How to add Report-To Content-Security-Policy directly in web.config

I'm trying to implement report-uri and report-to in front-end app.

report-uri:

I accomplished the goal expanding current Content-Security-Policy header value with report-uri and this is working:

<add name="Content-Security-Policy" value="default-src 'self' 'unsafe-inline' data: google.com; report-uri http://localhost:51260/api/csp/report;"/>

report-to:

Following the instructions I undertstood that I need to add two things: new Report-To header and new instruction in Content-Security-Policy so I've escaped the stringified json for report-to and added them web.config:

<add name="Report-to" value="{&quot;endpoints&quot;:[{&quot;url&quot;:&quot;https://localhost:51260/api/csp/report-to&quot;}],&quot;include_subdomains&quot;:true,&quot;group&quot;:&quot;csp-endpoint&quot;,&quot;max_age&quot;:31536000}" />          
<add name="Content-Security-Policy" value="default-src 'self' 'unsafe-inline' data: google.com; report-uri http://localhost:51260/api/csp/report; report-to csp-endpoint;"/>

but it does not work.

Unescaped value:

{"endpoints":[{"url":"https://localhost:51260/api/csp/report-to"}],"include_subdomains":true,"group":"csp-endpoint","max_age":31536000}

For reference:

1. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri
2. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to