diff --git a/core/src/main/java/google/registry/batch/DeleteProberDataAction.java b/core/src/main/java/google/registry/batch/DeleteProberDataAction.java
index a963a2078..3f3b095e0 100644
--- a/core/src/main/java/google/registry/batch/DeleteProberDataAction.java
+++ b/core/src/main/java/google/registry/batch/DeleteProberDataAction.java
@@ -246,28 +246,32 @@ public class DeleteProberDataAction implements Runnable {
     }
 
     private void softDeleteDomain(final DomainBase domain) {
-      tm().transactNew(() -> {
-          DomainBase deletedDomain = domain
-              .asBuilder()
-              .setDeletionTime(tm().getTransactionTime())
-              .setStatusValues(null)
-              .build();
-          HistoryEntry historyEntry = new HistoryEntry.Builder()
-              .setParent(domain)
-              .setType(DOMAIN_DELETE)
-              .setModificationTime(tm().getTransactionTime())
-              .setBySuperuser(true)
-              .setReason("Deletion of prober data")
-              .setClientId(registryAdminClientId)
-              .build();
-          // Note that we don't bother handling grace periods, billing events, pending transfers,
-          // poll messages, or auto-renews because these will all be hard-deleted the next time the
-          // mapreduce runs anyway.
-          ofy().save().entities(deletedDomain, historyEntry);
-          updateForeignKeyIndexDeletionTime(deletedDomain);
-          dnsQueue.addDomainRefreshTask(deletedDomain.getDomainName());
-        }
-      );
+      tm().transactNew(
+              () -> {
+                DomainBase deletedDomain =
+                    domain
+                        .asBuilder()
+                        .setDeletionTime(tm().getTransactionTime())
+                        .setStatusValues(null)
+                        .build();
+                HistoryEntry historyEntry =
+                    new HistoryEntry.Builder()
+                        .setParent(domain)
+                        .setType(DOMAIN_DELETE)
+                        .setModificationTime(tm().getTransactionTime())
+                        .setBySuperuser(true)
+                        .setReason("Deletion of prober data")
+                        .setClientId(registryAdminClientId)
+                        .build();
+                // Note that we don't bother handling grace periods, billing events, pending
+                // transfers,
+                // poll messages, or auto-renews because these will all be hard-deleted the next
+                // time the
+                // mapreduce runs anyway.
+                ofy().save().entities(deletedDomain, historyEntry);
+                updateForeignKeyIndexDeletionTime(deletedDomain);
+                dnsQueue.addDomainRefreshTask(deletedDomain.getDomainName());
+              });
     }
   }
 }
diff --git a/core/src/main/java/google/registry/dns/writer/dnsupdate/DnsUpdateWriter.java b/core/src/main/java/google/registry/dns/writer/dnsupdate/DnsUpdateWriter.java
index 354fd964d..1f05a3ae8 100644
--- a/core/src/main/java/google/registry/dns/writer/dnsupdate/DnsUpdateWriter.java
+++ b/core/src/main/java/google/registry/dns/writer/dnsupdate/DnsUpdateWriter.java
@@ -215,8 +215,7 @@ public class DnsUpdateWriter extends BaseDnsWriter {
 
   private void addInBailiwickNameServerSet(DomainBase domain, Update update) {
     for (String hostName :
-        intersection(
-            domain.loadNameserverHostNames(), domain.getSubordinateHosts())) {
+        intersection(domain.loadNameserverHostNames(), domain.getSubordinateHosts())) {
       Optional<HostResource> host = loadByForeignKey(HostResource.class, hostName, clock.nowUtc());
       checkState(host.isPresent(), "Host %s cannot be loaded", hostName);
       update.add(makeAddressSet(host.get()));
diff --git a/core/src/main/java/google/registry/env/production/default/WEB-INF/cron.xml b/core/src/main/java/google/registry/env/production/default/WEB-INF/cron.xml
index bd9295459..364370e58 100644
--- a/core/src/main/java/google/registry/env/production/default/WEB-INF/cron.xml
+++ b/core/src/main/java/google/registry/env/production/default/WEB-INF/cron.xml
@@ -284,7 +284,7 @@
     <description>
       Checks if the monthly ICANN reports have been successfully uploaded. If they have not, attempts to upload them again.
       Most of the time, this job should not do anything since the uploads are triggered when the reports are staged.
-      However, in the event that an upload failed for any reason (e.g. ICANN server is down, IP whitelist issues),
+      However, in the event that an upload failed for any reason (e.g. ICANN server is down, IP allow list issues),
       this cron job will continue to retry uploads daily until they succeed.
     </description>
     <schedule>every day 15:00</schedule>
diff --git a/core/src/main/java/google/registry/export/sheet/SyncRegistrarsSheet.java b/core/src/main/java/google/registry/export/sheet/SyncRegistrarsSheet.java
index d480fbcd2..b9255ebfe 100644
--- a/core/src/main/java/google/registry/export/sheet/SyncRegistrarsSheet.java
+++ b/core/src/main/java/google/registry/export/sheet/SyncRegistrarsSheet.java
@@ -84,8 +84,7 @@ class SyncRegistrarsSheet {
           public int compare(Registrar left, Registrar right) {
             return left.getClientId().compareTo(right.getClientId());
           }
-        }.immutableSortedCopy(Registrar.loadAllCached())
-            .stream()
+        }.immutableSortedCopy(Registrar.loadAllCached()).stream()
             .filter(
                 registrar ->
                     registrar.getType() == Registrar.Type.REAL
@@ -149,7 +148,7 @@ class SyncRegistrarsSheet {
                   builder.put("allowedTlds", convert(registrar.getAllowedTlds()));
                   builder.put("whoisServer", convert(registrar.getWhoisServer()));
                   builder.put("blockPremiumNames", convert(registrar.getBlockPremiumNames()));
-                  builder.put("ipAddressWhitelist", convert(registrar.getIpAddressWhitelist()));
+                  builder.put("ipAddressAllowList", convert(registrar.getIpAddressAllowList()));
                   builder.put("url", convert(registrar.getUrl()));
                   builder.put("referralUrl", convert(registrar.getUrl()));
                   builder.put("icannReferralEmail", convert(registrar.getIcannReferralEmail()));
diff --git a/core/src/main/java/google/registry/flows/TlsCredentials.java b/core/src/main/java/google/registry/flows/TlsCredentials.java
index 8b8ff974d..1b2990d29 100644
--- a/core/src/main/java/google/registry/flows/TlsCredentials.java
+++ b/core/src/main/java/google/registry/flows/TlsCredentials.java
@@ -37,7 +37,7 @@ import javax.inject.Inject;
 import javax.servlet.http.HttpServletRequest;
 
 /**
- * Container and validation for TLS certificate and ip-whitelisting.
+ * Container and validation for TLS certificate and IP-allow-listing.
  *
  * <p>Credentials are based on the following headers:
  *
@@ -48,7 +48,7 @@ import javax.servlet.http.HttpServletRequest;
  *       band.
  *   <dt>X-Forwarded-For
  *   <dd>This field should contain the host and port of the connecting client. It is validated
- *       during an EPP login command against an IP whitelist that is transmitted out of band.
+ *       during an EPP login command against an IP allow list that is transmitted out of band.
  * </dl>
  */
 public class TlsCredentials implements TransportCredentials {
@@ -85,27 +85,28 @@ public class TlsCredentials implements TransportCredentials {
   }
 
   /**
-   * Verifies {@link #clientInetAddr} is in CIDR whitelist associated with {@code registrar}.
+   * Verifies {@link #clientInetAddr} is in CIDR allow list associated with {@code registrar}.
    *
-   * @throws BadRegistrarIpAddressException If IP address is not in the whitelist provided
+   * @throws BadRegistrarIpAddressException If IP address is not in the allow list provided
    */
   private void validateIp(Registrar registrar) throws AuthenticationErrorException {
-    ImmutableList<CidrAddressBlock> ipWhitelist = registrar.getIpAddressWhitelist();
-    if (ipWhitelist.isEmpty()) {
+    ImmutableList<CidrAddressBlock> ipAddressAllowList = registrar.getIpAddressAllowList();
+    if (ipAddressAllowList.isEmpty()) {
       logger.atInfo().log(
-          "Skipping IP whitelist check because %s doesn't have an IP whitelist",
+          "Skipping IP allow list check because %s doesn't have an IP allow list",
           registrar.getClientId());
       return;
     }
-    for (CidrAddressBlock cidrAddressBlock : ipWhitelist) {
+    for (CidrAddressBlock cidrAddressBlock : ipAddressAllowList) {
       if (cidrAddressBlock.contains(clientInetAddr)) {
-        // IP address is in whitelist; return early.
+        // IP address is in allow list; return early.
         return;
       }
     }
     logger.atInfo().log(
-        "Authentication error: IP address %s is not whitelisted for registrar %s; whitelist is: %s",
-        clientInetAddr, registrar.getClientId(), ipWhitelist);
+        "Authentication error: IP address %s is not allow-listed for registrar %s; allow list is:"
+            + " %s",
+        clientInetAddr, registrar.getClientId(), ipAddressAllowList);
     throw new BadRegistrarIpAddressException();
   }
 
@@ -180,10 +181,10 @@ public class TlsCredentials implements TransportCredentials {
     }
   }
 
-  /** Registrar IP address is not in stored whitelist. */
+  /** Registrar IP address is not in stored allow list. */
   public static class BadRegistrarIpAddressException extends AuthenticationErrorException {
     public BadRegistrarIpAddressException() {
-      super("Registrar IP address is not in stored whitelist");
+      super("Registrar IP address is not in stored allow list");
     }
   }
 
diff --git a/core/src/main/java/google/registry/flows/domain/DomainCreateFlow.java b/core/src/main/java/google/registry/flows/domain/DomainCreateFlow.java
index e701e526d..c3a002a48 100644
--- a/core/src/main/java/google/registry/flows/domain/DomainCreateFlow.java
+++ b/core/src/main/java/google/registry/flows/domain/DomainCreateFlow.java
@@ -181,7 +181,7 @@ import org.joda.time.Duration;
  * @error {@link DomainFlowUtils.MissingRegistrantException}
  * @error {@link DomainFlowUtils.MissingTechnicalContactException}
  * @error {@link DomainFlowUtils.NameserversNotAllowedForTldException}
- * @error {@link DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverWhitelistException}
+ * @error {@link DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverAllowListException}
  * @error {@link DomainFlowUtils.PremiumNameBlockedException}
  * @error {@link DomainFlowUtils.RegistrantNotAllowedException}
  * @error {@link DomainFlowUtils.RegistrarMustBeActiveForThisOperationException}
diff --git a/core/src/main/java/google/registry/flows/domain/DomainFlowUtils.java b/core/src/main/java/google/registry/flows/domain/DomainFlowUtils.java
index d11d5416a..b98451ba2 100644
--- a/core/src/main/java/google/registry/flows/domain/DomainFlowUtils.java
+++ b/core/src/main/java/google/registry/flows/domain/DomainFlowUtils.java
@@ -338,11 +338,11 @@ public class DomainFlowUtils {
 
   static void validateNameserversCountForTld(String tld, InternetDomainName domainName, int count)
       throws EppException {
-    // For TLDs with a nameserver whitelist, all domains must have at least 1 nameserver.
-    ImmutableSet<String> tldNameserversWhitelist =
+    // For TLDs with a nameserver allow list, all domains must have at least 1 nameserver.
+    ImmutableSet<String> tldNameserversAllowList =
         Registry.get(tld).getAllowedFullyQualifiedHostNames();
-    if (!tldNameserversWhitelist.isEmpty() && count == 0) {
-      throw new NameserversNotSpecifiedForTldWithNameserverWhitelistException(
+    if (!tldNameserversAllowList.isEmpty() && count == 0) {
+      throw new NameserversNotSpecifiedForTldWithNameserverAllowListException(
           domainName.toString());
     }
     if (count > MAX_NAMESERVERS_PER_DOMAIN) {
@@ -398,21 +398,21 @@ public class DomainFlowUtils {
 
   static void validateRegistrantAllowedOnTld(String tld, String registrantContactId)
       throws RegistrantNotAllowedException {
-    ImmutableSet<String> whitelist = Registry.get(tld).getAllowedRegistrantContactIds();
-    // Empty whitelist or null registrantContactId are ignored.
+    ImmutableSet<String> allowedRegistrants = Registry.get(tld).getAllowedRegistrantContactIds();
+    // Empty allow list or null registrantContactId are ignored.
     if (registrantContactId != null
-        && !whitelist.isEmpty()
-        && !whitelist.contains(registrantContactId)) {
+        && !allowedRegistrants.isEmpty()
+        && !allowedRegistrants.contains(registrantContactId)) {
       throw new RegistrantNotAllowedException(registrantContactId);
     }
   }
 
   static void validateNameserversAllowedOnTld(String tld, Set<String> fullyQualifiedHostNames)
       throws EppException {
-    ImmutableSet<String> whitelist = Registry.get(tld).getAllowedFullyQualifiedHostNames();
+    ImmutableSet<String> allowedHostNames = Registry.get(tld).getAllowedFullyQualifiedHostNames();
     Set<String> hostnames = nullToEmpty(fullyQualifiedHostNames);
-    if (!whitelist.isEmpty()) { // Empty whitelist is ignored.
-      Set<String> disallowedNameservers = difference(hostnames, whitelist);
+    if (!allowedHostNames.isEmpty()) { // Empty allow list is ignored.
+      Set<String> disallowedNameservers = difference(hostnames, allowedHostNames);
       if (!disallowedNameservers.isEmpty()) {
         throw new NameserversNotAllowedForTldException(disallowedNameservers);
       }
@@ -1383,32 +1383,32 @@ public class DomainFlowUtils {
     }
   }
 
-  /** Registrant is not whitelisted for this TLD. */
+  /** Registrant is not allow-listed for this TLD. */
   public static class RegistrantNotAllowedException extends StatusProhibitsOperationException {
     public RegistrantNotAllowedException(String contactId) {
-      super(String.format("Registrant with id %s is not whitelisted for this TLD", contactId));
+      super(String.format("Registrant with id %s is not allow-listed for this TLD", contactId));
     }
   }
 
-  /** Nameservers are not whitelisted for this TLD. */
+  /** Nameservers are not allow-listed for this TLD. */
   public static class NameserversNotAllowedForTldException
       extends StatusProhibitsOperationException {
     public NameserversNotAllowedForTldException(Set<String> fullyQualifiedHostNames) {
       super(
           String.format(
-              "Nameservers '%s' are not whitelisted for this TLD",
+              "Nameservers '%s' are not allow-listed for this TLD",
               Joiner.on(',').join(fullyQualifiedHostNames)));
     }
   }
 
