%% You should probably cite rfc7034 instead of this I-D.
@techreport{ietf-websec-x-frame-options-00,
    number =    {draft-ietf-websec-x-frame-options-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-websec-x-frame-options/00/},
    author =    {David Ross and Tobias Gondrom},
    title =     {{HTTP Header X-Frame-Options}},
    pagetotal = 9,
    year =      2012,
    month =     jul,
    day =       3,
    abstract =  {To improve the protection of web applications against Clickjacking this standards defines a http response header that declares a policy communicated from a host to the client browser whether the transmitted content MUST NOT be displayed in frames of other pages from different origins which are allowed to frame the content. This drafts serves to document the existing use and specification of X-Frame-Options.},
}