This tests that a malformed X-XSS-Protection header is not ignored and an error is reported when the mode= token is invalid.