diff --git a/notebook/base/handlers.py b/notebook/base/handlers.py
index e3400eba1..29f708e3a 100755
--- a/notebook/base/handlers.py
+++ b/notebook/base/handlers.py
@@ -914,8 +914,10 @@ class PrometheusMetricsHandler(IPythonHandler):
     """
     Return prometheus metrics for this notebook server
     """
-    @web.authenticated
     def get(self):
+        if self.settings['authenticate_prometheus'] and not self.logged_in:
+            raise web.HTTPError(403)
+
         self.set_header('Content-Type', prometheus_client.CONTENT_TYPE_LATEST)
         self.write(prometheus_client.generate_latest(prometheus_client.REGISTRY))
 
diff --git a/notebook/notebookapp.py b/notebook/notebookapp.py
index 7aeb0e9b6..2ebd2c3ac 100755
--- a/notebook/notebookapp.py
+++ b/notebook/notebookapp.py
@@ -283,6 +283,7 @@ class NotebookWebApplication(web.Application):
             disable_check_xsrf=jupyter_app.disable_check_xsrf,
             allow_remote_access=jupyter_app.allow_remote_access,
             local_hostnames=jupyter_app.local_hostnames,
+            authenticate_prometheus=jupyter_app.authenticate_prometheus,
 
             # managers
             kernel_manager=kernel_manager,
@@ -1551,6 +1552,13 @@ class NotebookApp(JupyterApp):
          is not available.
          """))
 
+    authenticate_prometheus = Bool(
+        True,
+        help=""""
+        Require authentication to access prometheus metrics.
+        """
+    ).tag(config=True)
+
     # Since use of terminals is also a function of whether the terminado package is
     # available, this variable holds the "final indication" of whether terminal functionality
     # should be considered (particularly during shutdown/cleanup).  It is enabled only