How to view HTTP request headers with cURL

Viewing the exact HTTP request headers that cURL sends makes it easier to confirm what actually left the client before checking application logic or server logs. The request line, Host header, authentication header, and content negotiation fields often explain why one call succeeds while another fails.

In cURL, --verbose writes protocol details to stderr and marks outbound headers with > and inbound headers with <. The current curl man page recommends --show-headers or --dump-header when only response headers matter, but --verbose is the right option when the job is to inspect what the client sent.

Verbose output can expose bearer tokens, cookies, and signed request headers. When a local ~/.curlrc file may be changing the request, place --disable first on the command line so the capture reflects only the options shown.

Related: How to show HTTP response headers with cURL
Related: How to debug HTTP requests with cURL
Related: How to send HEAD requests with cURL

Steps to view HTTP request headers with cURL:

  1. Run the request with --verbose and discard the response body so the sent header block stays readable. 
    $ curl --silent --show-error --verbose --output /dev/null https://example.com/
* Host example.com:443 was resolved.
##### snipped #####
> GET / HTTP/2
> Host: example.com
> User-Agent: curl/8.7.1
> Accept: */*
>
< HTTP/2 200
##### snipped #####

    In verbose output, > lines are headers sent by cURL, < lines are headers received from the server, and --silent removes the progress meter while --show-error keeps transfer errors visible.

  2. Add the header that needs checking and confirm it appears in the same outbound block. 
    $ curl --silent --show-error --verbose --header 'X-Request-Id: req_01JV1F9PK9M4T7W6Y2Z8N3Q5HC' --output /dev/null https://example.com/
##### snipped #####
> GET / HTTP/2
> Host: example.com
> User-Agent: curl/8.7.1
> Accept: */*
> X-Request-Id: req_01JV1F9PK9M4T7W6Y2Z8N3Q5HC
>
< HTTP/2 200
##### snipped #####

    Related: How to override the Host header with cURL

  3. Put --disable first when a local curl config file might be adding headers, cookies, or other request options. 
    $ curl --disable --silent --show-error --verbose --output /dev/null https://example.com/
* Host example.com:443 was resolved.
##### snipped #####
> GET / HTTP/2
> Host: example.com
> User-Agent: curl/8.7.1
> Accept: */*
>
< HTTP/2 200
##### snipped #####

    --disable works only when it is the first command-line option, and verbose captures should be redacted before they are shared because they can expose live authorization or session headers.