Hey Pradhyumn
Maybe one of the security eel helpers could be a solution.
https://neos.readthedocs.io/en/stable/References/EelHelpersReference.html#security
Untested, but i would place one or more of them in the condition for the isJson case in the Mh:RootCase
prototype from @Marc
And then i would return 404 or whatever instead of the isHtml case.