diff --git a/include/WebApi.h b/include/WebApi.h
index 5c8927f2..1d6c8642 100644
--- a/include/WebApi.h
+++ b/include/WebApi.h
@@ -27,6 +27,7 @@ public:
     void loop();
 
     static bool checkCredentials(AsyncWebServerRequest* request);
+    static bool checkCredentialsReadonly(AsyncWebServerRequest* request);
 
 private:
     AsyncWebServer _server;
diff --git a/src/WebApi.cpp b/src/WebApi.cpp
index 37941c2b..5076ce43 100644
--- a/src/WebApi.cpp
+++ b/src/WebApi.cpp
@@ -77,4 +77,14 @@ bool WebApiClass::checkCredentials(AsyncWebServerRequest* request)
     return false;
 }
 
+bool WebApiClass::checkCredentialsReadonly(AsyncWebServerRequest* request)
+{
+    CONFIG_T& config = Configuration.get();
+    if (config.Security_AllowReadonly) {
+        return true;
+    } else {
+        return checkCredentials(request);
+    }
+}
+
 WebApiClass WebApi;
\ No newline at end of file
diff --git a/src/WebApi_devinfo.cpp b/src/WebApi_devinfo.cpp
index 93f2fa75..1a29081c 100644
--- a/src/WebApi_devinfo.cpp
+++ b/src/WebApi_devinfo.cpp
@@ -6,6 +6,7 @@
 #include "ArduinoJson.h"
 #include "AsyncJson.h"
 #include "Hoymiles.h"
+#include "WebApi.h"
 #include <ctime>
 
 void WebApiDevInfoClass::init(AsyncWebServer* server)
@@ -23,6 +24,10 @@ void WebApiDevInfoClass::loop()
 
 void WebApiDevInfoClass::onDevInfoStatus(AsyncWebServerRequest* request)
 {
+    if (!WebApi.checkCredentialsReadonly(request)) {
+        return;
+    }
+
     AsyncJsonResponse* response = new AsyncJsonResponse();
     JsonObject root = response->getRoot();
 
diff --git a/src/WebApi_eventlog.cpp b/src/WebApi_eventlog.cpp
index 9ba3c525..6c03fb46 100644
--- a/src/WebApi_eventlog.cpp
+++ b/src/WebApi_eventlog.cpp
@@ -6,6 +6,7 @@
 #include "ArduinoJson.h"
 #include "AsyncJson.h"
 #include "Hoymiles.h"
+#include "WebApi.h"
 
 void WebApiEventlogClass::init(AsyncWebServer* server)
 {
@@ -22,6 +23,10 @@ void WebApiEventlogClass::loop()
 
 void WebApiEventlogClass::onEventlogStatus(AsyncWebServerRequest* request)
 {
+    if (!WebApi.checkCredentialsReadonly(request)) {
+        return;
+    }
+
     AsyncJsonResponse* response = new AsyncJsonResponse(false, 2048);
     JsonObject root = response->getRoot();
 
diff --git a/src/WebApi_limit.cpp b/src/WebApi_limit.cpp
index 00880c31..3195d40e 100644
--- a/src/WebApi_limit.cpp
+++ b/src/WebApi_limit.cpp
@@ -24,6 +24,10 @@ void WebApiLimitClass::loop()
 
 void WebApiLimitClass::onLimitStatus(AsyncWebServerRequest* request)
 {
+    if (!WebApi.checkCredentialsReadonly(request)) {
+        return;
+    }
+
     AsyncJsonResponse* response = new AsyncJsonResponse();
     JsonObject root = response->getRoot();
 
diff --git a/src/WebApi_mqtt.cpp b/src/WebApi_mqtt.cpp
index 3083851e..5431024a 100644
--- a/src/WebApi_mqtt.cpp
+++ b/src/WebApi_mqtt.cpp
@@ -28,6 +28,10 @@ void WebApiMqttClass::loop()
 
