If you are using helm chart of community version of nginx from this link ingress-nginx then you need to use configuration-snippet in ingress resource.

annotations:
  nginx.ingress.kubernetes.io/configuration-snippet: |
    more_set_headers "Content-Security-Policy-Report-Only: policy";

as well as you need to add/modify below configurations in chart's values.yaml to make it working properly.

controller:
  allowSnippetAnnotations: true
  config:
    annotations-risk-level: Critical