| Cache-Control | no-cache, no-store, must-revalidate |
| Content-Type | text/html; charset=utf-8 |
| Content-Encoding | gzip |
| Expires | Sun, 07 Aug 2016 12:20:08 GMT |
| Last-Modified | Sun, 07 Aug 2016 11:50:08 GMT |
| Strict-Transport-Security | max-age=31536000 |
| Content-Security-Policy | default-src 'unsafe-inline' 'unsafe-eval' data: *.chloe.com *.chloe.cn *.yoox.biz *.tagcommander.com players.brightcove.net *.brightcove.com secure.gravatar.com seal.geotrust.com sealserver.trustwave.com code.jquery.com *.g.doubleclick.net *.akamaihd.net secure.social.yoox.it scontent.cdninstagram.com www.facebook.com cdnjs.cloudflare.com *.applemusic.com *.typekit.net opengraphprotocol.org ogp.me vjs.zencdn.net engage.commander1.com *.pinterest.com *.online-metrix.net *.d.aa.online-metrix.net googleadservices.com *.googleadservices.com tracker.marinsm.com bs.serving-sys.com s.yimg.jp *.googleapis.com *.gstatic.com *.google.com *.google.it *.google-analytics.com *.api.baidu.com *.baidu.com; frame-ancestors *.chloe.com *.chloe.cn; report-uri https://c2rg5eauc1.execute-api.eu-west-1.amazonaws.com/prod/cspreport |
| ORIGIN | etchloe01 |
| Pragma | no-cache |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | sameorigin |
| X-XSS-Protection | 1; mode=block |
| Connection | keep-alive |
| Vary | Accept-Encoding |