Networking and Security

Never use Playwright or Playwright MCP to browse untrusted web content. Playwright is not a secure sandbox, and web content can escape the browser context and execute code on your machine.

You can configure network policies to ensure that your agent only accesses trusted content. To learn more about session and state see Session and State.

Allowing and Blocking Origins

You can control which domains the browser is allowed to access. Use --allowed-origins to whitelist specific domains and --blocked-origins to blacklist them.

{
  "mcpServers": {
    "playwright": {
      "command": "npx",
      "args": [
        "@playwright/mcp@latest",
        "--allowed-origins",
        "https://www.good.com",
        "--blocked-origins",
        "https://www.bad.com"
      ]
    }
  }
}

Using a Proxy Server

If you need to route traffic through a proxy, you can use the --proxy-server flag.

{
  "mcpServers": {
    "playwright": {
      "command": "npx",
      "args": [
        "@playwright/mcp@latest",
        "--proxy-server",
        "http://myproxy:3128"
      ]
    }
  }
}

To bypass the proxy for certain domains, use the --proxy-bypass flag with a comma-separated list of domains.

{
  "mcpServers": {
    "playwright": {
      "command": "npx",
      "args": [
        "@playwright/mcp@latest",
        "--proxy-server",
        "http://myproxy:3128",
        "--proxy-bypass",
        ".com,chromium.org"
      ]
    }
  }
}

Allowing and Blocking Origins​

Using a Proxy Server​

Allowing and Blocking Origins

Using a Proxy Server