Request ServerVariables Descriptions

ALL_HTTP

All HTTP headers that is sent by the client browser. This server variable prefixes each header with "HTTP_", capitalize it and replaces "-" with "_". What is in server variable "ALL_RAW" is what is actually sent from the browser.

ALL_RAW

All headers that is sent by the client browser. Without "HTTP_"-prefixing, capitalization or "-" to "_" replacements. This is not all server variables, this is the headers sent by the client. However some of these headers are mapped to certain server variables, for instance "HTTP_ACCEPT_ENCODING" which comes from "Accept-Encoding". There might be headers sent by the client that does not map to a server variable.

APPL_MD_PATH

Meta base path for the application for the ISAPI DLL. Note that it will be empty when running inside the ASP.NET Dev Webserver (Cassini).

APPL_PHYSICAL_PATH

Physical path to the web application root folder.

AUTH_PASSWORD

The value entered in the client's authentication dialog. This variable is available only if Basic authentication is used.

AUTH_TYPE

Authentication method that the server uses to validate users when they attempt to access a protected resource. It does not mean that the user was authenticated if AUTH_TYPE contains a value and the authentication scheme is not Basic or integrated Windows authentication. The server allows authentication schemes it does not natively support because an ISAPI filter may be able to handle that particular scheme.

AUTH_USER

The name of the user as it is derived from the authorization header sent by the client, before the user name is mapped to a Windows account. This variable is no different from REMOTE_USER. If you have an authentication filter installed on your Web server that maps incoming users to accounts, use LOGON_USER to view the mapped user name.

CERT_COOKIE

Unique ID for the client certificate, returned as a string. This can be used as a signature for the whole client certificate.

CERT_FLAGS

bit0 is set to 1 if the client certificate is present. bit1 is set to 1 if the certification authority of the client certificate is invalid (that is, it is not in the list of recognized certification authorities on the server).If bit 1 of CERT_FLAGS is set to 1, indicating that the certificate is invalid, IIS version 4.0 and later will reject the certificate. Earlier versions of IIS will not reject the certificate.

CERT_ISSUER

Issuer field of the client certificate (O=MS, OU=IAS, CN=user name, C=USA).

CERT_KEYSIZE

Number of bits in the Secure Sockets Layer (SSL) connection key size.

CERT_SUBJECT

Subject field of the client certificate.

CERT_SECRETKEYSIZE

Number of bits in server certificate private key.

CERT_SERIALNUMBER

Serial number field of the client certificate.

CERT_SERVER_ISSUER

Issuer field of the server certificate.

CERT_SERVER_SUBJECT

Subject field of the server certificate.

CONTENT_LENGTH

Length of the content sent by the client. The number of bytes in the HTTP body, not including the header. This is not a measurement of the request total size.

CONTENT_TYPE

Data type of the content sent by the client in the HTTP message body. Used with queries that have attached information such as POST and PUT. The mime type of the body of the request.

GATEWAY_INTERFACE

The revision of the CGI specification used by the server. The format is CGI/revision.

HEADER_<HeaderName>

The value stored in the header <HeaderName>. Any header other than those listed in this table must be preceded by "HEADER_" in order for the ServerVariables collection to retrieve its value. This is useful for retrieving custom headers. Unlike HTTP_<HeaderName>, all characters in HEADER_<HeaderName> are interpreted as-is. For example, if you specify HEADER_SOME_HEADER, the server searches for a request header named SOME_HEADER. It is more likely that HEADER_Some-Header will work better as header items often are named using - not _

HTTP_<HeaderName>

The value stored in the header <HeaderName>. Any header other than those listed in this table must be preceded by "HEADER_" in order for the ServerVariables collection to retrieve its value. This is useful for retrieving custom headers. The server interprets any underscore (_) characters in <HeaderName> as dashes in the actual header. For example, if you specify HTTP_SOME_HEADER, the server searches for a request header named SOME-HEADER.

HTTP_ACCEPT

Returns the value of the Accept header that contains a list of accepted formats. The values of the fields for the HTTP_ACCEPT variable are concatenated, and separated by a comma (,).

HTTP_ACCEPT_ENCODING

Returns a list of accepted encoding types

HTTP_ACCEPT_LANGUAGE

Returns a string describing the language to use for displaying content.

HTTP_CONNECTION

Returns a string describing the connection type.

HTTP_COOKIE

Returns the cookie string that was included with the request.

HTTP_HOST

Returns the name of the website. This might not be the same as SERVER_NAME depending on type of name resolution used on the Web server (IP address, host header). The name returned is from the name in the request.

HTTP_METHOD

Method used to make the request (same as REQUEST_METHOD).

