%% You should probably cite draft-ietf-websec-x-frame-options instead of this I-D. @techreport{gondrom-x-frame-options-00, number = {draft-gondrom-x-frame-options-00}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-gondrom-x-frame-options/00/}, author = {David Ross and Tobias Gondrom}, title = {{HTTP Header X-Frame-Options}}, pagetotal = 9, year = 2012, month = mar, day = 5, abstract = {To improve the protection of web applications against Cross Site Request Forgery (CSRF) and Clickjacking this standards defines a http response header that declares a policy communicated from a host to the client browser whether the transmitted content MUST NOT be displayed in frames of other pages from different origins or a list of trusted origins which are allowed to frame the content. This drafts serves to document the existing use and specification of X-Frame-Options.}, }