diff --git a/core/modules/image/config/install/image.settings.yml b/core/modules/image/config/install/image.settings.yml
index c92db4e..9587642 100644
--- a/core/modules/image/config/install/image.settings.yml
+++ b/core/modules/image/config/install/image.settings.yml
@@ -1,3 +1,4 @@
 preview_image: core/modules/image/sample.png
 allow_insecure_derivatives: false
 suppress_itok_output: false
+allowed_insecure_styles: []
diff --git a/core/modules/image/config/schema/image.schema.yml b/core/modules/image/config/schema/image.schema.yml
index 4fcb6c7..16e2bb9 100644
--- a/core/modules/image/config/schema/image.schema.yml
+++ b/core/modules/image/config/schema/image.schema.yml
@@ -93,6 +93,12 @@ image.settings:
     suppress_itok_output:
       type: boolean
       label: 'Suppress the itok query string for image derivatives'
+    allowed_insecure_styles:
+      type: sequence
+      label: 'Allow insecure derivates for these image styles'
+      sequence:
+        type: string
+        label: 'Image style'
 
 field.storage_settings.image:
   type: field.storage_settings.file
diff --git a/core/modules/image/src/Controller/ImageStyleDownloadController.php b/core/modules/image/src/Controller/ImageStyleDownloadController.php
index 2913b9f..5c033df 100644
--- a/core/modules/image/src/Controller/ImageStyleDownloadController.php
+++ b/core/modules/image/src/Controller/ImageStyleDownloadController.php
@@ -107,8 +107,9 @@ class ImageStyleDownloadController extends FileDownloadController {
     // The $target variable for a derivative of a style has
     // styles/<style_name>/... as structure, so we check if the $target variable
     // starts with styles/.
+    $image_config = $this->config('image.settings');
     $valid = !empty($image_style) && $this->streamWrapperManager->isValidScheme($scheme);
-    if (!$this->config('image.settings')->get('allow_insecure_derivatives') || strpos(ltrim($target, '\/'), 'styles/') === 0) {
+    if ((!$image_config->get('allow_insecure_derivatives') || strpos(ltrim($target, '\/'), 'styles/') === 0) && (empty($image_config->get('allowed_insecure_styles')) || !in_array($image_style->getName(), $image_config->get('allowed_insecure_styles')))) {
       $valid &= hash_equals($image_style->getPathToken($image_uri), $request->query->get(IMAGE_DERIVATIVE_TOKEN, ''));
     }
     if (!$valid) {