Enterprises commonly provide web applications that employees are able to access via web browsers. Often these web applications have access to sensitive data, and users can easily retrieve such sensitive data by accessing the web application from a web browser. Users are often able to copy, save, print, etc. the data received by a web browser, regardless of whether this data is sensitive. Some traditional data loss prevention (DLP) systems can be used to identify and control access to sensitive data received by a web browser. However, traditional DLP systems are designed to block or record operations that would cause sensitive data to leave a computer system. Accordingly, traditional DLP systems may not identify data received by a web browser from a web application as sensitive data when the data is received. This may permit users to perform operations on sensitive data that an administrator would prefer to prevent. Additionally, detection of sensitive data by traditional DLP systems is a computationally expensive task, and can be error prone for some types of sensitive data that may be received from a web application.