%% You should probably cite rfc7034 instead of this I-D.
@techreport{ietf-websec-x-frame-options-01,
    number =    {draft-ietf-websec-x-frame-options-01},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-websec-x-frame-options/01/},
    author =    {David Ross and Tobias Gondrom},
    title =     {{HTTP Header X-Frame-Options}},
    pagetotal = 9,
    year =      2012,
    month =     oct,
    day =       22,
    abstract =  {To improve the protection of web applications against Clickjacking this standard defines an http response header that declares a policy communicated from a host to the client browser on whether the browser must not display the transmitted content in frames of other web pages. This drafts serves to document the existing use and specification of X-Frame-Options.},
}