Generally described, computing devices and communication networks can be utilized to exchange information. In a common application, a computing device can request content from another computing device via the communication network. For example, a user at a personal computing device can utilize a browser application to request a page from a server computing device via the Internet. In such embodiments, the user computing device can be referred to as a client computing device and the server computing device can be referred to as a content provider.
Often a company or other organization will provide pages and files to its employees or other members via a server computing device that the employee users can access from their personal computing devices. Such pages may be considered part of a corporate intranet, in some instances. The company or other organization may maintain user accounts for its employees that may be assigned different levels of access privileges to pages and files accessible from the server depending on factors such as the given user's role or job function. Some users may be granted access to confidential, sensitive or otherwise restricted documents or data via the company's server. In the event of an unauthorized “leak” of restricted data (such as restricted data becoming known to a party outside of the organization either through a compromised user account or an employee improperly sharing information outside of the organization), it is often difficult for an administrative user at the company to identify potential sources of the data leak.