How can i add
*.xyz.com as Content Security Policy in web.config and under which node should this be added?
Do i need to add
Self as well?
How to check that the policy has been added when running the website?
Do i need to add google analytics as script source?