HTTP Header Frame Options
draft-gondrom-frame-options-01

The information below is for an old version of the document
Document Type Expired Internet-Draft (individual)
Last updated 2011-03-14 (latest revision 2011-03-07)
Replaced by draft-ietf-websec-frame-options
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-gondrom-frame-options-01.txt

Abstract

To improve the protection of web applications against Cross Site Request Forgery (CSRF) and Clickjacking this standards defines a http response header that declares a policy communicated from a host to the client browser whether the transmitted content MUST NOT be displayed in frames of other pages from different origins or a list of trusted origins which are allowed to frame the content.

Authors

Tobias Gondrom (tobias.gondrom@gondrom.org)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)