Prometheus enables the pprof debug tool by default. How to disable pprof?

Prometheus enables the pprof debug tool by default, and the vulnerability scanning tool finds sensitive information leaks. How to disable pprof?


Has the tool actually found an information leak? Or is it just warning of a potential leak?

Vulnerability scans are prone to false positives. This is likely the case here, as pprof is generally considered a safe endpoint. No more or less sensitive as the Prometheus HTTP API itself.