Hi @ashishkhadpe This is a feature as part of http service interface for
package management. You can block it by using a custom filter. Please
refer this thread same way you can block by implementing your own logic
as part of servlet filter.
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-security-json-extension/qaq-p/319272
Hope this helps. Regards,Rajashankar.R