81 protect against xss

[coisu]

escaped all the strings returning to response. for XSS added more security headers in settings.py excluded some unnecessary data on response