How to add Firefox DevTools MCP to Windsurf
Automate and inspect Firefox via WebDriver BiDi (Selenium) from any MCP client. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.
Last updated June 14, 2026 · 228★ · stdio · no auth · official
Windsurf config for Firefox DevTools MCP
claude mcp add firefox-devtools npx @mozilla/firefox-devtools-mcp@latest{
"mcpServers": {
"firefox-devtools-mcp": {
"command": "npx",
"args": [
"-y",
"@mozilla/firefox-devtools-mcp@latest",
"--headless",
"--viewport",
"1280x720"
],
"env": {
"START_URL": "about:blank"
}
}
}
}Setup steps
- 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
- 2Paste the Firefox DevTools MCP config below.
- 3Fill in placeholder secrets, then save.
- 4Click Refresh in the MCP panel.
- 5Firefox DevTools MCP's tools become available to Cascade.
Before you start
- Node.js >= 20.19.0
- Firefox 100+ installed locally (auto-detected, or pass --firefox-path)
- For Firefox for Android: adb on your PATH (geckodriver is managed automatically)
What Firefox DevTools MCP can do in Windsurf
list_pagesList the open pages (tabs) in the browser.
new_pageOpen a new page (tab).
navigate_pageNavigate the selected page to a URL.
select_pageSelect the active page to operate on.
close_pageClose a page (tab).
take_snapshotTake an accessibility-tree snapshot of the page, producing UIDs for elements.
click_by_uidClick an element identified by its snapshot UID.
hover_by_uidHover over an element identified by its snapshot UID.
Security
Browser MCP servers carry inherent risks. Use a dedicated Firefox profile (never your regular one) since the agent can access whatever the browser can reach, including cookies and saved sessions. Be cautious about which sites you visit, as pages can return content designed to manipulate the agent (prompt injection). Avoid enabling extra flags unless needed: `--enable-script` and `--enable-privileged-context` significantly expand what the agent can do. Do not leave Marionette enabled during normal browsing in connect-existing mode, as it changes browser fingerprint signals and can trigger bot detection. See SECURITY.md for a full breakdown.
Firefox DevTools MCP + Windsurf FAQ
Where is the Windsurf config file?
Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the Firefox DevTools MCP config there under the "mcpServers" key and restart the client.
Is Firefox DevTools MCP safe to use with Windsurf?
Browser MCP servers carry inherent risks. Use a dedicated Firefox profile (never your regular one) since the agent can access whatever the browser can reach, including cookies and saved sessions. Be cautious about which sites you visit, as pages can return content designed to manipulate the agent (prompt injection). Avoid enabling extra flags unless needed: `--enable-script` and `--enable-privileged-context` significantly expand what the agent can do. Do not leave Marionette enabled during normal browsing in connect-existing mode, as it changes browser fingerprint signals and can trigger bot detection. See SECURITY.md for a full breakdown.
Can this run on a cloud MCP host like glama.ai?
No. The server requires a local Firefox browser installation and cannot run on cloud hosting services. Run it locally with `npx @mozilla/firefox-devtools-mcp@latest`, or use Docker with the provided Dockerfile.
How do I run arbitrary JavaScript in the page?
The evaluate_script tool is disabled by default. Enable it with the --enable-script flag (or ENABLE_SCRIPT=true). Privileged scripts and other privileged-context tools additionally require --enable-privileged-context and MOZ_REMOTE_ALLOW_SYSTEM_ACCESS=1.
Can I automate my real, logged-in Firefox session?
Yes, via connect-existing mode: start Firefox with `firefox --marionette`, then run the server with `--connect-existing --marionette-port 2828`. BiDi-dependent features (console and network events) are unavailable in this mode, but all other features work. Do not leave Marionette enabled during normal browsing, as it changes fingerprint signals and can trigger bot detection.