This tests that the X-XSS-Protection header is not ignored when the first character is not 0 or 1, and that we issue an error.