diff --git a/backend/src/app.js b/backend/src/app.js
index 1310df2..5dbb1a8 100644
--- a/backend/src/app.js
+++ b/backend/src/app.js
@@ -68,7 +68,11 @@ const authLimiter = rateLimit({
   message: 'Too many authentication attempts, please try again later.',
   standardHeaders: true,
   legacyHeaders: false,
-  skip: (req) => (req.path || '') === '/registration-status'
+  // Skip low-risk polling endpoint regardless of mount path
+  skip: (req) => {
+    const p = req.originalUrl || req.url || req.path || '';
+    return p.endsWith('/registration-status');
+  }
 });
 
 // Middleware