 void WebApiMqttClass::onMqttStatus(AsyncWebServerRequest* request)
 {
+    if (!WebApi.checkCredentialsReadonly(request)) {
+        return;
+    }
+
     AsyncJsonResponse* response = new AsyncJsonResponse(false, MQTT_JSON_DOC_SIZE);
     JsonObject root = response->getRoot();
     const CONFIG_T& config = Configuration.get();
diff --git a/src/WebApi_network.cpp b/src/WebApi_network.cpp
index 4c3cf2b4..c5a34846 100644
--- a/src/WebApi_network.cpp
+++ b/src/WebApi_network.cpp
@@ -27,6 +27,10 @@ void WebApiNetworkClass::loop()
 
 void WebApiNetworkClass::onNetworkStatus(AsyncWebServerRequest* request)
 {
+    if (!WebApi.checkCredentialsReadonly(request)) {
+        return;
+    }
+
     AsyncJsonResponse* response = new AsyncJsonResponse();
     JsonObject root = response->getRoot();
 
diff --git a/src/WebApi_ntp.cpp b/src/WebApi_ntp.cpp
index b019d239..a2d1e936 100644
--- a/src/WebApi_ntp.cpp
+++ b/src/WebApi_ntp.cpp
@@ -29,6 +29,10 @@ void WebApiNtpClass::loop()
 
 void WebApiNtpClass::onNtpStatus(AsyncWebServerRequest* request)
 {
+    if (!WebApi.checkCredentialsReadonly(request)) {
+        return;
+    }
+
     AsyncJsonResponse* response = new AsyncJsonResponse();
     JsonObject root = response->getRoot();
     const CONFIG_T& config = Configuration.get();
diff --git a/src/WebApi_power.cpp b/src/WebApi_power.cpp
index 413bc0fd..22591c05 100644
--- a/src/WebApi_power.cpp
+++ b/src/WebApi_power.cpp
@@ -24,6 +24,10 @@ void WebApiPowerClass::loop()
 
 void WebApiPowerClass::onPowerStatus(AsyncWebServerRequest* request)
 {
+    if (!WebApi.checkCredentialsReadonly(request)) {
+        return;
+    }
+
     AsyncJsonResponse* response = new AsyncJsonResponse();
     JsonObject root = response->getRoot();
 
diff --git a/src/WebApi_sysstatus.cpp b/src/WebApi_sysstatus.cpp
index 2d6b2987..ce7c21a2 100644
--- a/src/WebApi_sysstatus.cpp
+++ b/src/WebApi_sysstatus.cpp
@@ -7,6 +7,7 @@
 #include "AsyncJson.h"
 #include "Configuration.h"
 #include "NetworkSettings.h"
+#include "WebApi.h"
 #include <Hoymiles.h>
 #include <LittleFS.h>
 #include <ResetReason.h>
@@ -30,6 +31,10 @@ void WebApiSysstatusClass::loop()
 
 void WebApiSysstatusClass::onSystemStatus(AsyncWebServerRequest* request)
 {
+    if (!WebApi.checkCredentialsReadonly(request)) {
+        return;
+    }
+
     AsyncJsonResponse* response = new AsyncJsonResponse();
     JsonObject root = response->getRoot();
 
diff --git a/src/WebApi_ws_live.cpp b/src/WebApi_ws_live.cpp
index 35f94d51..166fdea6 100644
--- a/src/WebApi_ws_live.cpp
+++ b/src/WebApi_ws_live.cpp
@@ -6,6 +6,7 @@
 #include "AsyncJson.h"
 #include "Configuration.h"
 #include "defaults.h"
+#include "WebApi.h"
 
 WebApiWsLiveClass::WebApiWsLiveClass()
     : _ws("/livedata")
@@ -200,6 +201,10 @@ void WebApiWsLiveClass::onWebsocketEvent(AsyncWebSocket* server, AsyncWebSocketC
 
 void WebApiWsLiveClass::onLivedataStatus(AsyncWebServerRequest* request)
 {
+    if (!WebApi.checkCredentialsReadonly(request)) {
+        return;
+    }
+
     AsyncJsonResponse* response = new AsyncJsonResponse(false, 40960U);
     JsonVariant root = response->getRoot();