And I can give the answer to my own question:
Our WAF was blocking some HTTP responses due to unknown header parameters. We only whitelisted request headers so far.
Whitelisting the following header parameters did the trick for us:
kbn-name
kbn-license-sig
Since the WAF was blocking responses with the header parameter "kbn-license-sig", it also explains why features that require a license were not available in Kibana.