-  /** Nameservers not specified for domain on TLD with nameserver whitelist. */
-  public static class NameserversNotSpecifiedForTldWithNameserverWhitelistException
+  /** Nameservers not specified for domain on TLD with nameserver allow list. */
+  public static class NameserversNotSpecifiedForTldWithNameserverAllowListException
       extends StatusProhibitsOperationException {
-    public NameserversNotSpecifiedForTldWithNameserverWhitelistException(String domain) {
+    public NameserversNotSpecifiedForTldWithNameserverAllowListException(String domain) {
       super(
           String.format(
               "At least one nameserver must be specified for domain %s"
-                  + " on a TLD with nameserver whitelist",
+                  + " on a TLD with nameserver allow list",
               domain));
     }
   }
diff --git a/core/src/main/java/google/registry/flows/domain/DomainInfoFlow.java b/core/src/main/java/google/registry/flows/domain/DomainInfoFlow.java
index 88dd0f2f5..fd1e47a62 100644
--- a/core/src/main/java/google/registry/flows/domain/DomainInfoFlow.java
+++ b/core/src/main/java/google/registry/flows/domain/DomainInfoFlow.java
@@ -118,12 +118,9 @@ public final class DomainInfoFlow implements Flow {
       infoBuilder
           .setStatusValues(domain.getStatusValues())
           .setContacts(loadForeignKeyedDesignatedContacts(domain.getContacts()))
-          .setNameservers(hostsRequest.requestDelegated()
-              ? domain.loadNameserverHostNames()
-              : null)
-          .setSubordinateHosts(hostsRequest.requestSubordinate()
-              ? domain.getSubordinateHosts()
-              : null)
+          .setNameservers(hostsRequest.requestDelegated() ? domain.loadNameserverHostNames() : null)
+          .setSubordinateHosts(
+              hostsRequest.requestSubordinate() ? domain.getSubordinateHosts() : null)
           .setCreationClientId(domain.getCreationClientId())
           .setCreationTime(domain.getCreationTime())
           .setLastEppUpdateClientId(domain.getLastEppUpdateClientId())
diff --git a/core/src/main/java/google/registry/flows/domain/DomainUpdateFlow.java b/core/src/main/java/google/registry/flows/domain/DomainUpdateFlow.java
index 3b4a78c62..5c9be0f87 100644
--- a/core/src/main/java/google/registry/flows/domain/DomainUpdateFlow.java
+++ b/core/src/main/java/google/registry/flows/domain/DomainUpdateFlow.java
@@ -57,6 +57,7 @@ import google.registry.flows.custom.DomainUpdateFlowCustomLogic.AfterValidationP
 import google.registry.flows.custom.DomainUpdateFlowCustomLogic.BeforeSaveParameters;
 import google.registry.flows.custom.EntityChanges;
 import google.registry.flows.domain.DomainFlowUtils.MissingRegistrantException;
+import google.registry.flows.domain.DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverAllowListException;
 import google.registry.model.ImmutableObject;
 import google.registry.model.billing.BillingEvent;
 import google.registry.model.billing.BillingEvent.Reason;
@@ -109,7 +110,7 @@ import org.joda.time.DateTime;
  * @error {@link DomainFlowUtils.MissingTechnicalContactException}
  * @error {@link DomainFlowUtils.MissingRegistrantException}
  * @error {@link DomainFlowUtils.NameserversNotAllowedForTldException}
- * @error {@link DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverWhitelistException}
+ * @error {@link NameserversNotSpecifiedForTldWithNameserverAllowListException}
  * @error {@link DomainFlowUtils.NotAuthorizedForTldException}
  * @error {@link DomainFlowUtils.RegistrantNotAllowedException}
  * @error {@link DomainFlowUtils.SecDnsAllUsageException}
diff --git a/core/src/main/java/google/registry/flows/host/HostInfoFlow.java b/core/src/main/java/google/registry/flows/host/HostInfoFlow.java
index ca801ae2c..ff4e0fa82 100644
--- a/core/src/main/java/google/registry/flows/host/HostInfoFlow.java
+++ b/core/src/main/java/google/registry/flows/host/HostInfoFlow.java
@@ -90,16 +90,17 @@ public final class HostInfoFlow implements Flow {
           .setLastTransferTime(host.getLastTransferTime());
     }
     return responseBuilder
-        .setResData(hostInfoDataBuilder
-            .setFullyQualifiedHostName(host.getHostName())
-            .setRepoId(host.getRepoId())
-            .setStatusValues(statusValues.build())
-            .setInetAddresses(host.getInetAddresses())
-            .setCreationClientId(host.getCreationClientId())
-            .setCreationTime(host.getCreationTime())
-            .setLastEppUpdateClientId(host.getLastEppUpdateClientId())
-            .setLastEppUpdateTime(host.getLastEppUpdateTime())
-            .build())
+        .setResData(
+            hostInfoDataBuilder
+                .setFullyQualifiedHostName(host.getHostName())
+                .setRepoId(host.getRepoId())
+                .setStatusValues(statusValues.build())
+                .setInetAddresses(host.getInetAddresses())
+                .setCreationClientId(host.getCreationClientId())
+                .setCreationTime(host.getCreationTime())
+                .setLastEppUpdateClientId(host.getLastEppUpdateClientId())
+                .setLastEppUpdateTime(host.getLastEppUpdateTime())
+                .build())
         .build();
   }
 }
diff --git a/core/src/main/java/google/registry/flows/host/HostUpdateFlow.java b/core/src/main/java/google/registry/flows/host/HostUpdateFlow.java
index 744677bb0..a09935f91 100644
--- a/core/src/main/java/google/registry/flows/host/HostUpdateFlow.java
+++ b/core/src/main/java/google/registry/flows/host/HostUpdateFlow.java
@@ -175,19 +175,21 @@ public final class HostUpdateFlow implements TransactionalFlow {
         newSuperordinateDomain.isPresent()
             ? newSuperordinateDomain.get().getCurrentSponsorClientId()
             : owningResource.getPersistedCurrentSponsorClientId();
-    HostResource newHost = existingHost.asBuilder()
-        .setHostName(newHostName)
-        .addStatusValues(add.getStatusValues())
-        .removeStatusValues(remove.getStatusValues())
-        .addInetAddresses(add.getInetAddresses())
-        .removeInetAddresses(remove.getInetAddresses())
-        .setLastEppUpdateTime(now)
-        .setLastEppUpdateClientId(clientId)
-        .setSuperordinateDomain(newSuperordinateDomainKey)
-        .setLastSuperordinateChange(lastSuperordinateChange)
-        .setLastTransferTime(lastTransferTime)
-        .setPersistedCurrentSponsorClientId(newPersistedClientId)
-        .build();
+    HostResource newHost =
+        existingHost
+            .asBuilder()
+            .setHostName(newHostName)
+            .addStatusValues(add.getStatusValues())
+            .removeStatusValues(remove.getStatusValues())
+            .addInetAddresses(add.getInetAddresses())
+            .removeInetAddresses(remove.getInetAddresses())
+            .setLastEppUpdateTime(now)
+            .setLastEppUpdateClientId(clientId)
+            .setSuperordinateDomain(newSuperordinateDomainKey)
+            .setLastSuperordinateChange(lastSuperordinateChange)
+            .setLastTransferTime(lastTransferTime)
+            .setPersistedCurrentSponsorClientId(newPersistedClientId)
+            .build();
     verifyHasIpsIffIsExternal(command, existingHost, newHost);
     ImmutableSet.Builder<ImmutableObject> entitiesToSave = new ImmutableSet.Builder<>();
     entitiesToSave.add(newHost);
diff --git a/core/src/main/java/google/registry/model/OteAccountBuilder.java b/core/src/main/java/google/registry/model/OteAccountBuilder.java
index 313e8cfaa..24f276073 100644
--- a/core/src/main/java/google/registry/model/OteAccountBuilder.java
+++ b/core/src/main/java/google/registry/model/OteAccountBuilder.java
@@ -57,17 +57,17 @@ import org.joda.time.Duration;
  * <p>This includes the TLDs (Registries), Registrars, and the RegistrarContacts that can access the
  * web console.
  *
- * This class is basically a "builder" for the parameters needed to generate the OT&amp;E entities.
- * Nothing is created until you call {@link #buildAndPersist}.
+ * <p>This class is basically a "builder" for the parameters needed to generate the OT&amp;E
+ * entities. Nothing is created until you call {@link #buildAndPersist}.
  *
- * Usage example:
+ * <p>Usage example:
  *
- * <pre>   {@code
+ * <pre>{@code
  * OteAccountBuilder.forClientId("example")
  *     .addContact("contact@email.com") // OPTIONAL
  *     .setPassword("password") // OPTIONAL
  *     .setCertificateHash(certificateHash) // OPTIONAL
- *     .setIpWhitelist(ImmutableList.of("1.1.1.1", "2.2.2.0/24")) // OPTIONAL
+ *     .setIpAllowList(ImmutableList.of("1.1.1.1", "2.2.2.0/24")) // OPTIONAL
  *     .buildAndPersist();
  * }</pre>
  */
@@ -221,11 +221,11 @@ public final class OteAccountBuilder {
     return transformRegistrars(builder -> builder.setClientCertificate(asciiCert, now));
   }
 
-  /** Sets the IP whitelist to all the OT&amp;E Registrars. */
-  public OteAccountBuilder setIpWhitelist(Collection<String> ipWhitelist) {
-    ImmutableList<CidrAddressBlock> ipAddressWhitelist =
-        ipWhitelist.stream().map(CidrAddressBlock::create).collect(toImmutableList());
-    return transformRegistrars(builder -> builder.setIpAddressWhitelist(ipAddressWhitelist));
+  /** Sets the IP allow list to all the OT&amp;E Registrars. */
+  public OteAccountBuilder setIpAllowList(Collection<String> ipAllowList) {
+    ImmutableList<CidrAddressBlock> ipAddressAllowList =
+        ipAllowList.stream().map(CidrAddressBlock::create).collect(toImmutableList());
+    return transformRegistrars(builder -> builder.setIpAddressAllowList(ipAddressAllowList));
   }
 
   /**
diff --git a/core/src/main/java/google/registry/model/domain/DomainBase.java b/core/src/main/java/google/registry/model/domain/DomainBase.java
index 0ca4bf542..deaceac7b 100644
--- a/core/src/main/java/google/registry/model/domain/DomainBase.java
+++ b/core/src/main/java/google/registry/model/domain/DomainBase.java
@@ -139,7 +139,8 @@ public class DomainBase extends EppResource
    */
   // TODO(b/158858642): Rename this to domainName when we are off Datastore
   @Column(name = "domainName")
-  @Index String fullyQualifiedDomainName;
+  @Index
+  String fullyQualifiedDomainName;
 
   /** The top level domain this is under, dernormalized from {@link #fullyQualifiedDomainName}. */
   @Index
@@ -680,8 +681,7 @@ public class DomainBase extends EppResource
         removeStatusValue(StatusValue.INACTIVE);
       }
 
-      checkArgumentNotNull(
-          emptyToNull(instance.fullyQualifiedDomainName), "Missing domainName");
+      checkArgumentNotNull(emptyToNull(instance.fullyQualifiedDomainName), "Missing domainName");
       if (instance.getRegistrant() == null
           && instance.allContacts.stream().anyMatch(IS_REGISTRANT)) {
         throw new IllegalArgumentException("registrant is null but is in allContacts");
diff --git a/core/src/main/java/google/registry/model/eppcommon/StatusValue.java b/core/src/main/java/google/registry/model/eppcommon/StatusValue.java
index 644075e7a..9911b065e 100644
--- a/core/src/main/java/google/registry/model/eppcommon/StatusValue.java
+++ b/core/src/main/java/google/registry/model/eppcommon/StatusValue.java
@@ -128,7 +128,7 @@ public enum StatusValue implements EppEnum {
 
   /** Enum to help clearly list which resource types a status value is allowed to be present on. */
   private enum AllowedOn {
-    ALL(ContactResource.class, DomainBase.class, HostBase.class,  HostResource.class),
+    ALL(ContactResource.class, DomainBase.class, HostBase.class, HostResource.class),
     NONE,
     DOMAINS(DomainBase.class);
 
diff --git a/core/src/main/java/google/registry/model/registrar/Registrar.java b/core/src/main/java/google/registry/model/registrar/Registrar.java
index 12a3ef32b..2139a434f 100644
--- a/core/src/main/java/google/registry/model/registrar/Registrar.java
+++ b/core/src/main/java/google/registry/model/registrar/Registrar.java
@@ -296,7 +296,9 @@ public class Registrar extends ImmutableObject
   /** Base64 encoded SHA256 hash of {@link #failoverClientCertificate}. */
   String failoverClientCertificateHash;
 
-  /** A whitelist of netmasks (in CIDR notation) which the client is allowed to connect from. */
+  /** An allow list of netmasks (in CIDR notation) which the client is allowed to connect from. */
+  // TODO: Rename to ipAddressAllowList once Cloud SQL migration is complete.
+  @Column(name = "ip_address_allow_list")
   List<CidrAddressBlock> ipAddressWhitelist;
 
   /** A hashed password for EPP access. The hash is a base64 encoded SHA256 string. */
@@ -553,7 +555,7 @@ public class Registrar extends ImmutableObject
     return failoverClientCertificateHash;
   }
 
-  public ImmutableList<CidrAddressBlock> getIpAddressWhitelist() {
+  public ImmutableList<CidrAddressBlock> getIpAddressAllowList() {
     return nullToEmptyImmutableCopy(ipAddressWhitelist);
   }
 
@@ -674,7 +676,7 @@ public class Registrar extends ImmutableObject
         .put("phoneNumber", phoneNumber)
         .put("phonePasscode", phonePasscode)
         .putListOfStrings("allowedTlds", getAllowedTlds())
-        .putListOfStrings("ipAddressWhitelist", ipAddressWhitelist)
+        .putListOfStrings("ipAddressAllowList", getIpAddressAllowList())
         .putListOfJsonObjects("contacts", getContacts())
         .put("registryLockAllowed", registryLockAllowed)
         .build();
@@ -853,8 +855,8 @@ public class Registrar extends ImmutableObject
       return this;
     }
 
-    public Builder setIpAddressWhitelist(Iterable<CidrAddressBlock> ipAddressWhitelist) {
-      getInstance().ipAddressWhitelist = ImmutableList.copyOf(ipAddressWhitelist);
+    public Builder setIpAddressAllowList(Iterable<CidrAddressBlock> ipAddressAllowList) {
+      getInstance().ipAddressWhitelist = ImmutableList.copyOf(ipAddressAllowList);
       return this;
     }
 
diff --git a/core/src/main/java/google/registry/model/registry/Registry.java b/core/src/main/java/google/registry/model/registry/Registry.java
index e5000cd3d..85f341ce5 100644
--- a/core/src/main/java/google/registry/model/registry/Registry.java
+++ b/core/src/main/java/google/registry/model/registry/Registry.java
@@ -431,10 +431,10 @@ public class Registry extends ImmutableObject implements Buildable {
   /** The end of the claims period (at or after this time, claims no longer applies). */
   DateTime claimsPeriodEnd = END_OF_TIME;
 
-  /** A whitelist of clients allowed to be used on domains on this TLD (ignored if empty). */
+  /** An allow list of clients allowed to be used on domains on this TLD (ignored if empty). */
   Set<String> allowedRegistrantContactIds;
 
