Setup in Cursor
Axe MCP server can be added at either the project or global level.
One-click install
Click the link below to install the axe MCP server directly in Cursor:
Install axe MCP server in Cursor
Cursor will prompt you to confirm the installation. Alternatively, follow the manual setup steps below.
Choose scope
- Project-level: Create a file at
.cursor/mcp.jsonin your project's root directory - Global-level: Open Cursor settings, go to Features > MCP, and click Add New MCP Server. This will open your global configuration file.
Adding configuration JSON
Add the following configuration JSON.
If you already have other servers defined, add the axe-mcp-server block inside the existing mcpServers object.
{
"mcpServers": {
"axe-mcp-server": {
"command": "docker",
"args": [
"run",
"--add-host=host.docker.internal:host-gateway",
"-i",
"--rm",
"-e",
"AXE_SERVER_URL",
"-e",
"AXE_API_KEY",
"dequesystems/axe-mcp-server:latest"
],
"env": {
"AXE_API_KEY": "${env:AXE_API_KEY}"
}
}
}
}The configuration uses "AXE_API_KEY": "${env:AXE_API_KEY}" for secure input handling. The ${env:AXE_API_KEY} syntax instructs Cursor to pull the value from your system variables. For more information, see the Cursor MCP documentation.
Using a regional, private cloud, or on-premises axe instance? Add AXE_SERVER_URL to the env block with your instance's base URL:
"env": {
"AXE_API_KEY": "${env:AXE_API_KEY}",
"AXE_SERVER_URL": "https://your-axe-instance.example.com"
}If omitted, the server defaults to https://axe.deque.com (Deque's shared US SaaS instance). See Configuration Options for details.
Using OAuth 2.0 authentication
If you prefer OAuth over an API key, replace the configuration above with the following. This uses @deque/axe-auth token to obtain a fresh access token each time the server starts.
Before configuring, complete Step 1: Authenticate in the OAuth 2.0 Authentication guide.
{
"mcpServers": {
"axe-mcp-server": {
"command": "sh",
"args": [
"-c",
"docker run --add-host=host.docker.internal:host-gateway -i --rm -e \"AXE_ACCESS_TOKEN=$(npx -y @deque/axe-auth token)\" dequesystems/axe-mcp-server:latest"
]
}
}
}Using a regional, private cloud, or on-premises axe instance? Add AXE_SERVER_URL to the Docker command and an env block with your instance's base URL:
"args": [
"-c",
"docker run --add-host=host.docker.internal:host-gateway -i --rm -e AXE_SERVER_URL -e \"AXE_ACCESS_TOKEN=$(npx -y @deque/axe-auth token)\" dequesystems/axe-mcp-server:latest"
],
"env": {
"AXE_SERVER_URL": "https://your-axe-instance.example.com"
}If omitted, the server defaults to https://axe.deque.com (Deque's shared US SaaS instance). See Configuration Options for details.
This configuration uses sh -c to allow shell substitution. $(npx -y @deque/axe-auth token) runs at server startup and injects a valid access token into the Docker container. The -y flag skips the first-run "Ok to proceed?" prompt that npx would otherwise ask in a non-interactive shell. Do not set AXE_API_KEY alongside AXE_ACCESS_TOKEN.
Windows users: This configuration uses a POSIX shell (sh) and command substitution ($(...)), which is not available in cmd.exe or PowerShell by default. Run Cursor from a Git Bash or WSL shell so that sh is on your PATH.
Usage and verification
Once added, the status indicator in Cursor Settings should show that the server is running:
- Open Cursor Settings
- Go to Features > MCP
- You should see axe-mcp-server listed under Installed MCP Servers with the analyze and remediate tools available.