%% You should probably cite rfc7034 instead of this I-D. @techreport{ietf-websec-x-frame-options-10, number = {draft-ietf-websec-x-frame-options-10}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-websec-x-frame-options/10/}, author = {David Ross and Tobias Gondrom}, title = {{HTTP Header Field X-Frame-Options}}, pagetotal = 13, year = 2013, month = aug, day = 17, abstract = {To improve the protection of web applications against Clickjacking, this definition describes the X-Frame-Options HTTP response header field that declares a policy communicated from the server to the client browser on whether the browser may display the transmitted content in frames that are part of other web pages. This informational document serves to document the existing use and specification of this X-Frame-Options HTTP response header field.}, }