diff --git a/content/security.md b/content/security.md
index 10dfa1b..bda2613 100644
--- a/content/security.md
+++ b/content/security.md
@@ -7,7 +7,7 @@ tags = ["security", "showcase"]
 
 The default configuration of the theme gets an A+ score on [Mozilla Observatory](https://observatory.mozilla.org).
 
-This is accomplished by programatically configuring Content Security Policy (CSP) headers based on a user-defined list of allowed domains in the theme's config.toml file. Here's the default and recommended setup (you could remove the last lines if you don't want to embed videos):
+This is accomplished by programatically configuring Content Security Policy (CSP) headers based on a user-defined list of allowed domains in the theme's `config.toml` file. Here's the default and recommended setup (you could remove the last lines if you don't want to embed videos):
 
 ```
 [extra]
@@ -21,4 +21,4 @@ allowed_domains = [
 
 The allowed_domains list specifies the URLs that the website should be able to connect to, and each domain in the list is associated with a CSP directive such as `frame-src`, `connect-src`, or `script-src`. The `templates/partials/header.html` file dynamically generates the CSP header based on this list.
 
-This feature allows you to easily customize their website's security headers to allow for specific use cases, such as embedding YouTube videos, loading remote fonts ([not recommended](https://www.albertovarela.net/blog/2022/11/stop-using-google-fonts/)) or scripts.
+This feature allows you to easily customize the website's security headers to allow for specific use cases, such as embedding YouTube videos, loading remote fonts ([not recommended](https://www.albertovarela.net/blog/2022/11/stop-using-google-fonts/)) or scripts.