Facebook's widgets all require Javascript to load and that Javascript comes from Facebook itself. However, your server is sending a header which is explicitly telling the browser not to load external Javascript files.
This is not only affecting Facebook, but it also looks like your Google Analytics and other features are being denied. The javascript errors look like:
The problematic header is shown here:
x-content-security-policy:default-src 'self' 'unsafe-inline'
That tag is telling the browser to only load Javascript files from the current domain and that inline Javascript is ok. External Javascript will be denied.
In addition to the above, there are other Javascript errors you can see in the console. I'm unsure if those are also problematic for loading the Facebook buttons, but you'll need to fix that header tag first.
I hope that helps get you started,
Alex