-  /** A whitelist of hosts allowed to be used on domains on this TLD (ignored if empty). */
+  /** An allow list of hosts allowed to be used on domains on this TLD (ignored if empty). */
   Set<String> allowedFullyQualifiedHostNames;
 
   public String getTldStr() {
diff --git a/core/src/main/java/google/registry/rdap/RdapDomainSearchAction.java b/core/src/main/java/google/registry/rdap/RdapDomainSearchAction.java
index 5650e3e84..aae5d869a 100644
--- a/core/src/main/java/google/registry/rdap/RdapDomainSearchAction.java
+++ b/core/src/main/java/google/registry/rdap/RdapDomainSearchAction.java
@@ -424,8 +424,7 @@ public class RdapDomainSearchAction extends RdapSearchActionBase {
     // and fetch all domains, to make sure that we can return the first domains in alphabetical
     // order.
     ImmutableSortedSet.Builder<DomainBase> domainSetBuilder =
-        ImmutableSortedSet.orderedBy(
-            Comparator.comparing(DomainBase::getDomainName));
+        ImmutableSortedSet.orderedBy(Comparator.comparing(DomainBase::getDomainName));
     int numHostKeysSearched = 0;
     for (List<VKey<HostResource>> chunk : Iterables.partition(hostKeys, 30)) {
       numHostKeysSearched += chunk.size();
@@ -444,8 +443,7 @@ public class RdapDomainSearchAction extends RdapSearchActionBase {
       Stream<DomainBase> stream = Streams.stream(query).filter(domain -> isAuthorized(domain));
       if (cursorString.isPresent()) {
         stream =
-            stream.filter(
-                domain -> (domain.getDomainName().compareTo(cursorString.get()) > 0));
+            stream.filter(domain -> (domain.getDomainName().compareTo(cursorString.get()) > 0));
       }
       stream.forEach(domainSetBuilder::add);
     }
diff --git a/core/src/main/java/google/registry/rdap/RdapJsonFormatter.java b/core/src/main/java/google/registry/rdap/RdapJsonFormatter.java
index bbc2a5f3a..11d2cf2d0 100644
--- a/core/src/main/java/google/registry/rdap/RdapJsonFormatter.java
+++ b/core/src/main/java/google/registry/rdap/RdapJsonFormatter.java
@@ -313,9 +313,7 @@ public class RdapJsonFormatter {
     // RDAP Technical Implementation Guide 3.2: must have link to the registrar's RDAP URL for this
     // domain, with rel=related.
     for (String registrarRdapBase : registrar.getRdapBaseUrls()) {
-      String href =
-          makeServerRelativeUrl(
-              registrarRdapBase, "domain", domainBase.getDomainName());
+      String href = makeServerRelativeUrl(registrarRdapBase, "domain", domainBase.getDomainName());
       builder
           .linksBuilder()
           .add(
@@ -409,9 +407,7 @@ public class RdapJsonFormatter {
    */
   RdapNameserver createRdapNameserver(HostResource hostResource, OutputDataType outputDataType) {
     RdapNameserver.Builder builder = RdapNameserver.builder();
-    builder
-        .linksBuilder()
-        .add(makeSelfLink("nameserver", hostResource.getHostName()));
+    builder.linksBuilder().add(makeSelfLink("nameserver", hostResource.getHostName()));
     if (outputDataType != OutputDataType.FULL) {
       builder.remarksBuilder().add(RdapIcannStandardInformation.SUMMARY_DATA_REMARK);
     }
diff --git a/core/src/main/java/google/registry/rdap/RdapNameserverSearchAction.java b/core/src/main/java/google/registry/rdap/RdapNameserverSearchAction.java
index 519e9f3e2..a60c9fe2c 100644
--- a/core/src/main/java/google/registry/rdap/RdapNameserverSearchAction.java
+++ b/core/src/main/java/google/registry/rdap/RdapNameserverSearchAction.java
@@ -269,10 +269,7 @@ public class RdapNameserverSearchAction extends RdapSearchActionBase {
     Optional<String> newCursor = Optional.empty();
     for (HostResource host : Iterables.limit(hosts, rdapResultSetMaxSize)) {
       newCursor =
-          Optional.of(
-              (cursorType == CursorType.NAME)
-                  ? host.getHostName()
-                  : host.getRepoId());
+          Optional.of((cursorType == CursorType.NAME) ? host.getHostName() : host.getRepoId());
       builder
           .nameserverSearchResultsBuilder()
           .add(rdapJsonFormatter.createRdapNameserver(host, outputDataType));
diff --git a/core/src/main/java/google/registry/rdap/UpdateRegistrarRdapBaseUrlsAction.java b/core/src/main/java/google/registry/rdap/UpdateRegistrarRdapBaseUrlsAction.java
index e9721d8b9..6974713f5 100644
--- a/core/src/main/java/google/registry/rdap/UpdateRegistrarRdapBaseUrlsAction.java
+++ b/core/src/main/java/google/registry/rdap/UpdateRegistrarRdapBaseUrlsAction.java
@@ -60,7 +60,7 @@ import javax.inject.Inject;
  * <p>It is a "login/query/logout" system where you login using the ICANN Reporting credentials, get
  * a cookie you then send to get the list and finally logout.
  *
- * <p>For clarity, this is how one would contact this endpoint "manually", from a whitelisted IP
+ * <p>For clarity, this is how one would contact this endpoint "manually", from an allow-listed IP
  * server:
  *
  * <p>$ curl [base]/login -I --user [tld]_ry:[password]
diff --git a/core/src/main/java/google/registry/reporting/icann/IcannReportingUploadAction.java b/core/src/main/java/google/registry/reporting/icann/IcannReportingUploadAction.java
index f543564f5..55b54ad96 100644
--- a/core/src/main/java/google/registry/reporting/icann/IcannReportingUploadAction.java
+++ b/core/src/main/java/google/registry/reporting/icann/IcannReportingUploadAction.java
@@ -266,15 +266,15 @@ public final class IcannReportingUploadAction implements Runnable {
   private static final String ICANN_UPLOAD_PERMANENT_ERROR_MESSAGE =
       "A report for that month already exists, the cut-off date already passed";
 
-  /** Don't retry when the IP address isn't whitelisted, as retries go through the same IP. */
-  private static final Pattern ICANN_UPLOAD_WHITELIST_ERROR =
+  /** Don't retry when the IP address isn't allow-listed, as retries go through the same IP. */
+  private static final Pattern ICANN_UPLOAD_ALLOW_LIST_ERROR =
       Pattern.compile("Your IP address .+ is not allowed to connect");
 
   /** Predicate to retry uploads on IOException, so long as they aren't non-retryable errors. */
   private static boolean isUploadFailureRetryable(Throwable e) {
     return (e instanceof IOException)
         && !e.getMessage().contains(ICANN_UPLOAD_PERMANENT_ERROR_MESSAGE)
-        && !ICANN_UPLOAD_WHITELIST_ERROR.matcher(e.getMessage()).matches();
+        && !ICANN_UPLOAD_ALLOW_LIST_ERROR.matcher(e.getMessage()).matches();
   }
 
   private void emailUploadResults(ImmutableMap<String, Boolean> reportSummary) {
diff --git a/core/src/main/java/google/registry/request/auth/Auth.java b/core/src/main/java/google/registry/request/auth/Auth.java
index 4d8091f8b..d76dec6c3 100644
--- a/core/src/main/java/google/registry/request/auth/Auth.java
+++ b/core/src/main/java/google/registry/request/auth/Auth.java
@@ -59,13 +59,11 @@ public enum Auth {
   /**
    * Allows anyone access, as long as they use OAuth to authenticate.
    *
-   * Also allows access from App Engine task-queue. Note that OAuth client ID still needs to be
-   * whitelisted in the config file for OAuth-based authentication to succeed.
+   * <p>Also allows access from App Engine task-queue. Note that OAuth client ID still needs to be
+   * allow-listed in the config file for OAuth-based authentication to succeed.
    */
   AUTH_PUBLIC_OR_INTERNAL(
-      ImmutableList.of(AuthMethod.INTERNAL, AuthMethod.API),
-      AuthLevel.APP,
-      UserPolicy.PUBLIC),
+      ImmutableList.of(AuthMethod.INTERNAL, AuthMethod.API), AuthLevel.APP, UserPolicy.PUBLIC),
 
   /**
    * Allows only admins or App Engine task-queue access.
diff --git a/core/src/main/java/google/registry/tools/CreateOrUpdateRegistrarCommand.java b/core/src/main/java/google/registry/tools/CreateOrUpdateRegistrarCommand.java
index 8f3b9ccf7..091ddac5e 100644
--- a/core/src/main/java/google/registry/tools/CreateOrUpdateRegistrarCommand.java
+++ b/core/src/main/java/google/registry/tools/CreateOrUpdateRegistrarCommand.java
@@ -153,9 +153,9 @@ abstract class CreateOrUpdateRegistrarCommand extends MutatingCommand {
   Path failoverClientCertificateFilename;
 
   @Parameter(
-      names = "--ip_whitelist",
-      description = "Comma-delimited list of IP ranges. An empty string clears the whitelist.")
-  List<String> ipWhitelist = new ArrayList<>();
+      names = "--ip_allow_list",
+      description = "Comma-delimited list of IP ranges. An empty string clears the allow list.")
+  List<String> ipAllowList = new ArrayList<>();
 
   @Nullable
   @Parameter(
@@ -343,16 +343,16 @@ abstract class CreateOrUpdateRegistrarCommand extends MutatingCommand {
         }
         builder.setAllowedTlds(allowedTldsBuilder.build());
       }
-      if (!ipWhitelist.isEmpty()) {
-        ImmutableList.Builder<CidrAddressBlock> ipWhitelistBuilder = new ImmutableList.Builder<>();
-        if (!(ipWhitelist.size() == 1 && ipWhitelist.get(0).contains("null"))) {
-          for (String ipRange : ipWhitelist) {
+      if (!ipAllowList.isEmpty()) {
+        ImmutableList.Builder<CidrAddressBlock> ipAllowListBuilder = new ImmutableList.Builder<>();
+        if (!(ipAllowList.size() == 1 && ipAllowList.get(0).contains("null"))) {
+          for (String ipRange : ipAllowList) {
             if (!ipRange.isEmpty()) {
-              ipWhitelistBuilder.add(CidrAddressBlock.create(ipRange));
+              ipAllowListBuilder.add(CidrAddressBlock.create(ipRange));
             }
           }
         }
-        builder.setIpAddressWhitelist(ipWhitelistBuilder.build());
+        builder.setIpAddressAllowList(ipAllowListBuilder.build());
       }
       if (clientCertificateFilename != null) {
         String asciiCert = new String(Files.readAllBytes(clientCertificateFilename), US_ASCII);
diff --git a/core/src/main/java/google/registry/tools/GenerateDnsReportCommand.java b/core/src/main/java/google/registry/tools/GenerateDnsReportCommand.java
index c28334bf4..ac70ea620 100644
--- a/core/src/main/java/google/registry/tools/GenerateDnsReportCommand.java
+++ b/core/src/main/java/google/registry/tools/GenerateDnsReportCommand.java
@@ -127,9 +127,8 @@ final class GenerateDnsReportCommand implements CommandWithRemoteApi {
               .map(InetAddress::getHostAddress)
               .sorted()
               .collect(toImmutableList());
-      ImmutableMap<String, ?> map  = ImmutableMap.of(
-          "host", nameserver.getHostName(),
-          "ips", ipAddresses);
+      ImmutableMap<String, ?> map =
+          ImmutableMap.of("host", nameserver.getHostName(), "ips", ipAddresses);
       writeJson(map);
     }
 
diff --git a/core/src/main/java/google/registry/tools/SetupOteCommand.java b/core/src/main/java/google/registry/tools/SetupOteCommand.java
index 935bf81fd..a61af79df 100644
--- a/core/src/main/java/google/registry/tools/SetupOteCommand.java
+++ b/core/src/main/java/google/registry/tools/SetupOteCommand.java
@@ -46,10 +46,10 @@ final class SetupOteCommand extends ConfirmingCommand implements CommandWithRemo
   private String registrar;
 
   @Parameter(
-      names = {"-w", "--ip_whitelist"},
+      names = {"-a", "--ip_allow_list"},
       description = "Comma-separated list of IP addreses or CIDR ranges.",
       required = true)
-  private List<String> ipWhitelist = new ArrayList<>();
+  private List<String> ipAllowList = new ArrayList<>();
 
   @Parameter(
       names = {"--email"},
@@ -98,7 +98,7 @@ final class SetupOteCommand extends ConfirmingCommand implements CommandWithRemo
         OteAccountBuilder.forClientId(registrar)
             .addContact(email)
             .setPassword(password)
-            .setIpWhitelist(ipWhitelist)
+            .setIpAllowList(ipAllowList)
             .setReplaceExisting(overwrite);
 
     if (certFile != null) {
diff --git a/core/src/main/java/google/registry/tools/UpdateDomainCommand.java b/core/src/main/java/google/registry/tools/UpdateDomainCommand.java
index c2cd0be06..6c5bb0ec7 100644
--- a/core/src/main/java/google/registry/tools/UpdateDomainCommand.java
+++ b/core/src/main/java/google/registry/tools/UpdateDomainCommand.java
@@ -183,8 +183,7 @@ final class UpdateDomainCommand extends CreateOrUpdateDomainCommand {
                 + "to make updates, and if so, use the domain_unlock command to enable updates.",
             domain);
         if (!nameservers.isEmpty()) {
-          ImmutableSortedSet<String> existingNameservers =
-              domainBase.loadNameserverHostNames();
+          ImmutableSortedSet<String> existingNameservers = domainBase.loadNameserverHostNames();
           populateAddRemoveLists(
               ImmutableSet.copyOf(nameservers),
               existingNameservers,
diff --git a/core/src/main/java/google/registry/tools/javascrap/BackfillRegistryLocksCommand.java b/core/src/main/java/google/registry/tools/javascrap/BackfillRegistryLocksCommand.java
index 05632951d..b26356f99 100644
--- a/core/src/main/java/google/registry/tools/javascrap/BackfillRegistryLocksCommand.java
+++ b/core/src/main/java/google/registry/tools/javascrap/BackfillRegistryLocksCommand.java
@@ -83,9 +83,7 @@ public class BackfillRegistryLocksCommand extends ConfirmingCommand
     lockedDomains =
         jpaTm().transact(() -> getLockedDomainsWithoutLocks(jpaTm().getTransactionTime()));
     ImmutableList<String> lockedDomainNames =
-        lockedDomains.stream()
-            .map(DomainBase::getDomainName)
-            .collect(toImmutableList());
+        lockedDomains.stream().map(DomainBase::getDomainName).collect(toImmutableList());
     return String.format(
         "Locked domains for which there does not exist a RegistryLock object: %s",
         lockedDomainNames);
@@ -112,8 +110,7 @@ public class BackfillRegistryLocksCommand extends ConfirmingCommand
                           .build());
                 } catch (Throwable t) {
                   logger.atSevere().withCause(t).log(
-                      "Error when creating lock object for domain %s.",
-                      domainBase.getDomainName());
+                      "Error when creating lock object for domain %s.", domainBase.getDomainName());
                   failedDomainsBuilder.add(domainBase);
                 }
               }
diff --git a/core/src/main/java/google/registry/tools/javascrap/RemoveIpAddressCommand.java b/core/src/main/java/google/registry/tools/javascrap/RemoveIpAddressCommand.java
index 6df5b22eb..17670c3f9 100644
--- a/core/src/main/java/google/registry/tools/javascrap/RemoveIpAddressCommand.java
+++ b/core/src/main/java/google/registry/tools/javascrap/RemoveIpAddressCommand.java
@@ -73,10 +73,12 @@ public class RemoveIpAddressCommand extends MutatingEppToolCommand {
       // Build and execute the EPP command.
       setSoyTemplate(
           RemoveIpAddressSoyInfo.getInstance(), RemoveIpAddressSoyInfo.REMOVE_IP_ADDRESS);
-      addSoyRecord(registrarId, new SoyMapData(
-          "name", host.getHostName(),
-          "ipAddresses", ipAddresses,
-          "requestedByRegistrar", registrarId));
+      addSoyRecord(
+          registrarId,
+          new SoyMapData(
+              "name", host.getHostName(),
+              "ipAddresses", ipAddresses,
+              "requestedByRegistrar", registrarId));
     }
   }
 }
diff --git a/core/src/main/java/google/registry/tools/server/GenerateZoneFilesAction.java b/core/src/main/java/google/registry/tools/server/GenerateZoneFilesAction.java
index d70dd8518..e0410adea 100644
--- a/core/src/main/java/google/registry/tools/server/GenerateZoneFilesAction.java
+++ b/core/src/main/java/google/registry/tools/server/GenerateZoneFilesAction.java
@@ -284,12 +284,13 @@ public class GenerateZoneFilesAction implements Runnable, JsonActionRunner.JsonA
     StringBuilder result = new StringBuilder();
     String domainLabel = stripTld(domain.getDomainName(), domain.getTld());
     for (HostResource nameserver : tm().load(domain.getNameservers())) {
-      result.append(String.format(
-          NS_FORMAT,
-          domainLabel,
-          dnsDefaultNsTtl.getStandardSeconds(),
-          // Load the nameservers at the export time in case they've been renamed or deleted.
-          loadAtPointInTime(nameserver, exportTime).now().getHostName()));
+      result.append(
+          String.format(
+              NS_FORMAT,
+              domainLabel,
+              dnsDefaultNsTtl.getStandardSeconds(),
+              // Load the nameservers at the export time in case they've been renamed or deleted.
+              loadAtPointInTime(nameserver, exportTime).now().getHostName()));
     }
     for (DelegationSignerData dsData : domain.getDsData()) {
       result.append(
@@ -319,12 +320,13 @@ public class GenerateZoneFilesAction implements Runnable, JsonActionRunner.JsonA
     for (InetAddress addr : host.getInetAddresses()) {
       // must be either IPv4 or IPv6
       String rrSetClass = (addr instanceof Inet4Address) ? "A" : "AAAA";
-      result.append(String.format(
-          A_FORMAT,
-          stripTld(host.getHostName(), tld),
-          dnsDefaultATtl.getStandardSeconds(),
-          rrSetClass,
-          addr.getHostAddress()));
+      result.append(
+          String.format(
+              A_FORMAT,
+              stripTld(host.getHostName(), tld),
+              dnsDefaultATtl.getStandardSeconds(),
+              rrSetClass,
+              addr.getHostAddress()));
     }
     return result.toString();
   }
diff --git a/core/src/main/java/google/registry/ui/server/RegistrarFormFields.java b/core/src/main/java/google/registry/ui/server/RegistrarFormFields.java
index 145f94a60..25476155f 100644
--- a/core/src/main/java/google/registry/ui/server/RegistrarFormFields.java
+++ b/core/src/main/java/google/registry/ui/server/RegistrarFormFields.java
@@ -158,8 +158,8 @@ public final class RegistrarFormFields {
       FormFields.MIN_TOKEN.asBuilderNamed("url")
           .build();
 
