further improvements to RESTful API: enforce security headers across all HTTP responses properly and make consistent responses across methods (#297)