datatracker.ietf.org
Sign In
Version 4.51.p2, 2013-06-11
Report a bug

HTTP Header Frame Options
draft-ietf-websec-frame-options-00

Expired Internet-Draft (websec WG)
Document Stream: IETF
Last updated: 2012-07-06
Replaces: draft-gondrom-frame-options
Intended RFC status: (None)
Other versions: (expired, archived): plain text, pdf, html
IETF State: Parked WG Document (websec)
Document shepherd:(None)
Shepherd writeup
Consensus:Unknown
IESG State: Expired
Responsible AD: (None)
Send notices to: No addresses provided

This Internet-Draft is no longer active. Unofficial copies of old Internet-Drafts can be found here:
http://tools.ietf.org/id/draft-ietf-websec-frame-options.

Abstract:
To improve the protection of web applications against Clickjacking this standards defines a http response header that declares a policy communicated from a host to the client browser whether the transmitted content MUST NOT be displayed in frames of other pages from different origins which are allowed to frame the content.

Authors:
David Ross
Tobias Gondrom <tobias.gondrom@gondrom.org>

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid)