Based on the error message you provided, it seems that your website's Content Security Policy (CSP) is preventing the loading of certain fonts. A Content Security Policy is a set of rules that a website owner defines to mitigate the risk of cross-site scripting (XSS) attacks. These rules specify which resources, such as scripts, stylesheets, images, and fonts, are allowed to be loaded and from where.

In your case, the specific error message indicates that the fonts being loaded violate the font-src directive defined in your Content Security Policy. The current font-src directive allows loading fonts only from 'self' (your website domain) and 'https://fonts.gstatic.com/'.

To resolve this issue, you can modify your Content Security Policy to allow loading fonts from the specified data URLs or the appropriate font sources. Here are a few steps you can take:

1. Review your current Content Security Policy configuration: Check the existing CSP configuration in your website's code or server settings. Look for the font-src directive and verify that it allows the required sources.

2. Update the font-src directive: Modify the font-src directive to allow the loading of fonts from the appropriate data URLs or font sources. In this case, you can consider adding the 'data:' scheme to the font-src directive. However, make sure to evaluate the security implications before allowing data URLs.

An example of an updated font-src directive could be: font-src 'self' https://fonts.gstatic.com/ data:

3. Test and deploy the updated Content Security Policy: After making the necessary changes, test your website thoroughly to ensure that the fonts are now being loaded correctly. If everything works as expected, deploy the updated Content Security Policy to production environment.

Note: When updating the Content Security Policy, it is essential to strike a balance between security and functionality. Be cautious when allowing data URLs and ensure that you understand the potential risks associated with this practice.

If you are unsure about modifying your Content Security Policy, it is recommended to consult a developer or security professional who can assist you in implementing the necessary changes to ensure the security of your website while allowing the required resources to load.

To allow resources with Content Security Policy (CSP), you have to specify directives in the CSP header. Directives define the types of resources, from locations they can be loaded from. Here's a basic step-by-step guide:

1. Recognize the Resource: Understand the of resource are trying to load (e.g script, stylesheet, font, image). Your error message will usually highlight what kind of resource is being blocked.

2. Identify the Source: Identify where the resource is loaded from. This can be your own domain ('self'), an external domain (https://example.com), or data URLs ('data:'). Note that 'self' doesn't include subdomains.

3. Modify the Policy: Add a directive for the resource type into your Content Security Policy. If one exists, add the source to it. Each directive can have multiple sources.

For example, if you want to allow scripts from your own domain and https://external.com, you'd have a CSP that looks like this:

Content-Security-Policy: script-src 'self' https://external.com;```

If you then want to allow fonts to be loaded from your website and from data URLs, you would add to it like this:

Content-Security-Policy: script-src 'self' https://external.com; font-src 'self' data:;

Important considerations when using CSP:

• Be specific with your sources to provide maximum security.
• If your site has subdomains, specify them individually as 'self' does not cover them.
• Policies are case-insensitive but convention is to use lower case.
• Sources can't be paths, only protocols, domains or wildcard subdomains.
• Test thoroughly after changes as CSP can stop resources loading if incorrectly configured.

Above all, keep security in mind to ensure everything you allow is from a trustworthy source.

Yes, the Content Security Policy can be adjusted on the server side. Which server-side programming language or server software you are using will determine how to go about it. Here are examples for a few common ones:

1. Apache HTTP Server: In case you use an .htaccess file, add this line replacing directives with your directives:

   Header set Content-Security-Policy "directives"

2. NGINX: Add the following line inside the server block in the NGINX configuration file:

   add_header Content-S-Policy "directives";

3. Node.js (Express.js): If you are using ExpressJS on Node.js, you can use helmet's contentSecurityPolicy middleware:

    const express = require('express');
    const helmet = require('helmet');
   
    const app = express();
   
    app.use(helmet.contentSecurityPolicy({
        directives: {
            defaultSrc: ["'self'"],
            scriptSrc: ["'self'", "https://example.com"],
            // Followed by more directives.
        }
    }));
   

4. Python (Flask): In Flask, you can set the CSP headers in this way:

   from flask import Flask
   app = Flask(__name__)
   
   @app.after_request
   def add_header(response):
       response.headers['Content-Security-Policy'] = "directives"
       return response

Replace "directives" with your actual directives. For example, if you want to allow fonts from your own domain and data: URLs, your directives should look something like this: default-src 'self'; font-src 'self' data:;

Please make sure to replace the examples above with the server technology you use. Always back up your existing configurations before making changes and thoroughly test after applying any changes. If not performed correctly, changes to these settings can prevent your site from functioning properly.