diff --git a/core/modules/image/config/install/image.settings.yml b/core/modules/image/config/install/image.settings.yml
index c92db4e155..9587642f13 100644
--- a/core/modules/image/config/install/image.settings.yml
+++ b/core/modules/image/config/install/image.settings.yml
@@ -1,3 +1,4 @@
 preview_image: core/modules/image/sample.png
 allow_insecure_derivatives: false
 suppress_itok_output: false
+allowed_insecure_styles: []
diff --git a/core/modules/image/config/schema/image.schema.yml b/core/modules/image/config/schema/image.schema.yml
index 4fcb6c7c59..16e2bb9135 100644
--- a/core/modules/image/config/schema/image.schema.yml
+++ b/core/modules/image/config/schema/image.schema.yml
@@ -93,6 +93,12 @@ image.settings:
     suppress_itok_output:
       type: boolean
       label: 'Suppress the itok query string for image derivatives'
+    allowed_insecure_styles:
+      type: sequence
+      label: 'Allow insecure derivates for these image styles'
+      sequence:
+        type: string
+        label: 'Image style'

 field.storage_settings.image:
   type: field.storage_settings.file
diff --git a/core/modules/image/src/Controller/ImageStyleDownloadController.php b/core/modules/image/src/Controller/ImageStyleDownloadController.php
index 3d4ee1cc81..29646e34e4 100644
--- a/core/modules/image/src/Controller/ImageStyleDownloadController.php
+++ b/core/modules/image/src/Controller/ImageStyleDownloadController.php
@@ -102,8 +102,9 @@ public function deliver(Request $request, $scheme, ImageStyleInterface $image_st
     // The $target variable for a derivative of a style has
     // styles/<style_name>/... as structure, so we check if the $target variable
     // starts with styles/.
+    $image_config = $this->config('image.settings');
     $valid = !empty($image_style) && file_stream_wrapper_valid_scheme($scheme);
-    if (!$this->config('image.settings')->get('allow_insecure_derivatives') || strpos(ltrim($target, '\/'), 'styles/') === 0) {
+    if ((!$image_config->get('allow_insecure_derivatives') || strpos(ltrim($target, '\/'), 'styles/') === 0) && (empty($image_config->get('allowed_insecure_styles')) || !in_array($image_style->getName(), $image_config->get('allowed_insecure_styles')))) {
       $valid &= $request->query->get(IMAGE_DERIVATIVE_TOKEN) === $image_style->getPathToken($image_uri);
     }
     if (!$valid) {