentication type. Currently, the only supported option is "SRP",
for TLS-SRP (RFC 5054). If \fI--tlsuser\fP and \fI--tlspassword\fP are specified but
-\fI--tlsauthtype\fP is not, then this option defaults to "SRP".
+\fI--tlsauthtype\fP is not, then this option defaults to "SRP". This option works
+only if the underlying libcurl is built with TLS-SRP support, which requires
+OpenSSL or GnuTLS with TLS-SRP support.
Added in 7.21.4.
.IP "--tlspassword"
(TLS) Forces curl to use TLS version 1.3 when connecting to a remote TLS server.
Note that TLS 1.3 is only supported by a subset of TLS backends. At the time
-of writing this, those are BoringSSL and NSS only.
+of this writing, they are BoringSSL, NSS, and Secure Transport (on iOS 11 or
+later, and macOS 10.13 or later).
Added in 7.52.0.
.IP "-1, --tlsv1"
requested. 0 means the verification was successful. (Added in 7.52.0)
.TP
.B redirect_url
-When an HTTP request was made without -L to follow redirects, this variable
-will show the actual URL a redirect \fIwould\fP take you to. (Added in 7.18.2)
+When an HTTP request was made without \fI-L, --location\fP to follow redirects (or when
+--max-redir is met), this variable will show the actual URL a redirect
+\fIwould\fP have gone to. (Added in 7.18.2)
.TP
.B remote_ip
The remote IP address of the most recently done connection - can be either
are specific to the particular protocol(s) involved.
.TP
.B time_redirect
-The time, in seconds, it took for all redirection steps include name lookup,
+The time, in seconds, it took for all redirection steps including name lookup,
connect, pretransfer and transfer before the final transaction was
started. time_redirect shows the complete execution time for multiple
redirections. (Added in 7.12.3)
list of host names that shouldn't go through any proxy. If set to a asterisk
\&'*' only, it matches all hosts.
-Since 7.53.0, this environment variable disable the proxy even if specify
-\fI-x, --proxy\fP option. That is
+This environment variable disables use of the proxy even when specified with
+the \fI-x, --proxy\fP option. That is
.B NO_PROXY=direct.example.com curl -x http://proxy.example.com
.B http://direct.example.com
accesses the target URL directly, and
.B NO_PROXY=direct.example.com curl -x http://proxy.example.com
.B http://somewhere.example.com
-accesses the target URL through proxy.
+accesses the target URL through the proxy.
+
+The list of host names can also be include numerical IP addresses, and IPv6
+versions should then be given without enclosing brackets.
.SH "PROXY PROTOCOL PREFIXES"
Since curl version 7.21.7, the proxy string may be specified with a
a supported one, the proxy will be treated as an HTTP proxy.
The supported proxy protocol prefixes are as follows:
+.IP "http://"
+Makes it use it as a HTTP proxy. The default if no scheme prefix is used.
+.IP "https://"
+Makes it treated as a \fBHTTPS\fP proxy.
.IP "socks4://"
Makes it the equivalent of \fI--socks4\fP
.IP "socks4a://"
No connection available, the session will be queued
.IP 90
SSL public key does not matched pinned public key
+.IP 91
+Invalid SSL certificate status.
+.IP 92
+Stream error in HTTP/2 framing layer.
.IP XX
More error codes will appear here in future releases. The existing ones
are meant to never change.