-  public static final FormField<List<String>, List<CidrAddressBlock>> IP_ADDRESS_WHITELIST_FIELD =
-      FormField.named("ipAddressWhitelist")
+  public static final FormField<List<String>, List<CidrAddressBlock>> IP_ADDRESS_ALLOW_LIST_FIELD =
+      FormField.named("ipAddressAllowList")
           .emptyToNull()
           .transform(CidrAddressBlock.class, RegistrarFormFields::parseCidr)
           .asList()
diff --git a/core/src/main/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java b/core/src/main/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java
index 5d177672a..59b4cc522 100644
--- a/core/src/main/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java
+++ b/core/src/main/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java
@@ -302,8 +302,8 @@ public class RegistrarSettingsAction implements Runnable, JsonActionRunner.JsonA
         RegistrarFormFields.L10N_ADDRESS_FIELD.extractUntyped(args).orElse(null));
 
     // Security
-    builder.setIpAddressWhitelist(
-        RegistrarFormFields.IP_ADDRESS_WHITELIST_FIELD
+    builder.setIpAddressAllowList(
+        RegistrarFormFields.IP_ADDRESS_ALLOW_LIST_FIELD
             .extractUntyped(args)
             .orElse(ImmutableList.of()));
     RegistrarFormFields.CLIENT_CERTIFICATE_FIELD
diff --git a/core/src/main/java/google/registry/whois/DomainWhoisResponse.java b/core/src/main/java/google/registry/whois/DomainWhoisResponse.java
index ccab795fa..82943c5a1 100644
--- a/core/src/main/java/google/registry/whois/DomainWhoisResponse.java
+++ b/core/src/main/java/google/registry/whois/DomainWhoisResponse.java
@@ -88,9 +88,7 @@ final class DomainWhoisResponse extends WhoisResponseImpl {
             .findFirst();
     return WhoisResponseResults.create(
         new DomainEmitter()
-            .emitField(
-                "Domain Name",
-                maybeFormatHostname(domain.getDomainName(), preferUnicode))
+            .emitField("Domain Name", maybeFormatHostname(domain.getDomainName(), preferUnicode))
             .emitField("Registry Domain ID", domain.getRepoId())
             .emitField("Registrar WHOIS Server", registrar.getWhoisServer())
             .emitField("Registrar URL", registrar.getUrl())
diff --git a/core/src/main/java/google/registry/whois/NameserverLookupByIpCommand.java b/core/src/main/java/google/registry/whois/NameserverLookupByIpCommand.java
index 9a8768f15..b973e9bf2 100644
--- a/core/src/main/java/google/registry/whois/NameserverLookupByIpCommand.java
+++ b/core/src/main/java/google/registry/whois/NameserverLookupByIpCommand.java
@@ -51,8 +51,7 @@ final class NameserverLookupByIpCommand implements WhoisCommand {
         Streams.stream(queryNotDeleted(HostResource.class, now, "inetAddresses", ipAddress))
             .filter(
                 host ->
-                    Registries.findTldForName(
-                            InternetDomainName.from(host.getHostName()))
+                    Registries.findTldForName(InternetDomainName.from(host.getHostName()))
                         .isPresent())
             .collect(toImmutableList());
     if (hosts.isEmpty()) {
diff --git a/core/src/main/java/google/registry/whois/NameserverWhoisResponse.java b/core/src/main/java/google/registry/whois/NameserverWhoisResponse.java
index f2f6eab04..47a35ded2 100644
--- a/core/src/main/java/google/registry/whois/NameserverWhoisResponse.java
+++ b/core/src/main/java/google/registry/whois/NameserverWhoisResponse.java
@@ -56,8 +56,7 @@ final class NameserverWhoisResponse extends WhoisResponseImpl {
       Optional<Registrar> registrar = Registrar.loadByClientIdCached(clientId);
       checkState(registrar.isPresent(), "Could not load registrar %s", clientId);
       emitter
-          .emitField(
-              "Server Name", maybeFormatHostname(host.getHostName(), preferUnicode))
+          .emitField("Server Name", maybeFormatHostname(host.getHostName(), preferUnicode))
           .emitSet("IP Address", host.getInetAddresses(), InetAddresses::toAddrString)
           .emitField("Registrar", registrar.get().getRegistrarName())
           .emitField("Registrar WHOIS Server", registrar.get().getWhoisServer())
diff --git a/core/src/main/javascript/google/registry/ui/externs/json.js b/core/src/main/javascript/google/registry/ui/externs/json.js
index 3820a7e0d..e808201bf 100644
--- a/core/src/main/javascript/google/registry/ui/externs/json.js
+++ b/core/src/main/javascript/google/registry/ui/externs/json.js
@@ -140,7 +140,7 @@ registry.json.Response.prototype.results;
  *   driveFolderId: string?,
  *   ianaIdentifier: (number?|undefined),
  *   icannReferralEmail: string,
- *   ipAddressWhitelist: !Array<string>,
+ *   ipAddressAllowList: !Array<string>,
  *   emailAddress: (string?|undefined),
  *   lastUpdateTime: string,
  *   url: (string?|undefined),
diff --git a/core/src/main/javascript/google/registry/ui/js/registrar/security_settings.js b/core/src/main/javascript/google/registry/ui/js/registrar/security_settings.js
index 8c092b63e..f699131c0 100644
--- a/core/src/main/javascript/google/registry/ui/js/registrar/security_settings.js
+++ b/core/src/main/javascript/google/registry/ui/js/registrar/security_settings.js
@@ -64,8 +64,8 @@ registry.registrar.SecuritySettings.prototype.setupEditor =
                        goog.events.EventType.CLICK,
                        goog.bind(this.onIpRemove_, this, remBtn));
   }, this);
-  this.typeCounts['reg-ips'] = objArgs.ipAddressWhitelist ?
-      objArgs.ipAddressWhitelist.length : 0;
+  this.typeCounts['reg-ips'] = objArgs.ipAddressAllowList ?
+      objArgs.ipAddressAllowList.length : 0;
 
   goog.events.listen(goog.dom.getRequiredElement('btn-add-ip'),
                      goog.events.EventType.CLICK,
@@ -82,7 +82,7 @@ registry.registrar.SecuritySettings.prototype.setupEditor =
 registry.registrar.SecuritySettings.prototype.onIpAdd_ = function() {
   var ipInputElt = goog.dom.getRequiredElement('newIp');
   var ipElt = goog.soy.renderAsFragment(registry.soy.registrar.security.ip, {
-    name: 'ipAddressWhitelist[' + this.typeCounts['reg-ips'] + ']',
+    name: 'ipAddressAllowList[' + this.typeCounts['reg-ips'] + ']',
     ip: ipInputElt.value
   });
   goog.dom.appendChild(goog.dom.getRequiredElement('ips'), ipElt);
diff --git a/core/src/main/javascript/soyutils_usegoog.js b/core/src/main/javascript/soyutils_usegoog.js
index a5b40ac7d..53d434445 100644
--- a/core/src/main/javascript/soyutils_usegoog.js
+++ b/core/src/main/javascript/soyutils_usegoog.js
@@ -849,7 +849,7 @@ soy.$$escapeHtml = function(value) {
  *
  * @param {?} value The string-like value to be escaped. May not be a string,
  *     but the value will be coerced to a string.
- * @param {Array<string>=} opt_safeTags Additional tag names to whitelist.
+ * @param {Array<string>=} opt_safeTags Additional tag names to allow-list.
  * @return {!goog.soy.data.SanitizedHtml} A sanitized and normalized version of
  *     value.
  */
@@ -858,15 +858,15 @@ soy.$$cleanHtml = function(value, opt_safeTags) {
     goog.asserts.assert(value.constructor === goog.soy.data.SanitizedHtml);
     return /** @type {!goog.soy.data.SanitizedHtml} */ (value);
   }
-  var tagWhitelist;
+  var tagAllowList;
   if (opt_safeTags) {
-    tagWhitelist = goog.object.createSet(opt_safeTags);
-    goog.object.extend(tagWhitelist, soy.esc.$$SAFE_TAG_WHITELIST_);
+    tagAllowList = goog.object.createSet(opt_safeTags);
+    goog.object.extend(tagAllowList, soy.esc.$$SAFE_TAG_ALLOW_LIST_);
   } else {
-    tagWhitelist = soy.esc.$$SAFE_TAG_WHITELIST_;
+    tagAllowList = soy.esc.$$SAFE_TAG_ALLOW_LIST_;
   }
   return soydata.VERY_UNSAFE.ordainSanitizedHtml(
-      soy.$$stripHtmlTags(value, tagWhitelist), soydata.getContentDir(value));
+      soy.$$stripHtmlTags(value, tagAllowList), soydata.getContentDir(value));
 };
 
 
@@ -925,19 +925,19 @@ soy.$$HTML5_VOID_ELEMENTS_ = new RegExp(
 
 /**
  * Removes HTML tags from a string of known safe HTML.
- * If opt_tagWhitelist is not specified or is empty, then
+ * If opt_tagAllowList is not specified or is empty, then
  * the result can be used as an attribute value.
  *
  * @param {*} value The HTML to be escaped. May not be a string, but the
  *     value will be coerced to a string.
- * @param {Object<string, boolean>=} opt_tagWhitelist Has an own property whose
+ * @param {Object<string, boolean>=} opt_tagAllowList Has an own property whose
  *     name is a lower-case tag name and whose value is `1` for
  *     each element that is allowed in the output.
  * @return {string} A representation of value without disallowed tags,
  *     HTML comments, or other non-text content.
  */
-soy.$$stripHtmlTags = function(value, opt_tagWhitelist) {
-  if (!opt_tagWhitelist) {
+soy.$$stripHtmlTags = function(value, opt_tagAllowList) {
+  if (!opt_tagAllowList) {
     // If we have no white-list, then use a fast track which elides all tags.
     return String(value)
         .replace(soy.esc.$$HTML_TAG_REGEX_, '')
@@ -952,7 +952,7 @@ soy.$$stripHtmlTags = function(value, opt_tagWhitelist) {
   // have been removed.
   var html = String(value).replace(/\[/g, '&#91;');
 
-  // Consider all uses of '<' and replace whitelisted tags with markers like
+  // Consider all uses of '<' and replace allow-listed tags with markers like
   // [1] which are indices into a list of approved tag names.
   // Replace all other uses of < and > with entities.
   var tags = [];
@@ -960,8 +960,8 @@ soy.$$stripHtmlTags = function(value, opt_tagWhitelist) {
   html = html.replace(soy.esc.$$HTML_TAG_REGEX_, function(tok, tagName) {
     if (tagName) {
       tagName = tagName.toLowerCase();
-      if (opt_tagWhitelist.hasOwnProperty(tagName) &&
-          opt_tagWhitelist[tagName]) {
+      if (opt_tagAllowList.hasOwnProperty(tagName) &&
+          opt_tagAllowList[tagName]) {
         var isClose = tok.charAt(1) == '/';
         var index = tags.length;
         var start = '</';
@@ -2433,7 +2433,7 @@ soy.esc.$$LT_REGEX_ = /</g;
  *
  * @private {!Object<string, boolean>}
  */
-soy.esc.$$SAFE_TAG_WHITELIST_ = {
+soy.esc.$$SAFE_TAG_ALLOW_LIST_ = {
   'b': true,
   'br': true,
   'em': true,
diff --git a/core/src/main/resources/google/registry/ui/soy/registrar/OteSetupConsole.soy b/core/src/main/resources/google/registry/ui/soy/registrar/OteSetupConsole.soy
index f2a1af31d..ab852a317 100644
--- a/core/src/main/resources/google/registry/ui/soy/registrar/OteSetupConsole.soy
+++ b/core/src/main/resources/google/registry/ui/soy/registrar/OteSetupConsole.soy
@@ -89,7 +89,7 @@
           </td>
       </table>
       Gave <label>{$contactEmail}</label> web-console access to these registrars.
-      <h1>Don't forget to set the <label>Certificate</label> and <label>IP-whitelist</label> for these Registrars!</h1>
+      <h1>Don't forget to set the <label>Certificate</label> and <label>IP allow list</label> for these Registrars!</h1>
       Links to the security page for your convenience:<br>
       {for $clientId in mapKeys($clientIdToTld)}
         <a href="/registrar?clientId={$clientId}#security-settings" target="_blank">{$clientId}</a><br>
diff --git a/core/src/main/resources/google/registry/ui/soy/registrar/RegistrarCreateConsole.soy b/core/src/main/resources/google/registry/ui/soy/registrar/RegistrarCreateConsole.soy
index b86428d14..587b35067 100644
--- a/core/src/main/resources/google/registry/ui/soy/registrar/RegistrarCreateConsole.soy
+++ b/core/src/main/resources/google/registry/ui/soy/registrar/RegistrarCreateConsole.soy
@@ -132,7 +132,7 @@
             <a href="/registrar?clientId={$clientId}#whois-settings" target="_blank">WHOIS page</a>
           <li>allowed TLDs on the {sp}
             <a href="/registrar?clientId={$clientId}#admin-settings" target="_blank">admin page</a>
-          <li>certificate, IP whitelist on the {sp}
+          <li>certificate, IP allow list on the {sp}
             <a href="/registrar?clientId={$clientId}#security-settings" target="_blank">security page</a>
         </ol>
       </span>
diff --git a/core/src/main/resources/google/registry/ui/soy/registrar/SecuritySettings.soy b/core/src/main/resources/google/registry/ui/soy/registrar/SecuritySettings.soy
index 42bff7223..0308003b2 100644
--- a/core/src/main/resources/google/registry/ui/soy/registrar/SecuritySettings.soy
+++ b/core/src/main/resources/google/registry/ui/soy/registrar/SecuritySettings.soy
@@ -17,7 +17,7 @@
 
 /** Registrar security settings page for view and edit. */
 {template .settings}
-  {@param ipAddressWhitelist: list<string>}
+  {@param ipAddressAllowList: list<string>}
   {@param? phonePasscode: string}
   {@param? clientCertificate: string}
   {@param? clientCertificateHash: string}
@@ -36,7 +36,7 @@
 
