diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index dcb9d000..1a196dad 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -116,7 +116,11 @@ jobs:
         run: yarn build
 
       - name: Run Playwright tests
-        run: npx playwright test --shard=${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
+        run: npx playwright test --grep-invert CHROME_ONLY --shard=${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
+
+      # Some tests are only run on Chrome, marked with CHROME_ONLY in their name
+      - name: Run Chrome-only Playwright tests
+        run: npx playwright test --grep CHROME_ONLY --project='chromium'
 
       - name: Upload Playwright report
         uses: actions/upload-artifact@v3
diff --git a/e2e/bot-firewall.spec.ts b/e2e/bot-firewall.spec.ts
index 0877c09b..d781dab0 100644
--- a/e2e/bot-firewall.spec.ts
+++ b/e2e/bot-firewall.spec.ts
@@ -3,13 +3,18 @@ import { resetScenarios } from './resetHelper';
 import { TEST_IDS } from '../src/client/testIDs';
 import { BOT_FIREWALL_COPY } from '../src/client/bot-firewall/botFirewallCopy';
 
-test.describe('Bot Firewall Demo', () => {
+/**
+ * CHROME_ONLY flag tells the GitHub action to run this test only using Chrome.
+ * Since this test relies on a single common Cloudflare ruleset we need to prevent it from running in multiple browsers in parallel,
+ * they would trip over each other and fail.
+ */
+test.describe('Bot Firewall Demo CHROME_ONLY', () => {
   test.beforeEach(async ({ page }) => {
     await page.goto('/coupon-fraud');
     await resetScenarios(page);
   });
 
-  test('Should display bot visit a allow blocking IP address', async ({ page, context }) => {
+  test('Should display bot visit and allow blocking/unblocking its IP address', async ({ page, context }) => {
     // Record bot visit in web-scraping page
     await page.goto('/web-scraping');
     await expect(page.getByTestId(TEST_IDS.common.alert)).toContainText('Malicious bot detected');