The Secure Screen Sharing Checklist (Every Step Before You Present)
A definitive pre-share checklist and screen sharing best practices — share one window, silence notifications, clean up tabs, blur the sensitive fields in the page, and review any recording before publishing.
A secure screen share comes down to controlling two things: your environment (what surrounds your content) and your content (the sensitive data inside the thing you're presenting). The checklist below covers both — share a single window, silence notifications, clean up your tabs, then blur the sensitive fields in the page itself and keep a panic hotkey ready. Run it before every call and you close the two ways screen shares leak: something in the background, and something on the page.
Most checklists stop at the environment and never mention the content inside the tab you meant to share. That's the gap this one closes.
The pre-share checklist
- Share a single window or tab — never your entire screen. In Zoom, Google Meet or Microsoft Teams, pick the specific window or tab in the share picker. This keeps every other app, window and your desktop out of the feed instantly.
- Turn on Do Not Disturb / Focus. macOS Focus or Windows Focus Assist suppress notification banners, so a Slack DM or an email preview can't slide into frame mid-share.
- Close unrelated tabs and hide the bookmarks bar. Bookmarks quietly reveal client names, internal tools and unreleased projects. Press Ctrl/⌘ ⇧ B to hide the bar, and close any tab you won't use.
- Use a clean browser profile for demos. A profile with nothing personal logged in keeps autofill, saved passwords and the wrong account out of view — and out of screenshots.
- Blur the sensitive fields in the page. Salary columns, account numbers, customer names, API keys and DMs live *inside* the tab you're intentionally sharing — the one thing sharing a single window can't hide. Blur them in the page (see the steps below).
- Keep the panic hotkey ready. Have a one-key way to blur everything the instant something unexpected appears — a notification, the wrong record, an incoming message.
- Review any recording before you publish it. Watch it back at full size. A frame that flashed a token or a name for a single second is enough to leak it.
- Rotate any secret that appeared unblurred in a frame. If an API key, password or token was visible even briefly, treat it as compromised and rotate it. This is the step people skip — and the one that turns a slip into an incident.
How to blur the sensitive fields in the page
Step 5 is the part no conferencing setting handles for you, so here's the whole flow with BlurFirst. It runs in Chrome, Edge, Brave, Vivaldi and Opera, and the blur is painted into the page as real pixels so it survives recording:
- 1
Install and pin the extension
Add BlurFirst from the Chrome Web Store and pin it to your toolbar so it's one click away before a call.
- 2
Start blurring on the page
Open the page you'll present and press Ctrl/⌘ ⇧ Y (or click the icon). A small control bar appears.
- 3
Cover what's sensitive
Drag a box over a region, click a single element to blur just that field, or run Scan (Pro) to auto-detect PII — emails, phones, credit cards, SSNs and API keys — locally in the page.
- 4
Save a per-site profile
For pages you present often, let BlurFirst remember your blurs (Pro). It stores a CSS selector, never the content, and auto-applies the same blurs next visit.
- 5
Set the panic key in muscle memory
Ctrl/⌘ ⇧ H blurs the whole page instantly. Practise it once so it's automatic if something appears mid-call.
Risk to mitigation, at a glance
Every item on the checklist maps to a specific way screen shares go wrong. Here's the short version you can scan before a call:
| Risk | How it leaks | Mitigation |
|---|---|---|
| A notification pops into frame | A Slack or email banner appears mid-share | Do Not Disturb / Focus before you start |
| Other tabs or windows exposed | You share the whole screen or the wrong window | Share a single tab or window |
| Bookmarks reveal clients or tools | The bookmarks bar is visible in the browser | Hide the bar (Ctrl/⌘ ⇧ B), close extra tabs |
| Sensitive data inside the shared page | Salary, keys or PII are visible in the app you're presenting | Blur the fields in the page (BlurFirst) |
| Something unexpected appears live | A wrong record or a DM loads mid-call | Panic hotkey to blur everything |
| A secret leaked in a recording | A token flashed on screen for a frame | Review the recording, then rotate the secret |
Why the blur step is the one most checklists miss
Sharing a single window, silencing notifications and cleaning up tabs all control the *environment* — they keep the wrong things from appearing around your content. None of them touches the content you meant to show. During a demo, the real exposure is usually right there in the tab you chose to share: the customer's name at the top of the CRM record, the salary column in the sheet, the live API key in the terminal panel.
An in-page blur is what covers that last gap. Because BlurFirst paints the blur into the page as real pixels, it survives Zoom, Meet, Teams, Loom, OBS, any recorder and screenshots — there's no unblurred copy left for a capture to find. Two honest limits to keep in mind: an extension only affects content inside a browser tab, not native apps or your desktop (a desktop app is in development), and automatic Scan detects *patterns* like emails and keys, not free-text names — so blur those by hand with a box or element blur.