<!DOCTYPE html> <html lang="{{ page.lang | default: site.lang | default: "en" }}"> <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self'; style-src 'self' https://fonts.googleapis.com; img-src 'self' *.pickmy.org; font-src 'self' https://fonts.gstatic.com; connect-src 'self'; media-src 'self'; object-src 'self'; child-src 'self'; form-action 'none'; base-uri 'self'" /> <meta http-equiv="X-XSS-Protection" content="1;mode=block" always> <meta http-equiv="Referrer-Policy" content="no-referrer, strict-origin-when-cross-origin"> {%- include head.html -%} <body> <div class="container"> {%- include header.html -%} <main> {{ content }} </main> {%- include footer.html -%} </div> </body> </html>