- Nikto 
---------------------------------------------------------------------------
+ Multiple IPs found: 104.21.59.53, 172.67.214.144, 2606:4700:3031::ac43:d690, 2606:4700:3034::6815:3b35
+ Target IP:          104.21.59.53
+ Target Hostname:    bykea.com
+ Target Port:        80
+ Start Time:         2025-09-09 10:36:53 (GMT-7)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: Uncommon header 'speculation-rules' found, with contents: "/cdn-cgi/speculation".
+ /: Uncommon header 'message-for-security-folks' found, with contents: Found a vulnerability? Check out Bykea's bug bounty program at bykea.com/security.
+ /: Uncommon header 'server-timing' found, with contents: cfL4;desc="?proto=TCP&rtt=1826&min_rtt=1089&rtt_var=1764&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2737&recv_bytes=564&delivery_rate=1329660&cwnd=32&unsent_bytes=0&cid=0000000000000000&ts=0&x=0".
+ /: An alt-svc header was found which is advertising HTTP/3. The endpoint is: ':443'. Nikto cannot test HTTP/3 over QUIC. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/alt-svc
+ Root page / redirects to: https://bykea.com/
+ /robots.txt:X-Frame-Options header is deprecated and has been replaced with the Content-Security-Policy HTTP header with the frame-ancestors directive instead. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ /: Uncommon header 'proxy-status' found, with contents: Cloudflare-Proxy;error=http_request_error.
+ /ca//\\../\\../\\../\\../\\../\\../\\windows/\\win.ini: IP address found in the 'content-security-policy-report-only' header. The IP is "1.0.1.1". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed
+ Scan terminated: 0 error(s) and 7 item(s) reported on remote host
+ End Time:           2025-09-09 10:37:54 (GMT-7) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested