This tests that the X-XSS-Protection header is not ignored when there is an duplicate mode directive, and we issue an error