This tests that the X-XSS-Protection header is not ignored when there is an incomplete report url following mode=block, and we issue an error