Copy as cURL from Browser: Complete Guide 2026
Every modern browser's DevTools Network panel has a hidden superpower: Copy as cURL. In one right-click you get a perfectly reproduced command that replays any HTTP request — complete with headers, cookies, and request body — directly from your terminal. This guide covers every browser, every use case, and every way to turn that copied curl command into production-ready code.
1-click
to copy any browser request
100%
headers and cookies preserved
5
major browsers supported
10x
faster than manual API recreation
What is 'Copy as cURL'?
When your browser makes an HTTP request, it includes dozens of headers: authentication cookies, CSRF tokens, Accept-Encoding preferences, session identifiers, and more. Recreating all of these manually is tedious and error-prone.
Copy as cURL is a DevTools feature that serializes the complete HTTP request (method, URL, all headers, cookies, and body) into a single curl command that you can paste into your terminal and get identical results to what the browser received.
API debugging
Reproduce an authenticated API call outside the browser to inspect responses with jq or save them to a file.
Bug reporting
Share an exact reproduction of a failing network request with a backend engineer or support team.
Automation scripting
Use the copied curl as a starting point for shell scripts, CI health checks, or load tests.
Code generation
Paste into a curl-to-code converter to generate Python, JavaScript, Go, or any language SDK call.
How to Copy as cURL in Chrome
Open DevTools
Press F12 (Windows/Linux) or Cmd+Option+I (macOS). Alternatively right-click on the page and select "Inspect".
Go to the Network tab
Click the "Network" tab in the DevTools panel. If no requests are showing, reload the page with DevTools open.
Find the request
Click on the API request you want to reproduce. Use the filter bar to search by URL or filter by "Fetch/XHR" to show only API calls.
Right-click and copy
Right-click on the request row. Hover over "Copy". You will see several options.
Choose your format
Select "Copy as cURL (bash)" for Unix/macOS/Linux or "Copy as cURL (cmd)" for Windows Command Prompt.
Chrome Copy options explained
How to Copy as cURL in Firefox, Edge, and Safari
| Item | Browser | Steps |
|---|---|---|
| Firefox | Firefox | F12 → Network tab → right-click request → "Copy Value" → "Copy as cURL" |
| Edge | Edge (Chromium) | F12 → Network tab → right-click → Copy → "Copy as cURL (bash)" |
| Safari | Safari | Develop → Show Web Inspector → Network → right-click → "Copy as cURL" |
| Brave | Brave | Same as Chrome (Chromium-based) |
| Arc | Arc | Same as Chrome (Chromium-based) |
Enable Safari Developer menu
Anatomy of a Copied cURL Command
Understanding what each part does helps you modify the command for your specific needs.
curl 'https://api.example.com/v2/users/me' \
-H 'authority: api.example.com' \
-H 'accept: application/json, text/plain, */*' \
-H 'accept-language: en-US,en;q=0.9' \
-H 'authorization: Bearer eyJhbGciOiJSUzI1NiJ9...' \
-H 'content-type: application/json' \
-H 'cookie: session_id=abc123; csrf_token=xyz789' \
-H 'origin: https://app.example.com' \
-H 'referer: https://app.example.com/dashboard' \
-H 'sec-ch-ua: "Chromium";v="122"' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'sec-fetch-dest: empty' \
-H 'sec-fetch-mode: cors' \
-H 'sec-fetch-site: same-site' \
-H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)' \
--compressedauthority header
HTTP/2 pseudo-header indicating the host. Safe to remove if the server does not require it.
authorization header
Your Bearer token or session credential. This is what lets the request succeed — keep it secret.
cookie header
Session cookies from the browser. These often expire — the curl will stop working when cookies expire.
sec-fetch-* headers
Browser security metadata. Most APIs ignore these. Safe to remove when cleaning up scripts.
--compressed flag
Tells curl to accept gzip/deflate-encoded responses and decompress them. Usually safe to keep.
referer / origin
Some APIs validate these for CSRF protection. If removing them breaks the request, put them back.
Cleaning Up the Copied Command
Copied curl commands are verbose. For production scripts, strip browser-specific headers that the API does not need.
