X-Xss-Protection "0" script demo

Sponsored by: Want to sponsor my site? Click here for more info!

Visit this page using this link (note: the page should not load, hit back after testing):

https://scotthelme.co.uk/x-xss-protection-0-demo/?foo=%3Cscript%20src=%22https://example.com/does-not-exist.js%22%3E%3C/script%3E

The XSS filter is disabled so you should see the script being requested in dev tools.

The offending script:

<script src="https://example.com/does-not-exist.js"></script>