%% You should probably cite draft-ietf-websec-frame-options instead of this I-D. @techreport{gondrom-frame-options-01, number = {draft-gondrom-frame-options-01}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-gondrom-frame-options/01/}, author = {Tobias Gondrom}, title = {{HTTP Header Frame Options}}, pagetotal = 9, year = , month = , day = , abstract = {To improve the protection of web applications against Cross Site Request Forgery (CSRF) and Clickjacking this standards defines a http response header that declares a policy communicated from a host to the client browser whether the transmitted content MUST NOT be displayed in frames of other pages from different origins or a list of trusted origins which are allowed to frame the content.}, }