Help me convert this curl request to a Req.get! request?

This curl request works:

curl --location --request GET '' \
--header 'sec-ch-ua: "Brave";v="107", "Chromium";v="107", "Not=A?Brand";v="24"' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-ch-ua-platform: "Windows"' \
--header 'Upgrade-Insecure-Requests: 1' \
--header 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36' \
--header 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8' \
--header 'Sec-GPC: 1' \
--header 'Cookie: TealeafAkaSid=JA-JSAXRCLjKYhjV9IXTzYUbcV1Lnhqf; sapphire=1; visitorId=0184E4601D5A020183FFBB13380347CE; GuestLocation=33196|25.660|-80.440|FL|US'

I attempted to convert this to a Req.get! request, but I get an accessDenied error from the server.

    req_url =

    headers = %{
      "sec-ch-ua" => "\"Brave\";v=\"107\", \"Chromium\";v=\"107\", \"Not=A?Brand\";v=\"24\"",
      "sec-ch-ua-mobile" => "?0",
      "sec-ch-ua-platform" => "Windows",
      "Upgrade-Insecure-Requests" => 1,
      "User-Agent" =>
        "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36",
      "Accept" =>
      "Sec-GPC" => 1,
      "Cookie" =>
        "TealeafAkaSid=JA-JSAXRCLjKYhjV9IXTzYUbcV1Lnhqf; sapphire=1; visitorId=0184E4601D5A020183FFBB13380347CE; GuestLocation=33196|25.744|-80.292|FL|US"

    html = Req.get!(req_url, headers: headers, follow_redirects: true)


  status: 403,
  headers: [
    {"connection", "close"},
    {"content-length", "32"},
    {"server", "Varnish"},
    {"retry-after", "0"},
    {"content-type", "application/json"},
    {"accept-ranges", "bytes"},
    {"date", "Tue, 06 Dec 2022 00:28:18 GMT"},
     "TealeafAkaSid=JA-JSAXRCLjKYhjV9IXTzYUbcV1Lnhqf; Expires=Thu, 05 Jan 2023 00:28:18 GMT; Path=/;;"},
    {"clientgeo", "US"},
    {"clientip", ""},
    {"x-frame-options", "SAMEORIGIN"},
    {"content-security-policy", "frame-ancestors 'self' https://*;"},
    {"x-xss-protection", "1; mode=block"},
    {"x-content-type-options", "nosniff"},
    {"referrer-policy", "no-referrer-when-downgrade"},
    {"strict-transport-security", "max-age=31536000; includeSubDomains"},
    {"cache-control", "no-cache"}
  body: %{"accessDenied" => ""},
  private: %{}

What am I doing wrong trying to convert this working curl into an Elixir Req.get! request? Thank you!


A workaround for now is I can just call curl with System.cmd but I don’t know how that would affect the performance of my app.

Does anyone know the downsides of doing it this way?

command = "curl"

params = [
  "sec-ch-ua: \"Brave\";v=\"107\", \"Chromium\";v=\"107\", \"Not=A?Brand\";v=\"24\"",
  "sec-ch-ua-mobile: ?0",
  "sec-ch-ua-platform: \"Windows\"",
  "Upgrade-Insecure-Requests: 1",
  "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36",
  "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8",
  "Sec-GPC: 1",
  "Cookie: TealeafAkaSid=JA-JSAXRCLjKYhjV9IXTzYUbcV1Lnhqf; sapphire=1; visitorId=0184E4601D5A020183FFBB13380347CE; GuestLocation=33196|25.660|-80.292|FL|US"


in your non working example you are creating the headers as a map. But according to the Req documentation your need to define the headers as a list of tuples of two binaries.

headers = [{binary, binary}]

Hope that helped?!

I get accessDenied for the curl you’ve provided.

Maybe the problem is that Req doesn’t override useragent header. It just duplicates it.

For example,

Req.get "http://localhost:3000", headers: %{"User-Agent" => "MOZ"}


GET / HTTP/1.1
host: localhost:3000
user-agent: MOZ
user-agent: req/0.3.2
accept-encoding: gzip, deflate

Just tested. Map works correctly

You can just use user_agent as an option, not as a header

For example,

Req.get!("http://localhost:3000", user_agent: "foo")
GET / HTTP/1.1
host: localhost:3000
user-agent: foo
accept-encoding: gzip, deflate
1 Like

Req treats headers case sensitively and expects (like http2 requires) folks to use lower-case. It sets user-agent by default, so if you set User-Agent too, you’d get both.

That’s not the root cause though. It looks like Mint is sending a request that the server does not allow. The headers don’t seem to matter.

Mix.install([:hackney, :mint, :castore])

url =

{:ok, status, _headers, _ref} = :hackney.request(url)
# status #=> 200

{:ok, conn} = Mint.HTTP.connect(:https, "", 443)
url = String.trim_leading(url, "")
{:ok, conn, _ref} = Mint.HTTP.request(conn, "GET", url, [], "")

receive do
  message ->
    {:ok, _conn, responses} =, message)
|> dbg

# {:status, #Reference<0.944912404.956301313.218177>, 403}
# (...)

if someone could investigate this further and maybe report to GitHub - elixir-mint/mint: Functional HTTP client for Elixir with support for HTTP/1 and HTTP/2 🌱 that’d be appreciated.