All I am trying to do is get google fonts working on my website.

The HTML I am using is:

<meta http-equiv="Content-Security-Policy" content="default-src 'self'; font-src 'self' fonts.gstatic.com/; style-src 'self' fonts.googleapis.com/ 'unsafe-inline';">

The errors in firefox and chromium:

index.php:4 Refused to load the stylesheet 'http://fonts.googleapis.com/css?family=Sriracha%7CPT+Serif' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.

Which, I obviously didn’t set, both browsers are doing this on their own, default installation of both.

Here’s the header info from the website:

[Response Headers]
Request URL: http://tuxug.com/index.php
Request Method: GET
Status Code: 200 OK
Remote Address: 134.209.163.70:80
Referrer Policy: no-referrer-when-downgrade
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 17 Dec 2020 21:19:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline'
Content-Language: en
Cache-Control: no-cache, must-revalidate, stale-while-revalidate, max-age=0, private, no-transform
Pragma: no-cache
Expires: 0

[Request Headers]
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cache-Control: max-age=0
Connection: keep-alive
Cookie: PHPSESSID=xxx
Host: tuxug.com
Referer: http://tuxug.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36

I’m at my wits’ end with this any help would be greatly appreciated