pprof endpoints are exposed by default automatically by net/http/pprof import, which is reported as High security vulnerability by several different vulnerability scanners.

Although we do understand the importance of having pprof endpoints available for debugging/tuning of the exporter, it would be nice to have ability of turning it off completely in production environments (or opt-in to enable it just for debugging).