Variable Description
ALL_HTTP All HTTP headers sent by the client.
ALL_RAW Retrieves all headers in the raw-form. The difference between ALL_RAW and ALL_HTTP is that ALL_HTTP places an HTTP_ prefix before the header name and the header-name is always capitalized. In ALL_RAW the header name and values appear as they are sent by the client.  
APPL_MD_PATH Retrieves the metabase path for the (WAM) Application for the ISAPI DLL.
APPL_PHYSICAL_PATH Retrieves the physical path corresponding to the metabase path. IIS converts the APPL_MD_PATH to the physical (directory) path to return this value.
AUTH_PASSWORD The value entered in the client's authentication dialog. This variable is only available if Basic authentication is used.  
AUTH_TYPE The authentication method that the server uses to validate users when they attempt to access a protected script.
AUTH_USER Raw authenticated user name.  
CERT_COOKIE Unique ID for client certificate, Returned as a string. Can be used as a signature for the whole client certificate.
CERT_FLAGS bit0 is set to 1 if the client certificate is present.
bit1 is set to 1 if the Certifying Authority of the client certificate is invalid (not in the list of recognized CA on the server).

CERT_ISSUER Issuer field of the client certificate (O=MS, OU=IAS, CN=user name, C=USA).
CERT_KEYSIZE Number of bits in Secure Sockets Layer connection key size. For example, 128.
CERT_SECRETKEYSIZE Number of bits in server certificate private key. For example, e.g. 1024.
CERT_SERIALNUMBER Serial number field of the client certificate.
CERT_SERVER_ISSUER Issuer field of the server certificate.
CERT_SERVER_SUBJECT Subject field of the server certificate.
CERT_SUBJECT Subject field of the client certificate.
CONTENT_LENGTH The length of the content as given by the client.  
CONTENT_TYPE The data type of the content. Used with queries that have attached information, such as the HTTP queries GET, POST, and PUT.
GATEWAY_INTERFACE The revision of the CGI specification used by the server. The format is CGI/revision.  
HTTP_<HeaderName> The value stored in the header HeaderName. Any header other than those listed in this table must be prefixed by HTTP_ in order for the ServerVariables collection to retrieve its value.
Note  The server interprets any underscore (_) characters in HeaderName as dashes in the actual header. For example if you specify HTTP_MY_HEADER, the server searches for a header sent as MY-HEADER.

HTTPS Returns ON if the request came in through secure channel (SSL) or it returns OFF if the request is for a non-secure channel.
HTTPS_KEYSIZE Number of bits in Secure Sockets Layer connection key size. For example, 128.
HTTPS_SECRETKEYSIZE Number of bits in server certificate private key. For example, 1024.
HTTPS_SERVER_ISSUER Issuer field of the server certificate.
HTTPS_SERVER_SUBJECT Subject field of the server certificate.
INSTANCE_ID The ID for the IIS instance in textual format. If the instance ID is 1, it appears as a string. You can use this variable to retrieve the ID of the Web-server instance (in the metabase) to which the request belongs.
INSTANCE_META_PATH The metabase path for the instance of IIS that responds to the request.
LOCAL_ADDR Returns the Server Address on which the request came in. This is important on multi-homed machines where there can be multiple IP addresses bound to a machine and you want to find out which address the request used.
LOGON_USER The Windows NT® account that the user is logged into.
PATH_INFO Extra path information as given by the client. You can access scripts by using their virtual path and the PATH_INFO server variable. If this information comes from a URL, it is decoded by the server before it is passed to the CGI script.
PA