diff --git a/.trivyignore b/.trivyignore
index 6cd15149..8d1fdbf7 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -8,3 +8,7 @@
 # No fix available (latest version 1.2.1 is affected). Tracked in UID2-6610.
 # Expiry: 2026-03-19
 CVE-2026-1615
+
+# zlib contrib/untgz demo utility buffer overflow - not exploitable; Alpine does not ship the untgz binary.
+# See: UID2-6704
+CVE-2026-22184 exp:2026-09-09
diff --git a/web-integrations/google-secure-signals/server-side/views/index.html b/web-integrations/google-secure-signals/server-side/views/index.html
index 528cc1b3..7788fb6a 100644
--- a/web-integrations/google-secure-signals/server-side/views/index.html
+++ b/web-integrations/google-secure-signals/server-side/views/index.html
@@ -47,7 +47,7 @@
           }
         }
         
-        // No "token ready" event on server-side; poll so we update the UI after the SDK writes to localStorage.
+        // Update Secure Signals display after SDK has time to load and fetch token, allowing for additional tries
         [1000, 2000, 3000].forEach((ms) => setTimeout(updateSecureSignals, ms));
         
         $('#logout').click(() => {