What can the website owner see?
Basically everything.
If the XSS vector (<script>alert(1)</script>
in your case) is part of:
- HTTP headers (including cookies)
- URL (path, query string) except the anchor part
- POST data (including uploaded files)
Then the website owner is able to see it.
If your XSS vector is client-side only, then the website owner may still log it if Content-Security-Policy has been configured to log attacks.
How to test XSS without being spotted?
Don't, unless if you have been permitted to do so.
Run your own vulnerable webserver
Running your own webserver is not that hard:
echo "<?php echo $_GET['xss'];" > index.php
php -S 0.0.0.0:80
This will start a webserver available at http://localhost/.
Known vulnerable applications
Also, check out some projects like Damn Vulnerable Web Application, created to help people learn some vulnerabilites.
Moreover, for XSS, there exists a lot of resources to learn them: