See Main Servlet on how to protect this servlet.
json.servlet.hosts.allowed= json.servlet.https.required=false