This tests that the X-XSS-Protection header is not ignored when there is an invalid directive, and we issue an error