diff --git a/.env.example b/.env.example
index ac76ee16..6b060098 100644
--- a/.env.example
+++ b/.env.example
@@ -86,3 +86,7 @@ GOOGLE_CLIENT_SECRET=to_fill
 # Facebook
 FACEBOOK_CLIENT_ID=to_fill
 FACEBOOK_CLIENT_SECRET=to_fill
+
+# Flask profiler
+# FLASK_PROFILER_PATH=/tmp/flask-profiler.sql
+# FLASK_PROFILER_PASSWORD=password
\ No newline at end of file
diff --git a/app/config.py b/app/config.py
index 047178d5..ae2082ee 100644
--- a/app/config.py
+++ b/app/config.py
@@ -125,3 +125,6 @@ AVATAR_URL_EXPIRATION = 3600 * 24 * 7  # 1h*24h/d*7d=1week
 # session key
 HIGHLIGHT_GEN_EMAIL_ID = "highlight_gen_email_id"
 MFA_USER_ID = "mfa_user_id"
+
+FLASK_PROFILER_PATH = os.environ.get("FLASK_PROFILER_PATH")
+FLASK_PROFILER_PASSWORD = os.environ.get("FLASK_PROFILER_PASSWORD")
diff --git a/requirements.in b/requirements.in
index 1feb16a2..7cfc98ac 100644
--- a/requirements.in
+++ b/requirements.in
@@ -32,4 +32,5 @@ coloredlogs
 pycryptodome
 phpserialize
 dkimpy
-pyotp
\ No newline at end of file
+pyotp
+flask_profiler
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index d1785ff9..b5652536 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -34,8 +34,10 @@ docutils==0.14            # via botocore
 flask-admin==1.5.3
 flask-cors==3.0.8
 flask-debugtoolbar==0.10.1
+flask-httpauth==3.3.0     # via flask-profiler
 flask-login==0.4.1
 flask-migrate==2.5.2
+flask-profiler==1.8.1
 flask-sqlalchemy==2.4.0
 flask-wtf==0.14.2
 flask==1.0.3
@@ -83,6 +85,7 @@ requests==2.22.0          # via requests-oauthlib
 ruamel.yaml==0.15.97      # via strictyaml
 s3transfer==0.2.1         # via boto3
 sentry-sdk==0.13.5
+simplejson==3.17.0        # via flask-profiler
 six==1.12.0               # via bcrypt, cryptography, flask-cors, packaging, pip-tools, prompt-toolkit, pyopenssl, pytest, python-dateutil, sqlalchemy-utils, traitlets
 sqlalchemy-utils==0.33.11
 sqlalchemy==1.3.12        # via alembic, flask-sqlalchemy, sqlalchemy-utils
diff --git a/server.py b/server.py
index f70d4d0d..605d28c4 100644
--- a/server.py
+++ b/server.py
@@ -2,11 +2,11 @@ import os
 import ssl
 
 import arrow
+import flask_profiler
 import sentry_sdk
 from flask import Flask, redirect, url_for, render_template, request, jsonify
 from flask_admin import Admin
 from flask_cors import cross_origin
-from flask_debugtoolbar import DebugToolbarExtension
 from flask_login import current_user
 from sentry_sdk.integrations.flask import FlaskIntegration
 
@@ -22,6 +22,8 @@ from app.config import (
     SHA1,
     PADDLE_MONTHLY_PRODUCT_ID,
     RESET_DB,
+    FLASK_PROFILER_PATH,
+    FLASK_PROFILER_PASSWORD,
 )
 from app.dashboard.base import dashboard_bp
 from app.developer.base import developer_bp
@@ -77,6 +79,20 @@ def create_app() -> Flask:
     init_admin(app)
     setup_paddle_callback(app)
 
+    if FLASK_PROFILER_PATH:
+        LOG.d("Enable flask-profiler")
+        app.config["flask_profiler"] = {
+            "enabled": True,
+            "storage": {"engine": "sqlite", "FILE": FLASK_PROFILER_PATH},
+            "basicAuth": {
+                "enabled": True,
+                "username": "admin",
+                "password": FLASK_PROFILER_PASSWORD,
+            },
+            "ignore": ["^/static/.*", "/git", "/exception"],
+        }
+        flask_profiler.init_app(app)
+
     return app