Rail is a system that uses record and replay techniques to precisely identify data items that were disclosed after a vulnerability is fixed in a web application. It records the execution of the application along with dependencies between actions and shared objects. During replay, it replays actions and compares the outputs to determine if any additional data items were disclosed. Rail provides APIs for developers to integrate object versioning and tracking of data sent to clients. An evaluation shows Rail can precisely identify disclosed data with low performance overhead and requiring few changes from developers.