Index: openacs-4/packages/acs-bootstrap-installer/installer/www/blank-master.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-bootstrap-installer/installer/www/blank-master.tcl,v
diff -u -N -r1.2.2.8 -r1.2.2.9
--- openacs-4/packages/acs-bootstrap-installer/installer/www/blank-master.tcl	12 Sep 2016 08:29:49 -0000	1.2.2.8
+++ openacs-4/packages/acs-bootstrap-installer/installer/www/blank-master.tcl	12 Sep 2016 18:08:38 -0000	1.2.2.9
@@ -73,21 +73,6 @@
     -lang en \
     -content "OpenACS version [ad_acs_version]"
 
-#
-# Add the content security policy. Since this is the blank master, we
-# are defensive and check, if the system has already support for it
-# via the CSPEnabledP kernel parameter. Otherwise users would be
-# blocked out.
-#
-if {[parameter::get -parameter CSPEnabledP -package_id [ad_acs_kernel_id] -default 0]
-    && [info commands ::security::csp::render] ne ""
-} {
-    set csp [::security::csp::render]
-    if {$csp ne ""} {
-        ns_set put [ns_conn outputheaders] Content-Security-Policy $csp
-    }
-}
-
 # Add standard javascript
 #
 # Include core.js inclusion to the bottom of the body.
@@ -256,7 +241,29 @@
 # body event handlers are converted into body_scripts
 template::get_body_event_handlers
 
+#
+# Add the content security policy. Since this is the blank master, we
+# are defensive and check, if the system has already support for it
+# via the CSPEnabledP kernel parameter. Otherwise users would be
+# blocked out.
+#
+if {[parameter::get -parameter CSPEnabledP -package_id [ad_acs_kernel_id] -default 0]
+    && [info commands ::security::csp::render] ne ""
+} {
+    set csp [::security::csp::render]
+    if {$csp ne ""} {
 
+        set ua [ns_set iget [ns_conn headers] user-agent]
+        if {[regexp {Trident/.*rv:([0-9]{1,}[\.0-9]{0,})} $ua]} {
+            set field X-Content-Security-Policy
+        } else {
+            set field Content-Security-Policy
+        }
+
+        ns_set put [ns_conn outputheaders] $field $csp
+    }
+}
+
 # Local variables:
 #    mode: tcl
 #    tcl-indent-level: 4
Index: openacs-4/www/blank-master.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/www/blank-master.tcl,v
diff -u -N -r1.56.2.9 -r1.56.2.10
--- openacs-4/www/blank-master.tcl	12 Sep 2016 08:29:49 -0000	1.56.2.9
+++ openacs-4/www/blank-master.tcl	12 Sep 2016 18:08:38 -0000	1.56.2.10
@@ -84,7 +84,15 @@
 } {
     set csp [::security::csp::render]
     if {$csp ne ""} {
-        ns_set put [ns_conn outputheaders] Content-Security-Policy $csp
+
+        set ua [ns_set iget [ns_conn headers] user-agent]
+        if {[regexp {Trident/.*rv:([0-9]{1,}[\.0-9]{0,})} $ua]} {
+            set field X-Content-Security-Policy
+        } else {
+            set field Content-Security-Policy
+        }
+
+        ns_set put [ns_conn outputheaders] $field $csp
     }
 }