It’s not on you to know every single website and what it does. All major security providers maintain a classification database of websites that they use to filter the internet. Most major corporations subscribe to those lists, as do schools (I think by law). All you would do is buy one of these services and the blacklist would be managed by them. They’re not 100% perfect, and you child will be able to find a picture of boobs if they try hard enough, but that has always been the case.

One quick and easy way is to change your DNS to 1.1.1.3, which is a public resolver Cloudflare runs which filters out adult domains. This doesn’t scale if you’ve given your child a cellular device that can connect to other networks, but in that case you shouldn’t have done that, or should secure that device with a security solution that can enforce polices across the OS.

Personally I think it should be easier for parents to be able to do this kind of thing without having to learn too much about the tech, but deciding how to raise your child and what to shelter them from is your responsibility. These products have existed for decades. Instead of forcing OS manufactures to confirm ages and identities, we should focus on making sure parents have access to easy to use parental controls.