Environment Variables

These are the names of environment variables commonly accessible to Perl. Al of these variables depend on either the server or the client (the latter as interpreted by the server), so they may not be available on all systems and their exact return values may vary.

In general, these should be used for development purposes only and should not be exposed to the user. In some instances, the output reveals information that could be misused.


Data passed in the headers to the server, most often when a POST method is used to retrieve a resource.


Echoes the document root of the current site as set in the httpd.config file.

WARNING: Exposing the full server path to the user is unwise.


Indicates the gateway version, typically CGI/1.1


These indicate the content types the client will accept. This varies according to the client software, and can be useful to discover (or eliminate) a potential cause of client-side problems.


These indicate the MIME types the client will accept. This varies according to the client software, and can be useful to discover (or eliminate) a potential cause of client-side problems.


Indicates the language expected by the client software. In theory, this can be useful for developing a site that will detect users' language preferences (as set in their software preferences) and return text in the proper language. In practice, it's generally better to use a default language and provide links to alternate language versions.


An indication to the client or a proxy how long to keep the resource in cache. A value of max-age=0 indicates the resource should not be cached at all. However, the client software will decide whether to accept or disregard the value specified by the server.


The type of connection. I haven't used this, and have never never seen anything other than keep-alive.


The content of a client-side "cookie" pertaining to the present server.


The name of the host from which the request was made. It is usually the address of the current server's document root, but that may be different if any redirection occurred.

I've found this useful in writing portable code for multiple servers (no need to set a configuration variable if you use this.)


Indicates the date on which the requested resource was last modified. Note that if you upload a file without changing it, this will reflect the upload date.


The address (full URL and protocol) of a site or resource that linked to the current script, provided it is passed. The typo ("referer" instead of "referrer" is not mine - it's actually coded that way in the protocol.


The user-agent string passed from the client, useful in browser detection.


An indication of whether "Secure" protocol is being used. Echoes "on" if so. I've only used this to confirm a secure connection when passing highly sensitive data (to prevent it from being sent via an unencrypted channel).


The system path for the server software. I've never found it useful.

WARNING: Exposing the location of the server software to the user is unwise.


The value of the query string, most often seen when a GET method is used to execute a CGI script.


The IP address of the user or proxy. This can be useful to permit or deny access to users based on their IP address.


The host name of the user or proxy. This is not quite as useful as the REMOTE_ADDR because it depends on the server to resolve the remote host's name based (which it may not do).


The port to which data should be returned to the user or proxy.


If the user has logged in using HTTP authentication, this value will contain their username (for every request placed).


The HTTP request method for retrieving the resource - most often GET or POST


The path to the current resource from the document root.


The path to the current resource from the server root.

WARNING: Exposing the full path information to the user is unwise.


The path to the current resource from the document root - same as the REQUEST_URI unless redirection has occurred


The server's IP address, which may be useful if a server is multi-homed and/or a script is meant to be installed on multiple sites.


The e-mail address of the server administrator as specified in the httpd.conf file.

WARNING: It is unwise to expose this to users on a public server, as spammers feed on it. In fact, it's a good idea to change the address in the httpd.conf file to something bogus.


The domain name under which the request was placed. Useful when a server is multi-homed and a script is accessible under multiple names.


The port through which the server received the request. Useful in to discover (or eliminate) a potential cause of client-side problems.


The protocol version the server expects, typically HTTP/1.1


Usage of this variable varies widely. In some instances, it is a digital signature; in others, it is simply text or HTML clode identified as a "signature" for the server.


The name and version of the server software.

WARNING: It is unwise to reveal this information to users.


The username under which the script is executed. This is most often the username for the account, so do not show it to the user.

WARNING: It is very unwise to reveal this information to users, as this often corresponds to the username that's used to log into the server.


And finally

This is online for my own use and reference, but feel to snag it if you think it would be useful. It's a trifle and I don't expect to be credited or compensated in any way ... but nor does it come with any sort of guarantee.