An option to disable overrides via GET parameter

[artygus]

This library probably should not be used in production, however it's not uncommon to sacrifice security for convenience. There's a good guidance on practices to avoid security issues if devs opt-in to use it in non-dev environments, but I think that having a GET parameter that allows injection of 3rd party scripts is too permissive and easy to exploit. I believe this behavior should be disabled by default, or at least there's should be an option to disable it.

I'd appreciate any thoughts on this and will be happy to help with the PR if this proposal sounds sensible.