Do I understand you correctly, that you intercept a response sent from AEM to the browser and you inject some JS there? That would be a man-in-the-middle attack.
Actually, I don't think that this is a valid attack vector. You should use TLS to secure the connection and to detect any man-in-the-middle. Also I don't think that there as way to mitigate this attack, because any MITM can modify all content, and inject custom code everywhere. And there's no way to prevent that on the server-side. And using a TLS connection is the only way to prevent this attack.