Skipping first outputs of the stream cipher

I remember reading somewhere that sometimes in some stream ciphers it is necessary to skip the first values they produce. I can't find any information on this right now.

But it seems to make sense. Just as a hash function needs to do many rounds before it returns a random result, the CSPRNG needs some number of iterations so that seed and key information cannot be obtained from the first results.

How do you determine how many iterations this must be? Or are there other ways to solve this problem? For the results to be random from the first iterations it would be enough to have proper initialization with a random key and seed (which can also be treated as a key). But I don't think this solves the problem of first generator results. You can still read some key properties from those first results, exactly as if you didn't do enough rounds in the hash function.

PS My idea to test how many iterations we have to skip is to treat the CSPRNG as a hash function with a key and feed it by numbers $1,2,3,...$ as a seed with some keys, especially specially selected to make them appear weak (but also with random keys). Then see if such a hash function passes statistical tests, such as PractRand. This would be a minimum condition. It still does not preclude that there will be methods of sophisticated cryptographic attacks that will pick out bits of the key from the numbers looking for PractRand as random numbers.

Most traditional stream ciphers have state $S=(s_1,\ldots,s_n)$ of size $n$ bits, a state update function $\phi:S\rightarrow S$, which is initialized by random key material, say $S_0=(k_1,\ldots,k_n)$ and the state iteration is $S_{t+1}=\phi(S_t),$ for $t=1,2,\ldots.$ They also have an output function $f:S\rightarrow \{0,1\}^\ell,$ which outputs $\ell$ bits at once. Typically we can have $\ell=1,$ or $\ell=8.$

So a certain number of iterations are required for any easily computable correlations from the key material to dissipate in the observed keystream sequence $f(S_t),f(S_{t+1}),\ldots$ (assuming known ciphertext or known plaintext and an additive cipher where plaintext is XORed with the keystream).

Traditionally the mapping $\phi$ was of the form $$ \phi(s_1,\ldots,s_n)=(s_2,\ldots,s_n,s_{n+1}),\quad s_{n+1}=g(s_1,\ldots,s_n) $$

for efficiency reasons, as in shift registers. So you'd need a constant multiple of $n$ iterations before actually using the keystream.

As in the comments, in modern stream ciphers a number of measures such as using IVs or Nonces, or using various modes of operations of stream ciphers, it is possible to use the keystream right away, without throwing any of it away. For example, if the IV is random and independent of the key and is the same bitlength as the state and it is XORed into the initial state (while being public) this has a whitening effect and makes the keystream independent of the key.