How to show HTTP response headers with cURL

HTTP response headers show what a URL actually returned before the response body, retry logic, or application parsing hides the details. A quick header check is often enough to confirm the status line, content type, redirects, cache policy, cookies, and other metadata that explains why a request behaved the way it did.

For a normal HTTP response, curl can print the header block and the response body in one stream or write only the headers to a separate file. –include keeps the received headers attached to a normal GET response, –location shows each response block across redirects, and –dump-header stores the headers without mixing them into the body output.

The most portable spellings are -i and –include. Current curl documentation renamed the long option to –show-headers in 8.10.0, but older releases still document –include, and –head sends a different HEAD request instead of showing headers from a normal response. Saved header files can also expose cookies or redirect targets, so review them before sharing.

Steps to show HTTP response headers with cURL:

Run a normal request with --include to print the response headers before the response body.

$ curl --silent --include https://httpbingo.org/json
HTTP/2 200
access-control-allow-credentials: true
access-control-allow-origin: *
content-type: application/json; charset=utf-8
date: Wed, 22 Apr 2026 03:49:44 GMT
content-length: 421
server: Fly/6db5e6d7a8 (2026-04-20)
via: 2 fly.io, 2 fly.io
fly-request-id: 01KPSMXRG7RNYT5MDKYEY79FW5-sin

{
  "slideshow": {
    "author": "Yours Truly",
##### snipped #####

--include writes the received header block to the same output stream as the body. Current curl documentation calls the same option --show-headers, while --include remains usable on older releases.

Add --location when the URL can redirect before the final response.

$ curl --silent --include --location 'https://httpbingo.org/redirect-to?url=%2Fjson'
HTTP/2 302
access-control-allow-credentials: true
access-control-allow-origin: *
location: /json
date: Wed, 22 Apr 2026 03:47:20 GMT
content-length: 0
server: Fly/6db5e6d7a8 (2026-04-20)
via: 2 fly.io, 2 fly.io
fly-request-id: 01KPSMSBVZ8XD1EBD1R7X2FQG8-sin

HTTP/2 200
access-control-allow-credentials: true
access-control-allow-origin: *
content-type: application/json; charset=utf-8
date: Wed, 22 Apr 2026 03:47:20 GMT
content-length: 421
server: Fly/6db5e6d7a8 (2026-04-20)
via: 2 fly.io, 2 fly.io
fly-request-id: 01KPSMSC43777N8VY9SYW63WV4-sin

{
  "slideshow": {
##### snipped #####

With --location, curl shows each response block in order, so the last header block is the final response after the redirect chain.

Write the response headers to a separate file with --dump-header when the body should stay out of the terminal.
```
$ curl --silent --dump-header response-headers.txt --output /dev/null https://example.com
```
--output /dev/null discards the response body while --dump-header saves only the received headers.

Related: How to save cURL output to a file

Read the saved header file to confirm the exact headers that curl received.

$ cat response-headers.txt
HTTP/2 200
date: Wed, 22 Apr 2026 03:47:20 GMT
content-type: text/html
server: cloudflare
last-modified: Sat, 18 Apr 2026 00:49:31 GMT
allow: GET, HEAD
accept-ranges: bytes
age: 12003
cf-cache-status: HIT
cf-ray: 9f01a5849ad0c6e5-SIN

Header files from authenticated requests can contain cookies, redirect targets, and other sensitive values, so redact them before sharing the file.

Remove the temporary header file after the check is complete.
```
$ rm response-headers.txt
```

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.