<add name="Content-Security-Policy-Report-Only" value=""/>

<add name="Content-Security-Policy-Report-Only" value="default-src 'self'; script-src 'self' 'unsafe-inline' ajax.aspnetcdn.com ajax.googleapis.com apis.google.com assets.pinterest.com cdnjs.cloudflare.com code.jquery.com platform.linkedin.com platform.twitter.com s7.addthis.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: log.pinterest.com ssl.google-analytics.com; font-src https://www.combibaanhengelo.nl fonts.gstatic.com www.combibaanhengelo.nl; frame-src mapsengine.google.com platform.twitter.com www.google.com www.youtube.com; report-uri https://csp-portal.bitwise.nl/ReportingEndpoint; report-to csp-endpoint'; "/>