       <tr class="{css('kd-settings-pane-section')}">
         <td>
-          <label class="{css('setting-label')}">IP whitelist</label>
+          <label class="{css('setting-label')}">IP allow list</label>
           <span class="{css('description')}">Restrict access to EPP
             production servers to the following IP/IPv6 addresses, or
             ranges like 1.1.1.0/24</span>
@@ -44,9 +44,9 @@
         <td class="{css('setting')}">
           <div class="{css('info')} {css('summary')}">
             <div id="ips">
-              {for $ip in $ipAddressWhitelist}
+              {for $ip in $ipAddressAllowList}
                 {call .ip}
-                  {param name: 'ipAddressWhitelist[' + index($ip) + ']' /}
+                  {param name: 'ipAddressAllowList[' + index($ip) + ']' /}
                   {param ip: $ip /}
                 {/call}
               {/for}
diff --git a/core/src/test/java/google/registry/batch/ExpandRecurringBillingEventsActionTest.java b/core/src/test/java/google/registry/batch/ExpandRecurringBillingEventsActionTest.java
index 0c536a8aa..fab6c43d5 100644
--- a/core/src/test/java/google/registry/batch/ExpandRecurringBillingEventsActionTest.java
+++ b/core/src/test/java/google/registry/batch/ExpandRecurringBillingEventsActionTest.java
@@ -90,16 +90,17 @@ public class ExpandRecurringBillingEventsActionTest
     domain = persistResource(newDomainBase("example.tld").asBuilder()
         .setCreationTimeForTest(DateTime.parse("1999-01-05T00:00:00Z")).build());
     historyEntry = persistResource(new HistoryEntry.Builder().setParent(domain).build());
-    recurring = new BillingEvent.Recurring.Builder()
-        .setParent(historyEntry)
-        .setClientId(domain.getCreationClientId())
-        .setEventTime(DateTime.parse("2000-01-05T00:00:00Z"))
-        .setFlags(ImmutableSet.of(Flag.AUTO_RENEW))
-        .setId(2L)
-        .setReason(Reason.RENEW)
-        .setRecurrenceEndTime(END_OF_TIME)
-        .setTargetId(domain.getDomainName())
-        .build();
+    recurring =
+        new BillingEvent.Recurring.Builder()
+            .setParent(historyEntry)
+            .setClientId(domain.getCreationClientId())
+            .setEventTime(DateTime.parse("2000-01-05T00:00:00Z"))
+            .setFlags(ImmutableSet.of(Flag.AUTO_RENEW))
+            .setId(2L)
+            .setReason(Reason.RENEW)
+            .setRecurrenceEndTime(END_OF_TIME)
+            .setTargetId(domain.getDomainName())
+            .build();
   }
 
   private void saveCursor(final DateTime cursorTime) {
@@ -179,26 +180,29 @@ public class ExpandRecurringBillingEventsActionTest
     DateTime deletionTime = DateTime.parse("2000-08-01T00:00:00Z");
     DomainBase deletedDomain = persistDeletedDomain("deleted.tld", deletionTime);
     historyEntry = persistResource(new HistoryEntry.Builder().setParent(deletedDomain).build());
-    recurring = persistResource(new BillingEvent.Recurring.Builder()
-        .setParent(historyEntry)
-        .setClientId(deletedDomain.getCreationClientId())
-        .setEventTime(DateTime.parse("2000-01-05T00:00:00Z"))
-        .setFlags(ImmutableSet.of(Flag.AUTO_RENEW))
-        .setId(2L)
-        .setReason(Reason.RENEW)
-        .setRecurrenceEndTime(deletionTime)
-        .setTargetId(deletedDomain.getDomainName())
-        .build());
+    recurring =
+        persistResource(
+            new BillingEvent.Recurring.Builder()
+                .setParent(historyEntry)
+                .setClientId(deletedDomain.getCreationClientId())
+                .setEventTime(DateTime.parse("2000-01-05T00:00:00Z"))
+                .setFlags(ImmutableSet.of(Flag.AUTO_RENEW))
+                .setId(2L)
+                .setReason(Reason.RENEW)
+                .setRecurrenceEndTime(deletionTime)
+                .setTargetId(deletedDomain.getDomainName())
+                .build());
     action.cursorTimeParam = Optional.of(START_OF_TIME);
     runMapreduce();
     HistoryEntry persistedEntry = getOnlyHistoryEntryOfType(deletedDomain, DOMAIN_AUTORENEW);
     assertHistoryEntryMatches(
         deletedDomain, persistedEntry, "TheRegistrar", DateTime.parse("2000-02-19T00:00:00Z"),
         true);
-    BillingEvent.OneTime expected = defaultOneTimeBuilder()
-        .setParent(persistedEntry)
-        .setTargetId(deletedDomain.getDomainName())
-        .build();
+    BillingEvent.OneTime expected =
+        defaultOneTimeBuilder()
+            .setParent(persistedEntry)
+            .setTargetId(deletedDomain.getDomainName())
+            .build();
     assertBillingEventsForResource(deletedDomain, expected, recurring);
     assertCursorAt(beginningOfTest);
   }
diff --git a/core/src/test/java/google/registry/export/sheet/SyncRegistrarsSheetTest.java b/core/src/test/java/google/registry/export/sheet/SyncRegistrarsSheetTest.java
index fd0899ec3..8c7e10d2e 100644
--- a/core/src/test/java/google/registry/export/sheet/SyncRegistrarsSheetTest.java
+++ b/core/src/test/java/google/registry/export/sheet/SyncRegistrarsSheetTest.java
@@ -282,7 +282,7 @@ public class SyncRegistrarsSheetTest {
     assertThat(row.get("lastUpdateTime")).isEqualTo(beforeExecution.toString());
     assertThat(row).containsEntry("allowedTlds", "example");
     assertThat(row).containsEntry("blockPremiumNames", "false");
-    assertThat(row).containsEntry("ipAddressWhitelist", "");
+    assertThat(row).containsEntry("ipAddressAllowList", "");
     assertThat(row).containsEntry("url", "http://www.example.org/aaa_registrar");
     assertThat(row).containsEntry("icannReferralEmail", "");
     assertThat(row).containsEntry("whoisServer", getDefaultRegistrarWhoisServer());
@@ -317,7 +317,7 @@ public class SyncRegistrarsSheetTest {
     assertThat(row).containsEntry("allowedTlds", "");
     assertThat(row).containsEntry("whoisServer", "whois.example.com");
     assertThat(row).containsEntry("blockPremiumNames", "false");
-    assertThat(row).containsEntry("ipAddressWhitelist", "");
+    assertThat(row).containsEntry("ipAddressAllowList", "");
     assertThat(row).containsEntry("url", "http://www.example.org/another_registrar");
     assertThat(row).containsEntry("referralUrl", "http://www.example.org/another_registrar");
     assertThat(row).containsEntry("icannReferralEmail", "jim@example.net");
@@ -361,7 +361,7 @@ public class SyncRegistrarsSheetTest {
     assertThat(row).containsEntry("allowedTlds", "");
     assertThat(row).containsEntry("whoisServer", getDefaultRegistrarWhoisServer());
     assertThat(row).containsEntry("blockPremiumNames", "false");
-    assertThat(row).containsEntry("ipAddressWhitelist", "");
+    assertThat(row).containsEntry("ipAddressAllowList", "");
     assertThat(row).containsEntry("url", "");
     assertThat(row).containsEntry("referralUrl", "");
     assertThat(row).containsEntry("icannReferralEmail", "");
diff --git a/core/src/test/java/google/registry/flows/domain/DomainCreateFlowTest.java b/core/src/test/java/google/registry/flows/domain/DomainCreateFlowTest.java
index 52e33a9fe..18769a57a 100644
--- a/core/src/test/java/google/registry/flows/domain/DomainCreateFlowTest.java
+++ b/core/src/test/java/google/registry/flows/domain/DomainCreateFlowTest.java
@@ -117,7 +117,7 @@ import google.registry.flows.domain.DomainFlowUtils.MissingContactTypeException;
 import google.registry.flows.domain.DomainFlowUtils.MissingRegistrantException;
 import google.registry.flows.domain.DomainFlowUtils.MissingTechnicalContactException;
 import google.registry.flows.domain.DomainFlowUtils.NameserversNotAllowedForTldException;
-import google.registry.flows.domain.DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverWhitelistException;
+import google.registry.flows.domain.DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverAllowListException;
 import google.registry.flows.domain.DomainFlowUtils.NotAuthorizedForTldException;
 import google.registry.flows.domain.DomainFlowUtils.PremiumNameBlockedException;
 import google.registry.flows.domain.DomainFlowUtils.RegistrantNotAllowedException;
@@ -1445,10 +1445,7 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
             .setResponseData(
                 ImmutableList.of(
                     DomainPendingActionNotificationResponse.create(
-                        domain.getDomainName(),
-                        true,
-                        historyEntry.getTrid(),
-                        clock.nowUtc())))
+                        domain.getDomainName(), true, historyEntry.getTrid(), clock.nowUtc())))
             .setId(1L)
             .build());
   }
@@ -2019,7 +2016,7 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
   }
 
   @Test
-  public void testFailure_registrantNotWhitelisted() {
+  public void testFailure_registrantNotAllowListed() {
     persistActiveContact("someone");
     persistContactsAndHosts();
     persistResource(
@@ -2033,7 +2030,7 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
   }
 
   @Test
-  public void testFailure_nameserverNotWhitelisted() {
+  public void testFailure_nameserverNotAllowListed() {
     persistContactsAndHosts();
     persistResource(
         Registry.get("tld")
@@ -2046,7 +2043,7 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
   }
 
   @Test
-  public void testFailure_emptyNameserverFailsWhitelist() {
+  public void testFailure_emptyNameserverFailsAllowList() {
     setEppInput("domain_create_no_hosts_or_dsdata.xml", ImmutableMap.of("DOMAIN", "example.tld"));
     persistResource(
         Registry.get("tld")
@@ -2056,12 +2053,12 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
     persistContactsAndHosts();
     EppException thrown =
         assertThrows(
-            NameserversNotSpecifiedForTldWithNameserverWhitelistException.class, this::runFlow);
+            NameserversNotSpecifiedForTldWithNameserverAllowListException.class, this::runFlow);
     assertAboutEppExceptions().that(thrown).marshalsToXml();
   }
 
   @Test
-  public void testSuccess_nameserverAndRegistrantWhitelisted() throws Exception {
+  public void testSuccess_nameserverAndRegistrantAllowListed() throws Exception {
     persistResource(
         Registry.get("tld")
             .asBuilder()
diff --git a/core/src/test/java/google/registry/flows/domain/DomainDeleteFlowTest.java b/core/src/test/java/google/registry/flows/domain/DomainDeleteFlowTest.java
index 7734ce44e..d6d84cbd2 100644
--- a/core/src/test/java/google/registry/flows/domain/DomainDeleteFlowTest.java
+++ b/core/src/test/java/google/registry/flows/domain/DomainDeleteFlowTest.java
@@ -781,8 +781,7 @@ public class DomainDeleteFlowTest extends ResourceFlowTestCase<DomainDeleteFlow,
                 .asBuilder()
                 .setSuperordinateDomain(reloadResourceByForeignKey().createVKey())
                 .build());
-    persistResource(
-        domain.asBuilder().addSubordinateHost(subordinateHost.getHostName()).build());
+    persistResource(domain.asBuilder().addSubordinateHost(subordinateHost.getHostName()).build());
     EppException thrown = assertThrows(DomainToDeleteHasHostsException.class, this::runFlow);
     assertAboutEppExceptions().that(thrown).marshalsToXml();
   }
diff --git a/core/src/test/java/google/registry/flows/domain/DomainInfoFlowTest.java b/core/src/test/java/google/registry/flows/domain/DomainInfoFlowTest.java
index 2861ec671..0405f19d6 100644
--- a/core/src/test/java/google/registry/flows/domain/DomainInfoFlowTest.java
+++ b/core/src/test/java/google/registry/flows/domain/DomainInfoFlowTest.java
@@ -137,9 +137,7 @@ public class DomainInfoFlowTest extends ResourceFlowTestCase<DomainInfoFlow, Dom
         persistResource(
             domain
                 .asBuilder()
-                .setSubordinateHosts(
-                    ImmutableSet.of(
-                        host1.getHostName(), host3.getHostName()))
+                .setSubordinateHosts(ImmutableSet.of(host1.getHostName(), host3.getHostName()))
                 .build());
   }
 
diff --git a/core/src/test/java/google/registry/flows/domain/DomainTransferFlowTestCase.java b/core/src/test/java/google/registry/flows/domain/DomainTransferFlowTestCase.java
index 956443883..950660392 100644
--- a/core/src/test/java/google/registry/flows/domain/DomainTransferFlowTestCase.java
+++ b/core/src/test/java/google/registry/flows/domain/DomainTransferFlowTestCase.java
@@ -120,10 +120,7 @@ public class DomainTransferFlowTestCase<F extends Flow, R extends EppResource>
                 .build());
     domain =
         persistResource(
-            domain
-                .asBuilder()
-                .addSubordinateHost(subordinateHost.getHostName())
-                .build());
+            domain.asBuilder().addSubordinateHost(subordinateHost.getHostName()).build());
     historyEntryDomainCreate = getOnlyHistoryEntryOfType(domain, DOMAIN_CREATE);
   }
 
diff --git a/core/src/test/java/google/registry/flows/domain/DomainUpdateFlowTest.java b/core/src/test/java/google/registry/flows/domain/DomainUpdateFlowTest.java
index 5f3fcb3c1..a0efcc1f1 100644
--- a/core/src/test/java/google/registry/flows/domain/DomainUpdateFlowTest.java
+++ b/core/src/test/java/google/registry/flows/domain/DomainUpdateFlowTest.java
@@ -67,7 +67,7 @@ import google.registry.flows.domain.DomainFlowUtils.MissingContactTypeException;
 import google.registry.flows.domain.DomainFlowUtils.MissingRegistrantException;
 import google.registry.flows.domain.DomainFlowUtils.MissingTechnicalContactException;
 import google.registry.flows.domain.DomainFlowUtils.NameserversNotAllowedForTldException;
-import google.registry.flows.domain.DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverWhitelistException;
+import google.registry.flows.domain.DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverAllowListException;
 import google.registry.flows.domain.DomainFlowUtils.NotAuthorizedForTldException;
 import google.registry.flows.domain.DomainFlowUtils.RegistrantNotAllowedException;
 import google.registry.flows.domain.DomainFlowUtils.SecDnsAllUsageException;
@@ -1156,7 +1156,7 @@ public class DomainUpdateFlowTest extends ResourceFlowTestCase<DomainUpdateFlow,
   }
 
   @Test
-  public void testFailure_newRegistrantNotWhitelisted() throws Exception {
+  public void testFailure_newRegistrantNotAllowListed() throws Exception {
     persistReferencedEntities();
     persistDomain();
     persistResource(
@@ -1186,11 +1186,11 @@ public class DomainUpdateFlowTest extends ResourceFlowTestCase<DomainUpdateFlow,
   }
 
   @Test
-  public void testSuccess_newNameserverWhitelisted() throws Exception {
+  public void testSuccess_newNameserverAllowListed() throws Exception {
     setEppInput("domain_update_add_nameserver.xml");
     persistReferencedEntities();
     persistDomain();
-    // No registrant is given but both nameserver and registrant whitelist exist.
+    // No registrant is given but both nameserver and registrant allow list exist.
     persistResource(
         Registry.get("tld")
             .asBuilder()
@@ -1212,11 +1212,11 @@ public class DomainUpdateFlowTest extends ResourceFlowTestCase<DomainUpdateFlow,
   }
 
   @Test
-  public void testSuccess_changeRegistrantWhitelisted() throws Exception {
+  public void testSuccess_changeRegistrantAllowListed() throws Exception {
     setEppInput("domain_update_registrant.xml");
     persistReferencedEntities();
     persistDomain();
-    // Only changes registrant, with both nameserver and registrant whitelist on the TLD.
+    // Only changes registrant, with both nameserver and registrant allow list on the TLD.
     persistResource(
         Registry.get("tld")
             .asBuilder()
@@ -1256,7 +1256,7 @@ public class DomainUpdateFlowTest extends ResourceFlowTestCase<DomainUpdateFlow,
   }
 