Raw copied (fragile)
# Raw copied curl — overly verbose, fragile, leaks browser fingerprint
curl 'https://api.example.com/users' \
-H 'authority: api.example.com' \
-H 'accept: */*' \
-H 'accept-language: en-US,en;q=0.9' \
-H 'authorization: Bearer $TOKEN' \
-H 'sec-ch-ua: "Chromium";v="122"' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'sec-ch-ua-platform: "macOS"' \
-H 'sec-fetch-dest: empty' \
-H 'sec-fetch-mode: cors' \
-H 'sec-fetch-site: same-site' \
-H 'user-agent: Mozilla/5.0 ...' \
--compressedCleaned up (portable)
# Cleaned curl — minimal, portable, uses environment variable for token
curl -sS \
-H "Authorization: Bearer $TOKEN" \
-H "Accept: application/json" \
"https://api.example.com/users" \
| jqHandling Cookies and Sessions
Quick fact
Cookies in copied curl commands expire when the browser session ends. For long-running scripts, use API tokens instead of cookie-based auth.
Short-lived testing (OK to use cookies)
If you just need to test a request right now, the copied command with cookies will work for minutes to hours.
# Paste and run immediately — cookies are still valid
curl 'https://app.example.com/api/data' \
-H 'cookie: session=abc123' \
| jq '.data'Save cookies to file for reuse
Use curl -c to write cookies and -b to read them back on subsequent requests.
# Save cookies during login
curl -sS -c /tmp/cookies.txt -X POST \
-d '{"email":"user@example.com","password":"secret"}' \
"https://app.example.com/api/auth/login" | jq
# Reuse cookies in subsequent requests
curl -sS -b /tmp/cookies.txt "https://app.example.com/api/me" | jqPrefer API tokens for scripts
Most APIs offer API keys or OAuth tokens that do not expire hourly. Use these for any automation.
export API_TOKEN=$(curl -sS -X POST \
-d '{"email":"user@example.com","password":"secret"}' \
"https://app.example.com/api/auth/token" | jq -r '.token')
curl -sS -H "Authorization: Bearer $API_TOKEN" \
"https://app.example.com/api/data" | jqConverting Copied cURL to Other Languages
Once you have a working curl command, you often want to convert it to Python, JavaScript, or another language for use in a codebase.
# Original copied curl
curl 'https://api.github.com/repos/octocat/hello-world' \
-H 'Authorization: Bearer ghp_abc123' \
-H 'Accept: application/vnd.github+json'# Converted to Python requests
import requests
headers = {
'Authorization': 'Bearer ghp_abc123',
'Accept': 'application/vnd.github+json',
}
response = requests.get(
'https://api.github.com/repos/octocat/hello-world',
headers=headers
)
data = response.json()
print(data['stargazers_count'])// Converted to JavaScript fetch
const response = await fetch('https://api.github.com/repos/octocat/hello-world', {
headers: {
'Authorization': 'Bearer ghp_abc123',
'Accept': 'application/vnd.github+json',
},
});
const data = await response.json();
console.log(data.stargazers_count);Common Issues and Fixes
CSRF tokens expire
| Item | Problem | Solution |
|---|---|---|
| 401 Unauthorized | 401 Unauthorized | Session token or cookie has expired. Redo the login flow and copy again. |
| 403 Forbidden | 403 Forbidden | CSRF token expired or IP restriction active. Try refreshing and copying again. |
| 404 Not Found | 404 Not Found | Check the URL — query parameters may be URL-encoded differently in the shell. |
| Empty response | Empty response | Missing Accept header. Add -H "Accept: application/json". |
| Works in browser, fails in curl | Works in browser | A required cookie or header is missing. Compare using -v flag and browser Network headers. |
| Garbled output | Garbled output | Response is gzip-encoded. Add --compressed to the curl command. |
Copy as Fetch: The JavaScript Alternative
Chrome and Firefox also offer Copy as Fetch, which generates a fetch() call instead of curl. This is useful when you want to reproduce the request in a Node.js script or browser console.
// Generated by "Copy as Fetch" in Chrome DevTools
fetch("https://api.example.com/users/me", {
"headers": {
"accept": "application/json",
"authorization": "Bearer eyJhbGciOiJSUzI1NiJ9...",
"content-type": "application/json"
},
"method": "GET"
});Advanced Use Cases
Load testing baseline
Copy a complex authenticated request and use it as the baseline for load tests with tools like k6 or Apache Bench.
Webhook debugging
Capture an incoming webhook payload in browser, copy as curl, then replay it against localhost during development.
Mobile API reverse engineering
Use Charles Proxy or mitmproxy to capture mobile app requests, export as curl, and analyze the API.
GraphQL queries
Copy as cURL works perfectly for GraphQL — the query is in the JSON body. Paste into a curl command and add | jq to explore the response.
Frequently Asked Questions
Copy as cURL is your fastest debugging shortcut