- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 54.237.226.164, 52.3.144.142, 3.230.129.93, 2600:1f18:631e:2f82:c8cd:27b2:ac:8dbf, 2600:1f18:631e:2f80:77e5:13a7:6533:7584, 2600:1f18:631e:2f84:ceae:e049:1e:6a96
+ Target IP:          54.237.226.164
+ Target Hostname:    netflix.com
+ Target Port:        80
+ Start Time:         2024-11-16 08:13:14 (GMT-5)
---------------------------------------------------------------------------
+ Server: No banner retrieved
+ /: Cookie nfvdid created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ /: Retrieved via header: 1.1 i-078981e1c23aef618 (us-east-1).
+ /: Uncommon header 'x-netflix.proxy.execution-time' found, with contents: 1.
+ /: Uncommon header 'x-originating-url' found, with contents: http://netflix.com/.
+ /: Uncommon header 'x-netflix.nfstatus' found, with contents: 1_21.
+ Root page / redirects to: https://netflix.com/
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ /clientaccesspolicy.xml contains 16 lines which should be manually viewed for improper domains or wildcards. See: https://www.acunetix.com/vulnerabilities/web/insecure-clientaccesspolicy-xml-file/
+ /crossdomain.xml contains 1 line which include the following domains: *.netflix.com . See: http://jeremiahgrossman.blogspot.com/2008/05/crossdomainxml-invites-cross-site.html
+ /ecp: Uncommon header 'x-netflix.retry.server.policy' found, with contents: {"maxRetries":2}.
+ /dump.jks: Uncommon header 'x-envoy-decorator-operation' found, with contents: lo_svc.
+ /dump.jks: Uncommon header 'x-netflix.request.toplevel.uuid' found, with contents: 063e58d7-8461-415d-a9b6-2923580d9752-56471373.
+ /dump.jks: Uncommon header 'x-request-id' found, with contents: 716a0f7b-2da7-4320-991d-a187c79a0202.
+ /dump.jks: Uncommon header 'x-envoy-upstream-service-time' found, with contents: 0.
+ /dump.jks: Uncommon header 'x-netflix.execution-time' found, with contents: 0.
+ /dump.jks: Uncommon header 'x-b3-traceid' found, with contents: 67389a8013bb2235e0da3570755f9e42.
+ OPTIONS: Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, SCRIPT .
+ HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server.
+ HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server.
+ Scan terminated: 20 error(s) and 17 item(s) reported on remote host
+ End Time:           2024-11-16 08:14:03 (GMT-5) (49 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested