The XSS Auditor refused to execute a script in 'http://XXXXX' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
That is a browser feather in secure to prevent XSS.If you wanna skip it,give a head like this from server side:
header("X-XSS-Protection: 0");