Adding Content Security Plolicy to Web.Config

How can i add *.xyz.com as Content Security Policy in web.config and under which node should this be added?

Do i need to add Self as well?

How to check that the policy has been added when running the website?

Do i need to add google analytics as script source?