HTTP_REFERER

Returns a string that contains the URL of the page that referred the request to the current page using an HTML <A> tag. Note that the URL is the one that the user typed into the browser address bar, which may not include the name of a default document. If the page is redirected, HTTP_REFERER is empty. HTTP_REFERER is not a mandatory member of the HTTP specification.

HTTP_URL

Returns the raw, encoded URL.

HTTP_USER_AGENT

Returns a string describing the browser, and it's features, that sent the request.

HTTP_VERSION

The name and version of the request protocol (the raw form of SERVER_PROTOCOL).

HTTPS

ON if the request came in through a secure channel (for example, SSL), OFF if the request came through an insecure channel.

HTTPS_KEYSIZE

Number of bits in the SSL connection key size.

HTTPS_SECRETKEYSIZE

Number of bits in the server certificate private key.

HTTPS_SERVER_ISSUER

Issuer field of the server certificate.

HTTPS_SERVER_SUBJECT

Subject field of the server certificate.

INSTANCE_ID

The ID for the IIS instance in textual format. If the instance ID is 1, it appears as a string. You can use this variable to retrieve the ID of the Web server instance (in the metabase) to which the request belongs.

INSTANCE_META_PATH

The metabase path for the instance of IIS that responds to the request.

LOCAL_ADDR

The server IP address on which the request came in. This is important when there are multiple IP addresses bound to the computer and you want to find out which IP address the request used.

LOGON_USER

The domain or computer account that the user is logged in to. This is the Windows account that the user is impersonating while connected to the web server. Use REMOTE_USER, UNMAPPED_REMOTE_USER, or AUTH_USER to view the raw user name that is contained in the request header. The only time LOGON_USER holds a different value than these other variables is if you have an authentication filter installed.

PATH_INFO

Path information as given by the client. If this information comes from a URL, it is decoded by the server before it is passed to the CGI script or ISAPI filter.

PATH_TRANSLATED

The physical path that maps to the virtual path in PATH_INFO. This variable is used by IIS during the processing of ISAPI applications.

QUERY_STRING

Query information stored in the string following the question mark (?) in the HTTP request.

REMOTE_ADDR

The IP address (shown to the internet) of the remote host that is making the request to the web server.

REMOTE_HOST

The name of the host computer that is making the request. If the web server does not have this information, it will use the REMOTE_ADDR here.

REMOTE_PORT

The client port number of the TCP connection.

REMOTE_USER

The name of the user as it is derived from the authorization header sent by the client, before the user name is mapped to a Windows account. This variable is no different from AUTH_USER. If you have an authentication filter installed on your Web server that maps incoming users to accounts, use LOGON_USER to view the mapped user name.

REQUEST_METHOD

The method used to make the request (GET, POST etc).

SCRIPT_NAME

A virtual path to the script being executed. Can be used for self-referencing URLs.

SCRIPT_TRANSLATED

The canonical physical path to the script listed in SCRIPT_NAME.

SERVER_NAME

Host name, DNS alias or IP address of the web server. This is not necesarily the computer name of the web server and it has nothing to do with the address that the request used. It is the configured name of the website.

SERVER_PORT

The server port number to which the request was sent.

SERVER_PORT_SECURE

A string that contains either 0 or 1. If the request is being handled on the secure port, then this is 1. Otherwise, it is 0.

SERVER_PROTOCOL

The name and revision of the request information protocol. The format is protocol/revision. (The canonicalized form of HTTP_VERSION.)

SERVER_SOFTWARE

The name and version of the server software that answers the request and runs the gateway. The format is name/version.

SSI_EXEC_DISABLED

Returns a 1 if the server-side include directive, #exec, is disabled. Otherwise, SSI_EXE_DISABLED returns a 0. To enable or disable #exec, use the SSIExecDisablemetabase property.

UNENCODED_URL

Returns the raw, unencoded URL

UNICODE_<ServerVariable Name>

In unicode ISAPI applications only, it is possible to retrieve server variable values as unicode values by prepending "UNICODE_" to the name of the server variable, unless the variable starts with "HTTP_" or "HEADER_".

UNMAPPED_REMOTE_USER

The name of the user as it is derived from the authorization header sent by the client, before the user name is mapped to a Windows account (same as REMOTE_USER). If you have an authentication filter installed on your Web server that maps incoming users to accounts, use LOGON_USER to view the mapped user name.

URL

Gives the base portion of the URL, without any querystring or extra path information. For the raw URL, use HTTP_URL or UNENCODED_URL.

URL_PATH_INFO

Only IIS 5.0. Use PATH_INFO instead.