diff --git a/registry/remote/auth/client.go b/registry/remote/auth/client.go
index a9a49d38..0303b8b9 100644
--- a/registry/remote/auth/client.go
+++ b/registry/remote/auth/client.go
@@ -187,7 +187,7 @@ func (c *Client) Do(originalReq *http.Request) (*http.Response, error) {
 				req.Header.Set("Authorization", "Basic "+token)
 			}
 		case SchemeBearer:
-			// merge per-host scopes with generic scopes
+			// merge per-host scopes with global scopes
 			scopes := GetScopesForHost(ctx, host)
 			if moreScopes := GetScopes(ctx); len(moreScopes) > 0 {
 				scopes = append(scopes, moreScopes...)
@@ -231,7 +231,7 @@ func (c *Client) Do(originalReq *http.Request) (*http.Response, error) {
 		scopes := GetScopesForHost(ctx, host)
 		cleanScopeLen := len(scopes)
 		if moreScopes := GetScopes(ctx); len(moreScopes) > 0 {
-			// merge per-host scopes with generic scopes
+			// merge per-host scopes with global scopes
 			scopes = append(scopes, moreScopes...)
 		}
 		if paramScope := params["scope"]; paramScope != "" {
diff --git a/registry/remote/auth/scope.go b/registry/remote/auth/scope.go
index 41cb3e2e..bd98b6c6 100644
--- a/registry/remote/auth/scope.go
+++ b/registry/remote/auth/scope.go
@@ -162,7 +162,8 @@ func AppendScopesForHost(ctx context.Context, host string, scopes ...string) con
 	return WithScopesForHost(ctx, host, append(oldScopes, scopes...)...)
 }
 
-// GetScopesForHost returns the scopes in the context for the given host.
+// GetScopesForHost returns the scopes in the context for the given host,
+// excluding the global scopes added by [WithScopes] and [AppendScopes].
 func GetScopesForHost(ctx context.Context, host string) []string {
 	if scopes, ok := ctx.Value(scopesForHostContextKey(host)).([]string); ok {
 		return slices.Clone(scopes)