   @Test
-  public void testSuccess_nameserverAndRegistrantWhitelisted() throws Exception {
+  public void testSuccess_nameserverAndRegistrantAllowListed() throws Exception {
     persistReferencedEntities();
     persistDomain();
     persistResource(
@@ -1269,7 +1269,7 @@ public class DomainUpdateFlowTest extends ResourceFlowTestCase<DomainUpdateFlow,
   }
 
   @Test
-  public void testSuccess_tldWithNameserverWhitelist_removeNameserver() throws Exception {
+  public void testSuccess_tldWithNameserverAllowList_removeNameserver() throws Exception {
     setEppInput("domain_update_remove_nameserver.xml");
     persistReferencedEntities();
     persistDomain();
@@ -1301,7 +1301,7 @@ public class DomainUpdateFlowTest extends ResourceFlowTestCase<DomainUpdateFlow,
   }
 
   @Test
-  public void testFailure_tldWithNameserverWhitelist_removeLastNameserver() throws Exception {
+  public void testFailure_tldWithNameserverAllowList_removeLastNameserver() throws Exception {
     persistReferencedEntities();
     persistDomain();
     setEppInput("domain_update_remove_nameserver.xml");
@@ -1312,7 +1312,7 @@ public class DomainUpdateFlowTest extends ResourceFlowTestCase<DomainUpdateFlow,
             .build());
     EppException thrown =
         assertThrows(
-            NameserversNotSpecifiedForTldWithNameserverWhitelistException.class, this::runFlow);
+            NameserversNotSpecifiedForTldWithNameserverAllowListException.class, this::runFlow);
     assertAboutEppExceptions().that(thrown).marshalsToXml();
   }
 
diff --git a/core/src/test/java/google/registry/flows/session/LoginFlowViaTlsTest.java b/core/src/test/java/google/registry/flows/session/LoginFlowViaTlsTest.java
index 4aaaba315..28504631e 100644
--- a/core/src/test/java/google/registry/flows/session/LoginFlowViaTlsTest.java
+++ b/core/src/test/java/google/registry/flows/session/LoginFlowViaTlsTest.java
@@ -42,8 +42,8 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
   protected Registrar.Builder getRegistrarBuilder() {
     return super.getRegistrarBuilder()
         .setClientCertificateHash(GOOD_CERT)
-        .setIpAddressWhitelist(ImmutableList.of(
-            CidrAddressBlock.create(InetAddresses.forString(GOOD_IP.get()), 32)));
+        .setIpAddressAllowList(
+            ImmutableList.of(CidrAddressBlock.create(InetAddresses.forString(GOOD_IP.get()), 32)));
   }
 
   @Test
@@ -57,8 +57,8 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
   public void testSuccess_withGoodCredentialsIpv6() throws Exception {
     persistResource(
         getRegistrarBuilder()
-            .setIpAddressWhitelist(ImmutableList.of(
-                CidrAddressBlock.create("2001:db8:0:0:0:0:1:1/32")))
+            .setIpAddressAllowList(
+                ImmutableList.of(CidrAddressBlock.create("2001:db8:0:0:0:0:1:1/32")))
             .build());
     credentials = new TlsCredentials(true, GOOD_CERT, GOOD_IPV6);
     doSuccessfulTest("login_valid.xml");
@@ -68,8 +68,8 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
   public void testSuccess_withIpv6AddressInSubnet() throws Exception {
     persistResource(
         getRegistrarBuilder()
-            .setIpAddressWhitelist(ImmutableList.of(
-                CidrAddressBlock.create("2001:db8:0:0:0:0:1:1/32")))
+            .setIpAddressAllowList(
+                ImmutableList.of(CidrAddressBlock.create("2001:db8:0:0:0:0:1:1/32")))
             .build());
     credentials = new TlsCredentials(true, GOOD_CERT, GOOD_IPV6);
     doSuccessfulTest("login_valid.xml");
@@ -79,8 +79,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
   public void testSuccess_withIpv4AddressInSubnet() throws Exception {
     persistResource(
         getRegistrarBuilder()
-            .setIpAddressWhitelist(ImmutableList.of(
-                CidrAddressBlock.create("192.168.1.255/24")))
+            .setIpAddressAllowList(ImmutableList.of(CidrAddressBlock.create("192.168.1.255/24")))
             .build());
     credentials = new TlsCredentials(true, GOOD_CERT, GOOD_IP);
     doSuccessfulTest("login_valid.xml");
@@ -104,9 +103,10 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
   public void testFailure_missingClientIpAddress() {
     persistResource(
         getRegistrarBuilder()
-            .setIpAddressWhitelist(ImmutableList.of(
-                CidrAddressBlock.create(InetAddresses.forString("192.168.1.1"), 32),
-                CidrAddressBlock.create(InetAddresses.forString("2001:db8::1"), 128)))
+            .setIpAddressAllowList(
+                ImmutableList.of(
+                    CidrAddressBlock.create(InetAddresses.forString("192.168.1.1"), 32),
+                    CidrAddressBlock.create(InetAddresses.forString("2001:db8::1"), 128)))
             .build());
     credentials = new TlsCredentials(true, GOOD_CERT, Optional.empty());
     doFailingTest("login_valid.xml", BadRegistrarIpAddressException.class);
@@ -116,9 +116,10 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
   public void testFailure_incorrectClientIpv4Address() {
     persistResource(
         getRegistrarBuilder()
-            .setIpAddressWhitelist(ImmutableList.of(
-                CidrAddressBlock.create(InetAddresses.forString("192.168.1.1"), 32),
-                CidrAddressBlock.create(InetAddresses.forString("2001:db8::1"), 128)))
+            .setIpAddressAllowList(
+                ImmutableList.of(
+                    CidrAddressBlock.create(InetAddresses.forString("192.168.1.1"), 32),
+                    CidrAddressBlock.create(InetAddresses.forString("2001:db8::1"), 128)))
             .build());
     credentials = new TlsCredentials(true, GOOD_CERT, BAD_IP);
     doFailingTest("login_valid.xml", BadRegistrarIpAddressException.class);
@@ -128,9 +129,10 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
   public void testFailure_incorrectClientIpv6Address() {
     persistResource(
         getRegistrarBuilder()
-            .setIpAddressWhitelist(ImmutableList.of(
-                CidrAddressBlock.create(InetAddresses.forString("192.168.1.1"), 32),
-                CidrAddressBlock.create(InetAddresses.forString("2001:db8::1"), 128)))
+            .setIpAddressAllowList(
+                ImmutableList.of(
+                    CidrAddressBlock.create(InetAddresses.forString("192.168.1.1"), 32),
+                    CidrAddressBlock.create(InetAddresses.forString("2001:db8::1"), 128)))
             .build());
     credentials = new TlsCredentials(true, GOOD_CERT, BAD_IPV6);
     doFailingTest("login_valid.xml", BadRegistrarIpAddressException.class);
diff --git a/core/src/test/java/google/registry/model/OteAccountBuilderTest.java b/core/src/test/java/google/registry/model/OteAccountBuilderTest.java
index 6021cc87a..9265e5755 100644
--- a/core/src/test/java/google/registry/model/OteAccountBuilderTest.java
+++ b/core/src/test/java/google/registry/model/OteAccountBuilderTest.java
@@ -181,12 +181,12 @@ public final class OteAccountBuilderTest {
   }
 
   @Test
-  public void testCreateOteEntities_setIpWhitelist() {
+  public void testCreateOteEntities_setIpAllowList() {
     OteAccountBuilder.forClientId("myclientid")
-        .setIpWhitelist(ImmutableList.of("1.1.1.0/24"))
+        .setIpAllowList(ImmutableList.of("1.1.1.0/24"))
         .buildAndPersist();
 
-    assertThat(Registrar.loadByClientId("myclientid-3").get().getIpAddressWhitelist())
+    assertThat(Registrar.loadByClientId("myclientid-3").get().getIpAddressAllowList())
         .containsExactly(CidrAddressBlock.create("1.1.1.0/24"));
   }
 
diff --git a/core/src/test/java/google/registry/model/domain/DomainBaseTest.java b/core/src/test/java/google/registry/model/domain/DomainBaseTest.java
index a02f56823..dfb492da0 100644
--- a/core/src/test/java/google/registry/model/domain/DomainBaseTest.java
+++ b/core/src/test/java/google/registry/model/domain/DomainBaseTest.java
@@ -610,8 +610,7 @@ public class DomainBaseTest extends EntityTestCase {
   public void testFailure_uppercaseDomainName() {
     IllegalArgumentException thrown =
         assertThrows(
-            IllegalArgumentException.class,
-            () -> domain.asBuilder().setDomainName("AAA.BBB"));
+            IllegalArgumentException.class, () -> domain.asBuilder().setDomainName("AAA.BBB"));
     assertThat(thrown)
         .hasMessageThat()
         .contains("Domain name must be in puny-coded, lower-case form");
@@ -621,8 +620,7 @@ public class DomainBaseTest extends EntityTestCase {
   public void testFailure_utf8DomainName() {
     IllegalArgumentException thrown =
         assertThrows(
-            IllegalArgumentException.class,
-            () -> domain.asBuilder().setDomainName("みんな.みんな"));
+            IllegalArgumentException.class, () -> domain.asBuilder().setDomainName("みんな.みんな"));
     assertThat(thrown)
         .hasMessageThat()
         .contains("Domain name must be in puny-coded, lower-case form");
diff --git a/core/src/test/java/google/registry/model/history/HostHistoryTest.java b/core/src/test/java/google/registry/model/history/HostHistoryTest.java
index 5d47c9c3a..bafb04149 100644
--- a/core/src/test/java/google/registry/model/history/HostHistoryTest.java
+++ b/core/src/test/java/google/registry/model/history/HostHistoryTest.java
@@ -81,7 +81,6 @@ public class HostHistoryTest extends EntityTestCase {
     assertThat(one.getReason()).isEqualTo(two.getReason());
     assertThat(one.getTrid()).isEqualTo(two.getTrid());
     assertThat(one.getType()).isEqualTo(two.getType());
-    assertThat(one.getHostBase().getHostName())
-        .isEqualTo(two.getHostBase().getHostName());
+    assertThat(one.getHostBase().getHostName()).isEqualTo(two.getHostBase().getHostName());
   }
 }
diff --git a/core/src/test/java/google/registry/model/host/HostResourceTest.java b/core/src/test/java/google/registry/model/host/HostResourceTest.java
index f4fdc6468..7891de0b5 100644
--- a/core/src/test/java/google/registry/model/host/HostResourceTest.java
+++ b/core/src/test/java/google/registry/model/host/HostResourceTest.java
@@ -171,8 +171,7 @@ public class HostResourceTest extends EntityTestCase {
   public void testFailure_uppercaseHostName() {
     IllegalArgumentException thrown =
         assertThrows(
-            IllegalArgumentException.class,
-            () -> host.asBuilder().setHostName("AAA.BBB.CCC"));
+            IllegalArgumentException.class, () -> host.asBuilder().setHostName("AAA.BBB.CCC"));
     assertThat(thrown)
         .hasMessageThat()
         .contains("Host name must be in puny-coded, lower-case form");
@@ -182,8 +181,7 @@ public class HostResourceTest extends EntityTestCase {
   public void testFailure_utf8HostName() {
     IllegalArgumentException thrown =
         assertThrows(
-            IllegalArgumentException.class,
-            () -> host.asBuilder().setHostName("みんな.みんな.みんな"));
+            IllegalArgumentException.class, () -> host.asBuilder().setHostName("みんな.みんな.みんな"));
     assertThat(thrown)
         .hasMessageThat()
         .contains("Host name must be in puny-coded, lower-case form");
diff --git a/core/src/test/java/google/registry/model/registrar/RegistrarTest.java b/core/src/test/java/google/registry/model/registrar/RegistrarTest.java
index aa80fca1b..1191f05e5 100644
--- a/core/src/test/java/google/registry/model/registrar/RegistrarTest.java
+++ b/core/src/test/java/google/registry/model/registrar/RegistrarTest.java
@@ -67,7 +67,7 @@ public class RegistrarTest extends EntityTestCase {
                 .setWhoisServer("whois.example.com")
                 .setBlockPremiumNames(true)
                 .setClientCertificate(SAMPLE_CERT, fakeClock.nowUtc())
-                .setIpAddressWhitelist(
+                .setIpAddressAllowList(
                     ImmutableList.of(
                         CidrAddressBlock.create("192.168.1.1/31"),
                         CidrAddressBlock.create("10.0.0.1/8")))
diff --git a/core/src/test/java/google/registry/model/translators/VKeyTranslatorFactoryTest.java b/core/src/test/java/google/registry/model/translators/VKeyTranslatorFactoryTest.java
index 7d08920de..d9dc30fe5 100644
--- a/core/src/test/java/google/registry/model/translators/VKeyTranslatorFactoryTest.java
+++ b/core/src/test/java/google/registry/model/translators/VKeyTranslatorFactoryTest.java
@@ -28,10 +28,8 @@ import org.junit.jupiter.api.extension.RegisterExtension;
 
 public class VKeyTranslatorFactoryTest {
 
-  @RegisterExtension public final AppEngineRule appEngine =
-      AppEngineRule.builder()
-          .withDatastore()
-          .build();
+  @RegisterExtension
+  public final AppEngineRule appEngine = AppEngineRule.builder().withDatastore().build();
 
   public VKeyTranslatorFactoryTest() {}
 
diff --git a/core/src/test/java/google/registry/rdap/UpdateRegistrarRdapBaseUrlsActionTest.java b/core/src/test/java/google/registry/rdap/UpdateRegistrarRdapBaseUrlsActionTest.java
index d9857b20d..0db6ca7da 100644
--- a/core/src/test/java/google/registry/rdap/UpdateRegistrarRdapBaseUrlsActionTest.java
+++ b/core/src/test/java/google/registry/rdap/UpdateRegistrarRdapBaseUrlsActionTest.java
@@ -321,8 +321,7 @@ public final class UpdateRegistrarRdapBaseUrlsActionTest extends ShardableTestCa
     MockLowLevelHttpResponse loginResponse = new MockLowLevelHttpResponse();
     loginResponse.addHeader(
         "Set-Cookie",
-        "JSESSIONID=bogusid; "
-            + "Expires=Tue, 11-Jun-2019 16:34:21 GMT; Path=/; Secure; HttpOnly");
+        "JSESSIONID=bogusid; " + "Expires=Tue, 11-Jun-2019 16:34:21 GMT; Path=/; Secure; HttpOnly");
     loginResponse.addHeader(
         "Set-Cookie",
         "id=myAuthenticationId; "
diff --git a/core/src/test/java/google/registry/reporting/icann/IcannReportingUploadActionTest.java b/core/src/test/java/google/registry/reporting/icann/IcannReportingUploadActionTest.java
index 9a83641ce..4b02a1d46 100644
--- a/core/src/test/java/google/registry/reporting/icann/IcannReportingUploadActionTest.java
+++ b/core/src/test/java/google/registry/reporting/icann/IcannReportingUploadActionTest.java
@@ -256,7 +256,7 @@ public class IcannReportingUploadActionTest {
   }
 
