curl cheatsheet
curl is the fastest way to see what the server actually returns.
A browser can cache, hide details, and make extra requests automatically. curl shows the basics: status, headers, redirects, and response timing.
Headers only
curl -kI https://getsrv.app/
Useful for checking:
- HTTP status;
content-type;cache-control;- security headers;
etag;last-modified.
Headers without saving body, but as GET
curl -kS -D - -o /dev/null https://getsrv.app/
Unlike -I, this is a real GET request, but the body is discarded. This can be more accurate when a server handles HEAD and GET differently.
Follow redirects
curl -kIL https://getsrv.app/
Flags:
-I— headers only;-L— follow redirects;-k— do not stop on TLS validation errors.
Verbose check
curl -kvI https://getsrv.app/
-v shows:
- where the client connects;
- TLS handshake details;
- HTTP version;
- sent and received headers.
Check a local listener through a specific name
curl -kI --resolve getsrv.app:7443:127.0.0.1 https://getsrv.app:7443/
Useful when you need to check a local Nginx listener directly while keeping the correct SNI/Host.
Check production through a specific IP
curl -kI --resolve getsrv.app:443:127.0.0.1 https://getsrv.app/
Replace 127.0.0.1 with the IP you need to test.
Print only the response code
curl -kS -o /dev/null -w '%{http_code}\n' https://getsrv.app/
Expected for the homepage:
200
For a missing page:
curl -kS -o /dev/null -w '%{http_code}\n' https://getsrv.app/no-such-page
Expected:
404
Print code, content type, and total time
curl -kS -o /dev/null -w 'code=%{http_code} type=%{content_type} time=%{time_total}\n' https://getsrv.app/
Example:
code=200 type=text/html time=0.064211
Detailed timing
curl -kS -o /dev/null \
-w 'dns=%{time_namelookup} connect=%{time_connect} tls=%{time_appconnect} first_byte=%{time_starttransfer} total=%{time_total}\n' \
https://getsrv.app/
Meaning:
dns— DNS lookup time;connect— TCP connect time;tls— TLS handshake time;first_byte— time to first byte;total— total request time.
Check HTML cache policy
curl -kI https://getsrv.app/ | grep -i cache-control
Expected:
cache-control: public, must-revalidate
Check asset cache policy
ASSET="$(find /var/www/getsrv.app/assets -maxdepth 1 -type f | head -n 1 | sed 's#^/var/www/getsrv.app##')"
curl -kI "https://getsrv.app$ASSET" | grep -i cache-control
Expected:
cache-control: public, max-age=31536000, immutable
Check security headers
curl -kI https://getsrv.app/ \
| grep -Ei 'content-security-policy|x-frame-options|x-content-type-options|referrer-policy|permissions-policy'
Expected:
x-content-type-options: nosniff
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
permissions-policy: ...
content-security-policy: ...
Save body to a file
curl -ks https://getsrv.app/ -o /tmp/getsrv-home.html
wc -c /tmp/getsrv-home.html
Useful when comparing HTML before and after deployment.
Check that specific text exists in HTML
curl -ks https://getsrv.app/ \
| grep -oE 'Technical reference|web operations|Docs' \
| sort -u
If the HTML is minified into a single line, normal grep -n may print the whole page. For smoke-tests, prefer grep -oE.
Common flags
| Flag | Meaning |
|---|---|
-I | HEAD request, headers only |
-L | follow redirects |
-k | do not fail on TLS validation errors |
-s | silent mode |
-S | show errors even in silent mode |
-v | verbose output |
-o /dev/null | discard body |
-D - | print response headers |
--resolve | manually map a name to an IP |
--connect-timeout 5 | connection timeout |
--max-time 20 | total request timeout |
Quick smoke-test set
curl -kI https://getsrv.app/
curl -kI https://getsrv.app/en/docs/
curl -kI https://getsrv.app/en/tools/
curl -kI https://getsrv.app/sitemap-index.xml
curl -kI https://getsrv.app/no-such-page
Expected:
200
200
200
200
404