<!DOCTYPE html>
<html lang="{{ page.lang | default: site.lang | default: "en" }}">
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self'; style-src 'self' https://fonts.googleapis.com; img-src 'self' *.pickmy.org; font-src 'self' https://fonts.gstatic.com; connect-src 'self'; media-src 'self'; object-src 'self'; child-src 'self'; form-action 'none'; base-uri 'self'" />
<meta http-equiv="X-XSS-Protection"  content="1;mode=block" always>
<meta http-equiv="Referrer-Policy" content="no-referrer, strict-origin-when-cross-origin">
  {%- include head.html -%}

  <body>
    <div class="container">

      {%- include header.html -%}

    <main>
      {{ content }}
    </main>

    {%- include footer.html -%}

    </div>
  </body>
</html>