   @Test
-  public void testFailure_quicklySkipsOverIpWhitelistException() throws Exception {
+  public void testFailure_quicklySkipsOverIpAllowListException() throws Exception {
     runTest_nonRetryableException(
         new IOException("Your IP address 25.147.130.158 is not allowed to connect"));
   }
diff --git a/core/src/test/java/google/registry/testing/DatastoreHelper.java b/core/src/test/java/google/registry/testing/DatastoreHelper.java
index 87eadd6c3..fdbe52f55 100644
--- a/core/src/test/java/google/registry/testing/DatastoreHelper.java
+++ b/core/src/test/java/google/registry/testing/DatastoreHelper.java
@@ -156,9 +156,10 @@ public class DatastoreHelper {
         .setCreationTimeForTest(START_OF_TIME)
         .setAuthInfo(DomainAuthInfo.create(PasswordAuth.create("2fooBAR")))
         .setRegistrant(contactKey)
-        .setContacts(ImmutableSet.of(
-            DesignatedContact.create(Type.ADMIN, contactKey),
-            DesignatedContact.create(Type.TECH, contactKey)))
+        .setContacts(
+            ImmutableSet.of(
+                DesignatedContact.create(Type.ADMIN, contactKey),
+                DesignatedContact.create(Type.TECH, contactKey)))
         .setRegistrationExpirationTime(END_OF_TIME)
         .build();
   }
@@ -564,25 +565,27 @@ public class DatastoreHelper {
             historyEntryDomainTransfer,
             requestTime,
             expirationTime));
-    BillingEvent.Recurring gainingClientAutorenewEvent = persistResource(
-        new BillingEvent.Recurring.Builder()
-            .setFlags(ImmutableSet.of(Flag.AUTO_RENEW))
-            .setReason(Reason.RENEW)
-            .setTargetId(domain.getDomainName())
-            .setClientId("NewRegistrar")
-            .setEventTime(extendedRegistrationExpirationTime)
-            .setRecurrenceEndTime(END_OF_TIME)
-            .setParent(historyEntryDomainTransfer)
-            .build());
-    PollMessage.Autorenew gainingClientAutorenewPollMessage = persistResource(
-        new PollMessage.Autorenew.Builder()
-            .setTargetId(domain.getDomainName())
-            .setClientId("NewRegistrar")
-            .setEventTime(extendedRegistrationExpirationTime)
-            .setAutorenewEndTime(END_OF_TIME)
-            .setMsg("Domain was auto-renewed.")
-            .setParent(historyEntryDomainTransfer)
-            .build());
+    BillingEvent.Recurring gainingClientAutorenewEvent =
+        persistResource(
+            new BillingEvent.Recurring.Builder()
+                .setFlags(ImmutableSet.of(Flag.AUTO_RENEW))
+                .setReason(Reason.RENEW)
+                .setTargetId(domain.getDomainName())
+                .setClientId("NewRegistrar")
+                .setEventTime(extendedRegistrationExpirationTime)
+                .setRecurrenceEndTime(END_OF_TIME)
+                .setParent(historyEntryDomainTransfer)
+                .build());
+    PollMessage.Autorenew gainingClientAutorenewPollMessage =
+        persistResource(
+            new PollMessage.Autorenew.Builder()
+                .setTargetId(domain.getDomainName())
+                .setClientId("NewRegistrar")
+                .setEventTime(extendedRegistrationExpirationTime)
+                .setAutorenewEndTime(END_OF_TIME)
+                .setMsg("Domain was auto-renewed.")
+                .setParent(historyEntryDomainTransfer)
+                .build());
     // Modify the existing autorenew event to reflect the pending transfer.
     persistResource(
         ofy().load().key(domain.getAutorenewBillingEvent()).now().asBuilder()
diff --git a/core/src/test/java/google/registry/testing/DomainBaseSubject.java b/core/src/test/java/google/registry/testing/DomainBaseSubject.java
index ac00e0ad4..35198e0ef 100644
--- a/core/src/test/java/google/registry/testing/DomainBaseSubject.java
+++ b/core/src/test/java/google/registry/testing/DomainBaseSubject.java
@@ -42,9 +42,7 @@ public final class DomainBaseSubject
 
   public And<DomainBaseSubject> hasFullyQualifiedDomainName(String fullyQualifiedDomainName) {
     return hasValue(
-        fullyQualifiedDomainName,
-        actual.getDomainName(),
-        "has fullyQualifiedDomainName");
+        fullyQualifiedDomainName, actual.getDomainName(), "has fullyQualifiedDomainName");
   }
 
   public And<DomainBaseSubject> hasExactlyDsData(DelegationSignerData... dsData) {
diff --git a/core/src/test/java/google/registry/tools/CreateRegistrarCommandTest.java b/core/src/test/java/google/registry/tools/CreateRegistrarCommandTest.java
index 6d7c9042c..0f2834ce6 100644
--- a/core/src/test/java/google/registry/tools/CreateRegistrarCommandTest.java
+++ b/core/src/test/java/google/registry/tools/CreateRegistrarCommandTest.java
@@ -83,7 +83,7 @@ public class CreateRegistrarCommandTest extends CommandTestCase<CreateRegistrarC
     assertThat(registrar.getIanaIdentifier()).isEqualTo(8);
     assertThat(registrar.getState()).isEqualTo(Registrar.State.ACTIVE);
     assertThat(registrar.getAllowedTlds()).isEmpty();
-    assertThat(registrar.getIpAddressWhitelist()).isEmpty();
+    assertThat(registrar.getIpAddressAllowList()).isEmpty();
     assertThat(registrar.getClientCertificateHash()).isNull();
     assertThat(registrar.getPhonePasscode()).isEqualTo("01234");
     assertThat(registrar.getCreationTime()).isIn(Range.closed(before, after));
@@ -307,13 +307,13 @@ public class CreateRegistrarCommandTest extends CommandTestCase<CreateRegistrarC
   }
 
   @Test
-  public void testSuccess_ipWhitelistFlag() throws Exception {
+  public void testSuccess_ipAllowListFlag() throws Exception {
     runCommandForced(
         "--name=blobio",
         "--password=some_password",
         "--registrar_type=REAL",
         "--iana_id=8",
-        "--ip_whitelist=192.168.1.1,192.168.0.2/16",
+        "--ip_allow_list=192.168.1.1,192.168.0.2/16",
         "--passcode=01234",
         "--icann_referral_email=foo@bar.test",
         "--street=\"123 Fake St\"",
@@ -325,19 +325,19 @@ public class CreateRegistrarCommandTest extends CommandTestCase<CreateRegistrarC
 
     Optional<Registrar> registrar = Registrar.loadByClientId("clientz");
     assertThat(registrar).isPresent();
-    assertThat(registrar.get().getIpAddressWhitelist())
-        .containsExactlyElementsIn(registrar.get().getIpAddressWhitelist())
+    assertThat(registrar.get().getIpAddressAllowList())
+        .containsExactlyElementsIn(registrar.get().getIpAddressAllowList())
         .inOrder();
   }
 
   @Test
-  public void testSuccess_ipWhitelistFlagNull() throws Exception {
+  public void testSuccess_ipAllowListFlagNull() throws Exception {
     runCommandForced(
         "--name=blobio",
         "--password=some_password",
         "--registrar_type=REAL",
         "--iana_id=8",
-        "--ip_whitelist=null",
+        "--ip_allow_list=null",
         "--passcode=01234",
         "--icann_referral_email=foo@bar.test",
         "--street=\"123 Fake St\"",
@@ -349,7 +349,7 @@ public class CreateRegistrarCommandTest extends CommandTestCase<CreateRegistrarC
 
     Optional<Registrar> registrar = Registrar.loadByClientId("clientz");
     assertThat(registrar).isPresent();
-    assertThat(registrar.get().getIpAddressWhitelist()).isEmpty();
+    assertThat(registrar.get().getIpAddressAllowList()).isEmpty();
   }
 
   @Test
@@ -1008,7 +1008,7 @@ public class CreateRegistrarCommandTest extends CommandTestCase<CreateRegistrarC
   }
 
   @Test
-  public void testFailure_invalidIpWhitelistFlag() {
+  public void testFailure_invalidIpAllowListFlag() {
     assertThrows(
         IllegalArgumentException.class,
         () ->
@@ -1017,7 +1017,7 @@ public class CreateRegistrarCommandTest extends CommandTestCase<CreateRegistrarC
                 "--password=some_password",
                 "--registrar_type=REAL",
                 "--iana_id=8",
-                "--ip_whitelist=foobarbaz",
+                "--ip_allow_list=foobarbaz",
                 "--passcode=01234",
                 "--icann_referral_email=foo@bar.test",
                 "--street=\"123 Fake St\"",
@@ -1029,7 +1029,7 @@ public class CreateRegistrarCommandTest extends CommandTestCase<CreateRegistrarC
   }
 
   @Test
-  public void testSuccess_ipWhitelistFlagWithNull() {
+  public void testSuccess_ipAllowListFlagWithNull() {
     assertThrows(
         IllegalArgumentException.class,
         () ->
@@ -1038,7 +1038,7 @@ public class CreateRegistrarCommandTest extends CommandTestCase<CreateRegistrarC
                 "--password=some_password",
                 "--registrar_type=REAL",
                 "--iana_id=8",
-                "--ip_whitelist=192.168.1.1,192.168.0.2/16,null",
+                "--ip_allow_list=192.168.1.1,192.168.0.2/16,null",
                 "--passcode=01234",
                 "--icann_referral_email=foo@bar.test",
                 "--street=\"123 Fake St\"",
diff --git a/core/src/test/java/google/registry/tools/LockDomainCommandTest.java b/core/src/test/java/google/registry/tools/LockDomainCommandTest.java
index 65347e8fc..853c02c6c 100644
--- a/core/src/test/java/google/registry/tools/LockDomainCommandTest.java
+++ b/core/src/test/java/google/registry/tools/LockDomainCommandTest.java
@@ -88,10 +88,7 @@ public class LockDomainCommandTest extends CommandTestCase<LockDomainCommand> {
     runCommandForced(
         ImmutableList.<String>builder()
             .add("--client=NewRegistrar")
-            .addAll(
-                domains.stream()
-                    .map(DomainBase::getDomainName)
-                    .collect(Collectors.toList()))
+            .addAll(domains.stream().map(DomainBase::getDomainName).collect(Collectors.toList()))
             .build());
     for (DomainBase domain : domains) {
       assertThat(reloadResource(domain).getStatusValues())
diff --git a/core/src/test/java/google/registry/tools/SetupOteCommandTest.java b/core/src/test/java/google/registry/tools/SetupOteCommandTest.java
index 611a89acd..8eb823734 100644
--- a/core/src/test/java/google/registry/tools/SetupOteCommandTest.java
+++ b/core/src/test/java/google/registry/tools/SetupOteCommandTest.java
@@ -98,7 +98,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
       String registrarName,
       String allowedTld,
       String password,
-      ImmutableList<CidrAddressBlock> ipWhitelist,
+      ImmutableList<CidrAddressBlock> ipAllowList,
       boolean hashOnly) {
     Registrar registrar = loadRegistrar(registrarName);
     assertThat(registrar).isNotNull();
@@ -106,7 +106,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
     assertThat(registrar.getRegistrarName()).isEqualTo(registrarName);
     assertThat(registrar.getState()).isEqualTo(ACTIVE);
     assertThat(registrar.verifyPassword(password)).isTrue();
-    assertThat(registrar.getIpAddressWhitelist()).isEqualTo(ipWhitelist);
+    assertThat(registrar.getIpAddressAllowList()).isEqualTo(ipAllowList);
     assertThat(registrar.getClientCertificateHash()).isEqualTo(SAMPLE_CERT_HASH);
     // If certificate hash is provided, there's no certificate file stored with the registrar.
     if (!hashOnly) {
@@ -118,8 +118,8 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
       String registrarName,
       String allowedTld,
       String password,
-      ImmutableList<CidrAddressBlock> ipWhitelist) {
-    verifyRegistrarCreation(registrarName, allowedTld, password, ipWhitelist, false);
+      ImmutableList<CidrAddressBlock> ipAllowList) {
+    verifyRegistrarCreation(registrarName, allowedTld, password, ipAllowList, false);
   }
 
   private void verifyRegistrarContactCreation(String registrarName, String email) {
@@ -135,7 +135,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
   @Test
   public void testSuccess() throws Exception {
     runCommandForced(
-        "--ip_whitelist=1.1.1.1",
+        "--ip_allow_list=1.1.1.1",
         "--registrar=blobio",
         "--email=contact@email.com",
         "--certfile=" + getCertFilename());
@@ -161,7 +161,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
   @Test
   public void testSuccess_shortRegistrarName() throws Exception {
     runCommandForced(
-        "--ip_whitelist=1.1.1.1",
+        "--ip_allow_list=1.1.1.1",
         "--registrar=abc",
         "--email=abc@email.com",
         "--certfile=" + getCertFilename());
@@ -187,7 +187,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
   @Test
   public void testSuccess_certificateHash() throws Exception {
     runCommandForced(
-        "--ip_whitelist=1.1.1.1",
+        "--ip_allow_list=1.1.1.1",
         "--registrar=blobio",
         "--email=contact@email.com",
         "--certhash=" + SAMPLE_CERT_HASH);
@@ -205,7 +205,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
   @Test
   public void testSuccess_multipleIps() throws Exception {
     runCommandForced(
-        "--ip_whitelist=1.1.1.1,2.2.2.2",
+        "--ip_allow_list=1.1.1.1,2.2.2.2",
         "--registrar=blobio",
         "--email=contact@email.com",
         "--certfile=" + getCertFilename());
@@ -230,7 +230,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
   }
 
   @Test
-  public void testFailure_missingIpWhitelist() {
+  public void testFailure_missingIpAllowList() {
     ParameterException thrown =
         assertThrows(
             ParameterException.class,
@@ -239,7 +239,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
                     "--registrar=blobio",
                     "--email=contact@email.com",
                     "--certfile=" + getCertFilename()));
-    assertThat(thrown).hasMessageThat().contains("option is required: -w, --ip_whitelist");
+    assertThat(thrown).hasMessageThat().contains("option is required: -a, --ip_allow_list");
   }
 
   @Test
@@ -249,7 +249,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
             ParameterException.class,
             () ->
                 runCommandForced(
-                    "--ip_whitelist=1.1.1.1",
+                    "--ip_allow_list=1.1.1.1",
                     "--email=contact@email.com",
                     "--certfile=" + getCertFilename()));
     assertThat(thrown).hasMessageThat().contains("option is required: -r, --registrar");
@@ -262,9 +262,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
             IllegalArgumentException.class,
             () ->
                 runCommandForced(
-                    "--ip_whitelist=1.1.1.1",
-                    "--email=contact@email.com",
-                    "--registrar=blobio"));
+                    "--ip_allow_list=1.1.1.1", "--email=contact@email.com", "--registrar=blobio"));
     assertThat(thrown)
         .hasMessageThat()
         .contains(
@@ -278,7 +276,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
             IllegalArgumentException.class,
             () ->
                 runCommandForced(
-                    "--ip_whitelist=1.1.1.1",
+                    "--ip_allow_list=1.1.1.1",
                     "--email=contact@email.com",
                     "--registrar=blobio",
                     "--certfile=" + getCertFilename(),
@@ -296,7 +294,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
             ParameterException.class,
             () ->
                 runCommandForced(
-                    "--ip_whitelist=1.1.1.1",
+                    "--ip_allow_list=1.1.1.1",
                     "--certfile=" + getCertFilename(),
                     "--registrar=blobio"));
     assertThat(thrown).hasMessageThat().contains("option is required: --email");
@@ -309,7 +307,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
             CertificateParsingException.class,
             () ->
                 runCommandForced(
-                    "--ip_whitelist=1.1.1.1",
+                    "--ip_allow_list=1.1.1.1",
                     "--registrar=blobio",
                     "--email=contact@email.com",
                     "--certfile=/dev/null"));
@@ -323,7 +321,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
             IllegalArgumentException.class,
             () ->
                 runCommandForced(
-                    "--ip_whitelist=1.1.1.1",
+                    "--ip_allow_list=1.1.1.1",
                     "--registrar=3blo-bio",
                     "--email=contact@email.com",
                     "--certfile=" + getCertFilename()));
@@ -337,7 +335,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
             IllegalArgumentException.class,
             () ->
                 runCommandForced(
-                    "--ip_whitelist=1.1.1.1",
+                    "--ip_allow_list=1.1.1.1",
                     "--registrar=bl",
                     "--email=contact@email.com",
                     "--certfile=" + getCertFilename()));
@@ -351,7 +349,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
             IllegalArgumentException.class,
             () ->
                 runCommandForced(
-                    "--ip_whitelist=1.1.1.1",
+                    "--ip_allow_list=1.1.1.1",
                     "--registrar=blobiotoooolong",
                     "--email=contact@email.com",
                     "--certfile=" + getCertFilename()));
@@ -365,7 +363,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
             IllegalArgumentException.class,
             () ->
                 runCommandForced(
-                    "--ip_whitelist=1.1.1.1",
+                    "--ip_allow_list=1.1.1.1",
                     "--registrar=blo#bio",
                     "--email=contact@email.com",
                     "--certfile=" + getCertFilename()));
@@ -380,7 +378,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
             IllegalStateException.class,
             () ->
                 runCommandForced(
-                    "--ip_whitelist=1.1.1.1",
+                    "--ip_allow_list=1.1.1.1",
                     "--registrar=blobio",
                     "--email=contact@email.com",
                     "--certfile=" + getCertFilename()));
@@ -393,7 +391,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
 
