The Chrome DevTools MCP server lets AI agents inspect network traffic, HAR files, cookies, and console logs. Here's the setup, the real secret-leakage risks, and how Strac governs every tool call with secrets detection and a full audit trail.
The Chrome DevTools MCP server exposes browser inspection — the Network, Application, and Console panels — to AI agents over the Model Context Protocol. Once connected, an agent can capture a HAR file, read response bodies, list cookies and local storage, and pull console output to diagnose a bug or confirm a flow.
That's genuinely useful for debugging. It also means the agent now has access to the most secret-dense artifacts a browser produces.
The same reach that makes it a great debugging assistant is exactly why every call needs inspection before it reaches the model.
DevTools data is a secret-leakage problem first:
1. HAR files leak auth headers and tokens. A HAR capture includes Authorization: Bearer … headers, session cookies, and API keys passed in requests — the single most common source of accidental credential exposure.
2. Cookies and storage are session keys. Reading cookies/JWTs lets an agent (or anyone who sees the model context) impersonate a session.
3. Response bodies carry secrets and customer data. API responses pulled into a HAR can include tokens, internal IDs, and occasionally PII.
4. Console logs dump everything. Developers log objects, tokens, and errors that should never leave the browser.
Traditional DLP doesn't sit in the MCP path — the HAR goes straight from the browser into the model's context. That gap is where Strac lives. This is the ingress shift: data pulled in by agents, not leaked out by users.
Strac is the governance gateway between AI agents and the Chrome DevTools MCP server, intercepting every tool call on four fronts. You see every capture each agent makes. You control what it can inspect and block risky calls. You protect the response — secrets, tokens, and PII are redacted, masked, or tokenized inline. And you prove it with a full audit log.
Access-only tools answer "who called what." They do not see the bearer token sitting in a HAR response. Strac sits inline on every Chrome DevTools tool call: it detects and remediates the secrets inside — redact, mask, block, or revoke — approves or blocks risky actions per agent, and keeps the audit trail. The call and its contents.
One inline pass over each response — five actions, your policy:
The same Strac MCP DLP layer covers the full MCP connector directory — one control plane across every place AI agents touch your data.
It's a Model Context Protocol server that lets AI agents inspect a page's network traffic, HAR files, cookies, storage, and console through Chrome DevTools — useful for debugging, and a major secret-exposure surface.
Not by itself. HAR files and network logs carry auth tokens, session cookies, and API keys, which the server returns in full to the model. For safe use you need an MCP-layer control like Strac that remediates secrets before they reach the agent.
Yes — HAR captures include Authorization headers, bearer tokens, cookies, and request/response bodies. They're one of the most common sources of accidental credential leakage, which is why agent access to them needs inspection.
Yes. Strac exposes a standard MCP gateway endpoint, so any MCP-aware client routes Chrome DevTools tool calls through it with one config change.
48+ secret patterns (API keys, AWS/GCP/Azure access keys, OAuth tokens, JWTs, SSH and private keys), PII, and source code — across HAR files, network bodies, cookies, and console logs.
Related reading: MCP DLP · Playwright MCP Server · GitHub MCP Server · MCP connector directory · AI Agent Governance · SaaS DLP
.avif){kind=icon}
.gif)
.webp)
