cURL Validator
Paste any curl command to instantly parse and validate it. Checks URL validity, HTTP method, headers, flags, data payloads, and common mistakes. Fully parsed breakdown shown below. Nothing leaves your browser.
cURL Command
Drop a .sh or .txt file here, or
Supports .sh · .txt · .curl · .bash files
⛔
Unsupported file type — drop a plain-text shell script or .txt file. You dropped a file.
Examples:
Simple GET
POST JSON
Auth header
Form data
Multiline
Validation Errors
Warnings
✓ Parsed Command
Command Breakdown
Request Headers
Request Body / Data
How It Works
1
Paste your cURL commandSingle-line or multiline (backslash-continued) commands are both supported.
2
Command analysisThe validator tokenises flags, checks for a valid URL, validates the HTTP method, inspects header formatting, and analyses the body payload.
3
Review the reportGet a pass/fail result plus a full breakdown: URL, method, headers list, body content, and all flags detected.
What Gets Validated
- Command prefix — must begin with
curl(case-insensitive). - URL presence & format — checks that a URL is present, starts with a valid scheme (
http://,https://,ftp://), and contains a host. - HTTP method — validates
-X/--requestvalues against known HTTP verbs (GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS, TRACE). - Header format — each
-H/--headervalue is checked for the requiredName: Valuecolon-separated format. - Data & body flags — detects
-d,--data,--data-raw,--data-binary,--data-urlencode, and--json; warns on conflicts. - Flag conflicts — flags mutually-exclusive options such as combining
-dwith-F, or supplying a body with aGETmethod. - Security warnings — flags
-k/--insecure(skips TLS verification) and--http1.0. - Unknown flags — unrecognised short and long flags are surfaced as warnings.
🔒 Privacy & Security
All parsing and validation runs entirely in your browser using JavaScript. Your cURL commands — including any tokens, passwords, or API keys they contain — are never sent anywhere. Suitable for commands with sensitive credentials.