diff --git a/core/modules/image/config/install/image.settings.yml b/core/modules/image/config/install/image.settings.yml
index c92db4e155..9587642f13 100644
--- a/core/modules/image/config/install/image.settings.yml
+++ b/core/modules/image/config/install/image.settings.yml
@@ -1,3 +1,4 @@
 preview_image: core/modules/image/sample.png
 allow_insecure_derivatives: false
 suppress_itok_output: false
+allowed_insecure_styles: []
diff --git a/core/modules/image/config/schema/image.schema.yml b/core/modules/image/config/schema/image.schema.yml
index d3c9e980f0..957ed95640 100644
--- a/core/modules/image/config/schema/image.schema.yml
+++ b/core/modules/image/config/schema/image.schema.yml
@@ -94,6 +94,13 @@ image.settings:
       type: boolean
       label: 'Suppress the itok query string for image derivatives'
 
+allowed_insecure_styles:
+  type: sequence
+  label: 'Allow insecure derivates for these image styles'
+  sequence:
+    type: string
+    label: 'Image style'
+
 field.storage_settings.image:
   type: field.storage_settings.file
   label: 'Image settings'
diff --git a/core/modules/image/src/Controller/ImageStyleDownloadController.php b/core/modules/image/src/Controller/ImageStyleDownloadController.php
index 1df6ef1d42..03ad92a8b7 100644
--- a/core/modules/image/src/Controller/ImageStyleDownloadController.php
+++ b/core/modules/image/src/Controller/ImageStyleDownloadController.php
@@ -136,10 +136,13 @@ public function deliver(Request $request, $scheme, ImageStyleInterface $image_st
     // The $target variable for a derivative of a style has
     // styles/<style_name>/... as structure, so we check if the $target variable
     // starts with styles/.
+    $image_config = $this->config('image.settings');
     $token = $request->query->get(IMAGE_DERIVATIVE_TOKEN, '');
     $token_is_valid = hash_equals($image_style->getPathToken($image_uri), $token)
       || hash_equals($image_style->getPathToken($scheme . '://' . $target), $token);
-    if (!$this->config('image.settings')->get('allow_insecure_derivatives') || str_starts_with(ltrim($target, '\/'), 'styles/')) {
+    if ((!$image_config->get('allow_insecure_derivatives') || str_starts_with(ltrim($target, '\/'), 'styles/'))
+      && (empty($image_config->get('allowed_insecure_styles'))
+      || !in_array($image_style->getName(), $image_config->get('allowed_insecure_styles')))) {
       $valid = $valid && $token_is_valid;
     }