Add support for IE to CSP middleware

[sibartlett]

When the user's browser is IE (NOT Edge),
the CSP header should be X-Content-Security-Policy instead of Content-Security-Policy.

Both headers can not be set at the same time, as it will cause unexpected behaviours on certain versions of browsers.

[MartinPetkov]

I forgot to uncomment the main lines. Going to fix that now.