Route site.local/logs/messages.json
Note, that Cache-Control headers are missing in the response headers
Ideally, the web server should return the following HTTP headers in all responses
containing sensitive content:
I am also interested in this qiestion
That is a library called logster.
You can send a PR to GitHub - discourse/logster: Log viewer UI and framework for rack
Yes, I got that. The entire /logs route is handled by the aforementioned library, so you will have to hack on it.
ok thanks 
can i override methods from my custom plugin?
I think this will help in resolving the issue
add to nginx
location /logs/messages.json {
}
add_header Cache-Control "no-store";
add_header Pragma "no-cache";
How to do this through middleware?
req = Rack::Request.new(@env)
route = req.path_info.to_s
if (route == '/logs/messages.json')
#add headers
end
You could submit a PR to discourse_docker that added those headers via nginx (note: I have nothing to do with accepting a PR, but this seems reasonable).
And there is no easy way for example?
# plugin.rb
Rails.application.config.action_dispatch.default_headers.merge! ({'Cache-Control' => 'no-store'}, 'my_route_name')
or
Rails.application.config.action_dispatch.default_headers.merge! ({'Cache-Control' => 'no-store'}, '/logs/messages.json')
You have already identified the solution. You don’t need a plugin. Adding a few lines to your app.yml is easy and requires no plugin.
See Subfolder support with Docker for examples of how to modify the nginx config in the yml file.
How do I add these settings in app.yml?
I could not get 
Happened!! 
- replace:
filename: "/etc/nginx/conf.d/discourse.conf"
from: /sendfile on;/
to: |
add_header Cache-Control "no-store";
add_header Pragma "no-cache";
sendfile on;
Great! Glad you got it!
Hey @falco. Does this seem like something that should be added to the web template?
No, that should be handled in the library code.