diff --git a/config/exclusions/go.yaml b/config/exclusions/go.yaml
index 7b3ff4a5..184cf862 100644
--- a/config/exclusions/go.yaml
+++ b/config/exclusions/go.yaml
@@ -3,3 +3,8 @@ exclusions:
     name: Exclude test source code
     patterns:
       - '.*_test(s)?.*'
+
+  - id: Exclusions.ExternalModules
+    name: Exclude external modules
+    patterns:
+      - '(?i).*vendor(s)?/.*'
diff --git a/rules/sources/account_data.yaml b/rules/sources/account_data.yaml
index 5b65ac7e..4149a674 100644
--- a/rules/sources/account_data.yaml
+++ b/rules/sources/account_data.yaml
@@ -58,3 +58,13 @@ sources:
       - "(?i)(.*(?<!(db|database|jira|sql|postgres|mongo|aws)[^\\s/(;)#|,=!>]{0,3})user[^\\s/(;)#|,=!>]{0,3}name)|(.*(account|customer|doctor|patient|teacher|student|person|organi[zs]ation|company)[^\\s/(;)#|,=!>]{0,3}name)"
     tags:
       law: GDPR
+
+  - id: Data.Sensitive.AccountData.Token
+    name: Token
+    category: Account Data
+    isSensitive: False
+    sensitivity: medium
+    patterns:
+      - "((?i)(auth|session|access|bearer|jwt|recaptcha|user|useraccess)[^\\s/(;)#|,=!>]{0,3}token[s]?)"
+    tags:
+      law: GDPR
\ No newline at end of file
diff --git a/rules/sources/online_identifiers.yaml b/rules/sources/online_identifiers.yaml
index 284f99d4..9c4eb032 100644
--- a/rules/sources/online_identifiers.yaml
+++ b/rules/sources/online_identifiers.yaml
@@ -58,3 +58,4 @@ sources:
       - "(?i)idfa|idfv|aaid|advertising[^\\s/(;)#|,=!>]{0,5}id|gps[^\\s/(;)#|,=!>]{0,5}adid"
     tags:
       law: GDPR
+