- Nikto v2.6.0
---------------------------------------------------------------------------
+ Target IP:          54.237.226.164
+ Target Hostname:    netflix.com
+ Target Port:        80
+ Platform:           Unknown
+ Start Time:         2026-05-16 06:11:15 (GMT-4)
---------------------------------------------------------------------------
+ Server: No banner retrieved
+ Multiple IPs found: 54.237.226.164, 52.3.144.142, 3.230.129.93, 2600:1f18:631e:2f85:93a9:f7b0:d18:89a7, 2600:1f18:631e:2f83:49ee:beaa:2dfd:ae8f, 2600:1f18:631e:2f84:4f7a:4092:e2e9:c617
+ [999986] /: Retrieved via header: 1.1 i-06d528971af14d5fb (us-east-1).
+ [999100] /: Uncommon header(s) 'x-netflix.proxy.execution-time' found, with contents: 2.
+ [999100] /: Uncommon header(s) 'x-netflix-headerandcookie.profileguid.match' found, with contents: NA.
+ [999100] /: Uncommon header(s) 'x-netflix.nfstatus' found, with contents: 1_21.
+ [999100] /: Uncommon header(s) 'x-netflix-cookieandmsl.profileguid.match' found, with contents: NA.
+ [999100] /: Uncommon header(s) 'x-originating-url' found, with contents: http://netflix.com/.
+ [999100] /: Uncommon header(s) 'x-netflix-headerandmsl.profileguid.match' found, with contents: NA.
+ No CGI Directories found (use '-C all' to force check all possible dirs). CGI tests skipped.
+ [95] /images: Cookie nfvdid created without the httponly flag. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+ [999979] /images: IP address found in the 'x-originating-url' header. The IP is "100.95.87.214". See: https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed
+ [013587] /: Suggested security header missing: permissions-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
+ [013587] /: Suggested security header missing: referrer-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+ [013587] /: Suggested security header missing: content-security-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+ [999100] /backup.jks: Uncommon header(s) 'x-envoy-decorator-operation' found, with contents: lo_svc_http.
+ [999100] /backup.jks: Uncommon header(s) 'x-netflix.execution-time' found, with contents: .
+ [999100] /backup.jks: Uncommon header(s) 'x-netflix.request.toplevel.uuid' found, with contents: 947329e1-0af5-4cdf-9fe7-a29784d18d54-80870557.
+ [999100] /backup.jks: Uncommon header(s) 'x-envoy-upstream-service-time' found, with contents: 1.
+ [999100] /backup.jks: Uncommon header(s) 'x-b3-traceid' found, with contents: 6a0842d7ba71a1e96ddffcc7a7e8fe77.
+ [999100] /backup.jks: Uncommon header(s) 'x-request-id' found, with contents: 484cabce-b3a8-4b6f-bb7b-57a0ab9af5af.
+ [999990] OPTIONS: Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, SCRIPT .
+ [400001] HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server.
+ [400000] HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server.
+ Scan terminated: 0 errors and 21 items reported on the remote host
+ End Time:           2026-05-16 06:12:16 (GMT-4) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested