Test that setRequestHeader cannot be used to alter security-sensitive headers.

FAIL: script didn't run or raised an unexpected exception.