Because microsoft internet explorer and microsoft edge don't support content security policy version 2 or, in case of IE, don't support it at all I would like to change the content security policy based on the user agent. This is fairly simple with PHP but I would like to do this with .htaccess file. The question is; is this possible and how. So far I found lots of rewrite rules but no mod_headers doing this.
Searching for something like this:
Header set Content-Security-Policy: ...
<UserAgentMatch "(Edge|Internet Explorer)$">
Header unset Content-Security-Policy
</UserAgentMatch>
Anyone have an idea how I can do this and if its possible?
UPDATE:
The answer of Walf gives an internal server error but after some finetuning resulted in a solution. For those looking for the same see code below.
<If "%{HTTP_USER_AGENT} !~ /(MSIE|Edge)s*/i">
header always set Content-Security-Policy "..."
</If>
Tried setting the header only if it's not those browsers?
<If "%{HTTP_USER_AGENT} !~ /\s+(?:MSIE\s+\d|Edge\/)/">
Content-Security-Policy: ...
</If>