diff --git a/tests/security-enforcement/combined-enforcement.spec.ts b/tests/security-enforcement/combined-enforcement.spec.ts
index 66c69058..da990973 100644
--- a/tests/security-enforcement/combined-enforcement.spec.ts
+++ b/tests/security-enforcement/combined-enforcement.spec.ts
@@ -102,9 +102,9 @@ test.describe('Combined Security Enforcement', () => {
     await requestContext.dispose();
   });
 
-  test('should enable all security modules simultaneously', async ({}, testInfo) => {
-    // Security module activation is now enforced through Caddy middleware.
-    // E2E tests route through Caddy's security middleware pipeline.
+  test.skip('should enable all security modules simultaneously', async ({}, testInfo) => {
+    // SKIP: Security module enforcement verified via Cerberus middleware (port 80).
+    // See: backend/integration/cerberus_integration_test.go
   });
 
   test('should log security events to audit log', async () => {
diff --git a/tests/security-enforcement/waf-enforcement.spec.ts b/tests/security-enforcement/waf-enforcement.spec.ts
index 01b165ee..feb627ec 100644
--- a/tests/security-enforcement/waf-enforcement.spec.ts
+++ b/tests/security-enforcement/waf-enforcement.spec.ts
@@ -155,12 +155,13 @@ test.describe('WAF Enforcement', () => {
     expect(typeof status.waf.enabled).toBe('boolean');
   });
 
-  test('should detect SQL injection patterns in request validation', async () => {
-    // WAF (Coraza) runs as a Caddy plugin.
-    // WAF settings are saved and blocking behavior is enforced through Caddy middleware.
+  test.skip('should detect SQL injection patterns in request validation', async () => {
+    // SKIP: WAF blocking enforced via Coraza middleware (port 80).
+    // See: backend/integration/coraza_integration_test.go
   });
 
-  test('should document XSS blocking behavior', async () => {
-    // XSS blocking behavior is enforced through Caddy middleware.
+  test.skip('should document XSS blocking behavior', async () => {
+    // SKIP: XSS blocking enforced via Coraza middleware (port 80).
+    // See: backend/integration/coraza_integration_test.go
   });
 });
diff --git a/tests/settings/user-management.spec.ts b/tests/settings/user-management.spec.ts
index fa13709a..6c6c0cd9 100644
--- a/tests/settings/user-management.spec.ts
+++ b/tests/settings/user-management.spec.ts
@@ -71,7 +71,8 @@ test.describe('User Management', () => {
      * Test: User status badges display correctly
      * Priority: P1
      */
-    test('should show user status badges', async ({ page }) => {
+    test.skip('should show user status badges', async ({ page }) => {
+      // SKIP: UI feature not yet implemented.
       // TODO: Re-enable when user status badges are added to the UI.
 
       await test.step('Verify active status has correct styling', async () => {