%% You should probably cite rfc7034 instead of this I-D.
@techreport{ietf-websec-x-frame-options-12,
    number =    {draft-ietf-websec-x-frame-options-12},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-websec-x-frame-options/12/},
    author =    {David Ross and Tobias Gondrom},
    title =     {{HTTP Header Field X-Frame-Options}},
    pagetotal = 14,
    year =      2013,
    month =     aug,
    day =       27,
    abstract =  {To improve the protection of web applications against clickjacking, this document describes the X-Frame-Options HTTP header field, which declares a policy, communicated from the server to the client browser, regarding whether the browser may display the transmitted content in frames that are part of other web pages.},
}