HTTP response headers of current page
Cookie information
refering page
URL
SSL, certificate chain (eg: which Issuer for the current session)
Certificate revocation status
any data about the site that did not come from the site
configured trust roots
browser history, bookmarks, accumulated user agent state?
reputation service
past introductions from friends (eg: in email)
redirection path
HTML page? (eg: spam filter like techniques)
The target URI for a pending request.
IP address
Country of origin for IP address
A blacklist of evil IP addresses.
Your current ISP?
Information from external devices (eg: phone call)
Certificate continuity (Browser has encountered the certificate in the past)
Shared secret knowledge (eg: a picture, or a password)
personalization (eg: account history, user's full name)
Shared public knowledge (eg: mother's maiden name, zip code) (ANTI-PATTERN)
Does the page contain active content? (eg: Javascript)
Does the page contain content sourced from distinct servers?
Does the page come from the intranet or the Internet?
Has the page completed loading?
HTTP content in an HTTPS page