     runCommandForced(
         "--overwrite",
-        "--ip_whitelist=1.1.1.1",
+        "--ip_allow_list=1.1.1.1",
         "--registrar=blobio",
         "--email=contact@email.com",
         "--certfile=" + getCertFilename());
@@ -414,7 +412,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
             IllegalStateException.class,
             () ->
                 runCommandForced(
-                    "--ip_whitelist=1.1.1.1",
+                    "--ip_allow_list=1.1.1.1",
                     "--registrar=blobio",
                     "--email=contact@email.com",
                     "--certfile=" + getCertFilename()));
@@ -431,7 +429,7 @@ public class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
 
     runCommandForced(
         "--overwrite",
-        "--ip_whitelist=1.1.1.1",
+        "--ip_allow_list=1.1.1.1",
         "--registrar=blobio",
         "--email=contact@email.com",
         "--certfile=" + getCertFilename());
diff --git a/core/src/test/java/google/registry/tools/UnlockDomainCommandTest.java b/core/src/test/java/google/registry/tools/UnlockDomainCommandTest.java
index 62b452202..9ce5aad4a 100644
--- a/core/src/test/java/google/registry/tools/UnlockDomainCommandTest.java
+++ b/core/src/test/java/google/registry/tools/UnlockDomainCommandTest.java
@@ -99,10 +99,7 @@ public class UnlockDomainCommandTest extends CommandTestCase<UnlockDomainCommand
     runCommandForced(
         ImmutableList.<String>builder()
             .add("--client=NewRegistrar")
-            .addAll(
-                domains.stream()
-                    .map(DomainBase::getDomainName)
-                    .collect(Collectors.toList()))
+            .addAll(domains.stream().map(DomainBase::getDomainName).collect(Collectors.toList()))
             .build());
     for (DomainBase domain : domains) {
       assertThat(reloadResource(domain).getStatusValues()).containsNoneIn(REGISTRY_LOCK_STATUSES);
diff --git a/core/src/test/java/google/registry/tools/UpdateRegistrarCommandTest.java b/core/src/test/java/google/registry/tools/UpdateRegistrarCommandTest.java
index 6f9aa4fe6..c1d679638 100644
--- a/core/src/test/java/google/registry/tools/UpdateRegistrarCommandTest.java
+++ b/core/src/test/java/google/registry/tools/UpdateRegistrarCommandTest.java
@@ -191,43 +191,43 @@ public class UpdateRegistrarCommandTest extends CommandTestCase<UpdateRegistrarC
   }
 
   @Test
-  public void testSuccess_ipWhitelist() throws Exception {
-    assertThat(loadRegistrar("NewRegistrar").getIpAddressWhitelist()).isEmpty();
-    runCommand("--ip_whitelist=192.168.1.1,192.168.0.2/16", "--force", "NewRegistrar");
-    assertThat(loadRegistrar("NewRegistrar").getIpAddressWhitelist())
+  public void testSuccess_ipAllowList() throws Exception {
+    assertThat(loadRegistrar("NewRegistrar").getIpAddressAllowList()).isEmpty();
+    runCommand("--ip_allow_list=192.168.1.1,192.168.0.2/16", "--force", "NewRegistrar");
+    assertThat(loadRegistrar("NewRegistrar").getIpAddressAllowList())
         .containsExactly(
             CidrAddressBlock.create("192.168.1.1"), CidrAddressBlock.create("192.168.0.2/16"))
         .inOrder();
   }
 
   @Test
-  public void testSuccess_clearIpWhitelist_useNull() throws Exception {
+  public void testSuccess_clearIpAllowList_useNull() throws Exception {
     persistResource(
         loadRegistrar("NewRegistrar")
             .asBuilder()
-            .setIpAddressWhitelist(
+            .setIpAddressAllowList(
                 ImmutableList.of(
                     CidrAddressBlock.create("192.168.1.1"),
                     CidrAddressBlock.create("192.168.0.2/16")))
             .build());
-    assertThat(loadRegistrar("NewRegistrar").getIpAddressWhitelist()).isNotEmpty();
-    runCommand("--ip_whitelist=null", "--force", "NewRegistrar");
-    assertThat(loadRegistrar("NewRegistrar").getIpAddressWhitelist()).isEmpty();
+    assertThat(loadRegistrar("NewRegistrar").getIpAddressAllowList()).isNotEmpty();
+    runCommand("--ip_allow_list=null", "--force", "NewRegistrar");
+    assertThat(loadRegistrar("NewRegistrar").getIpAddressAllowList()).isEmpty();
   }
 
   @Test
-  public void testSuccess_clearIpWhitelist_useEmpty() throws Exception {
+  public void testSuccess_clearIpAllowList_useEmpty() throws Exception {
     persistResource(
         loadRegistrar("NewRegistrar")
             .asBuilder()
-            .setIpAddressWhitelist(
+            .setIpAddressAllowList(
                 ImmutableList.of(
                     CidrAddressBlock.create("192.168.1.1"),
                     CidrAddressBlock.create("192.168.0.2/16")))
             .build());
-    assertThat(loadRegistrar("NewRegistrar").getIpAddressWhitelist()).isNotEmpty();
-    runCommand("--ip_whitelist=", "--force", "NewRegistrar");
-    assertThat(loadRegistrar("NewRegistrar").getIpAddressWhitelist()).isEmpty();
+    assertThat(loadRegistrar("NewRegistrar").getIpAddressAllowList()).isNotEmpty();
+    runCommand("--ip_allow_list=", "--force", "NewRegistrar");
+    assertThat(loadRegistrar("NewRegistrar").getIpAddressAllowList()).isEmpty();
   }
 
   @Test
@@ -653,10 +653,10 @@ public class UpdateRegistrarCommandTest extends CommandTestCase<UpdateRegistrarC
   }
 
   @Test
-  public void testFailure_invalidIpWhitelist() {
+  public void testFailure_invalidIpAllowList() {
     assertThrows(
         IllegalArgumentException.class,
-        () -> runCommand("--ip_whitelist=foobarbaz", "--force", "NewRegistrar"));
+        () -> runCommand("--ip_allow_list=foobarbaz", "--force", "NewRegistrar"));
   }
 
   @Test
diff --git a/core/src/test/java/google/registry/tools/ValidateLoginCredentialsCommandTest.java b/core/src/test/java/google/registry/tools/ValidateLoginCredentialsCommandTest.java
index fd319ec44..194929257 100644
--- a/core/src/test/java/google/registry/tools/ValidateLoginCredentialsCommandTest.java
+++ b/core/src/test/java/google/registry/tools/ValidateLoginCredentialsCommandTest.java
@@ -50,7 +50,7 @@ public class ValidateLoginCredentialsCommandTest
             .asBuilder()
             .setPassword(PASSWORD)
             .setClientCertificateHash(CERT_HASH)
-            .setIpAddressWhitelist(ImmutableList.of(new CidrAddressBlock(CLIENT_IP)))
+            .setIpAddressAllowList(ImmutableList.of(new CidrAddressBlock(CLIENT_IP)))
             .setState(ACTIVE)
             .setAllowedTlds(ImmutableSet.of("tld"))
             .build());
diff --git a/core/src/test/java/google/registry/ui/server/registrar/RegistrarSettingsActionTest.java b/core/src/test/java/google/registry/ui/server/registrar/RegistrarSettingsActionTest.java
index 04a1058d3..7bc85857e 100644
--- a/core/src/test/java/google/registry/ui/server/registrar/RegistrarSettingsActionTest.java
+++ b/core/src/test/java/google/registry/ui/server/registrar/RegistrarSettingsActionTest.java
@@ -360,12 +360,12 @@ public class RegistrarSettingsActionTest extends RegistrarSettingsActionTestCase
   }
 
   @Test
-  public void testUpdate_ipAddressWhitelist() {
+  public void testUpdate_ipAddressAllowList() {
     doTestUpdate(
         Role.OWNER,
-        Registrar::getIpAddressWhitelist,
+        Registrar::getIpAddressAllowList,
         ImmutableList.of(CidrAddressBlock.create("1.1.1.0/24")),
-        Registrar.Builder::setIpAddressWhitelist);
+        Registrar.Builder::setIpAddressAllowList);
   }
 
   @Test
diff --git a/core/src/test/java/google/registry/whois/DomainWhoisResponseTest.java b/core/src/test/java/google/registry/whois/DomainWhoisResponseTest.java
index dc828312c..0c462d4e4 100644
--- a/core/src/test/java/google/registry/whois/DomainWhoisResponseTest.java
+++ b/core/src/test/java/google/registry/whois/DomainWhoisResponseTest.java
@@ -85,15 +85,19 @@ public class DomainWhoisResponseTest {
 
     createTld("tld");
 
-    hostResource1 = persistResource(new HostResource.Builder()
-        .setHostName("ns01.exampleregistrar.tld")
-        .setRepoId("1-ROID")
-        .build());
+    hostResource1 =
+        persistResource(
+            new HostResource.Builder()
+                .setHostName("ns01.exampleregistrar.tld")
+                .setRepoId("1-ROID")
+                .build());
 
-    hostResource2 = persistResource(new HostResource.Builder()
-        .setHostName("ns02.exampleregistrar.tld")
-        .setRepoId("2-ROID")
-        .build());
+    hostResource2 =
+        persistResource(
+            new HostResource.Builder()
+                .setHostName("ns02.exampleregistrar.tld")
+                .setRepoId("2-ROID")
+                .build());
 
     registrant = persistResource(new ContactResource.Builder()
         .setContactId("5372808-ERL")
diff --git a/core/src/test/java/google/registry/whois/NameserverWhoisResponseTest.java b/core/src/test/java/google/registry/whois/NameserverWhoisResponseTest.java
index cca5e17b5..e3bec2652 100644
--- a/core/src/test/java/google/registry/whois/NameserverWhoisResponseTest.java
+++ b/core/src/test/java/google/registry/whois/NameserverWhoisResponseTest.java
@@ -54,23 +54,27 @@ public class NameserverWhoisResponseTest {
     persistResource(loadRegistrar("example").asBuilder().setUrl("http://my.fake.url").build());
     createTld("tld");
 
-    hostResource1 = new HostResource.Builder()
-        .setHostName("ns1.example.tld")
-        .setPersistedCurrentSponsorClientId("example")
-        .setInetAddresses(ImmutableSet.of(
-            InetAddresses.forString("192.0.2.123"),
-            InetAddresses.forString("2001:0DB8::1")))
-        .setRepoId("1-EXAMPLE")
-        .build();
+    hostResource1 =
+        new HostResource.Builder()
+            .setHostName("ns1.example.tld")
+            .setPersistedCurrentSponsorClientId("example")
+            .setInetAddresses(
+                ImmutableSet.of(
+                    InetAddresses.forString("192.0.2.123"),
+                    InetAddresses.forString("2001:0DB8::1")))
+            .setRepoId("1-EXAMPLE")
+            .build();
 
-    hostResource2 = new HostResource.Builder()
-        .setHostName("ns2.example.tld")
-        .setPersistedCurrentSponsorClientId("example")
-        .setInetAddresses(ImmutableSet.of(
-            InetAddresses.forString("192.0.2.123"),
-            InetAddresses.forString("2001:0DB8::1")))
-        .setRepoId("2-EXAMPLE")
-        .build();
+    hostResource2 =
+        new HostResource.Builder()
+            .setHostName("ns2.example.tld")
+            .setPersistedCurrentSponsorClientId("example")
+            .setInetAddresses(
+                ImmutableSet.of(
+                    InetAddresses.forString("192.0.2.123"),
+                    InetAddresses.forString("2001:0DB8::1")))
+            .setRepoId("2-EXAMPLE")
+            .build();
   }
 
   @Test
diff --git a/core/src/test/javascript/google/registry/ui/js/registrar/security_settings_test.js b/core/src/test/javascript/google/registry/ui/js/registrar/security_settings_test.js
index 06ed7d67d..8c7391356 100644
--- a/core/src/test/javascript/google/registry/ui/js/registrar/security_settings_test.js
+++ b/core/src/test/javascript/google/registry/ui/js/registrar/security_settings_test.js
@@ -28,7 +28,7 @@ describe('security settings test', function() {
   const stubs = new goog.testing.PropertyReplacer();
 
   const expectedRegistrar = {
-    ipAddressWhitelist: [],
+    ipAddressAllowList: [],
     phonePasscode: '12345',
     clientCertificate: null,
     clientCertificateHash: null,
@@ -105,7 +105,7 @@ describe('security settings test', function() {
           clientCertificate: exampleCert,
           clientCertificateHash: null,
           failoverClientCertificate: 'bourgeois blues',
-          ipAddressWhitelist: ['1.1.1.1', '2.2.2.2'],
+          ipAddressAllowList: ['1.1.1.1', '2.2.2.2'],
           phonePasscode: expectedRegistrar.phonePasscode,
           readonly: false }},
         {status: 'SUCCESS',
@@ -118,7 +118,7 @@ describe('security settings test', function() {
     expectedRegistrar.clientCertificate = exampleCert;
     expectedRegistrar.clientCertificateHash = exampleCertHash;
     expectedRegistrar.failoverClientCertificate = 'bourgeois blues';
-    expectedRegistrar.ipAddressWhitelist = ['1.1.1.1/32', '2.2.2.2/32'];
+    expectedRegistrar.ipAddressAllowList = ['1.1.1.1/32', '2.2.2.2/32'];
     registry.testing.assertReqMockRsp(
         test.testXsrfToken,
         '/registrar-settings',
diff --git a/core/src/test/resources/google/registry/ui/server/registrar/update_registrar.json b/core/src/test/resources/google/registry/ui/server/registrar/update_registrar.json
index dc6002610..283345f1e 100644
--- a/core/src/test/resources/google/registry/ui/server/registrar/update_registrar.json
+++ b/core/src/test/resources/google/registry/ui/server/registrar/update_registrar.json
@@ -43,7 +43,7 @@
     "creationTime": "2014-04-15T21:57:54.765Z",
     "clientCertificate": null,
     "emailAddress": "thase@the.registrar",
-    "ipAddressWhitelist": [
+    "ipAddressAllowList": [
       "1.1.1.1\/32",
       "2.2.2.2\/32",
       "4.4.4.4\/32"
diff --git a/core/src/test/resources/google/registry/ui/server/registrar/update_registrar_duplicate_contacts.json b/core/src/test/resources/google/registry/ui/server/registrar/update_registrar_duplicate_contacts.json
index 9a66daf69..f4f474bc7 100644
--- a/core/src/test/resources/google/registry/ui/server/registrar/update_registrar_duplicate_contacts.json
+++ b/core/src/test/resources/google/registry/ui/server/registrar/update_registrar_duplicate_contacts.json
@@ -42,7 +42,7 @@
     "creationTime": "2014-04-15T21:57:54.765Z",
     "clientCertificate": null,
     "emailAddress": "thase@the.registrar",
-    "ipAddressWhitelist": [
+    "ipAddressAllowList": [
       "1.1.1.1\/32",
       "2.2.2.2\/32",
       "4.4.4.4\/32"
diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/OteSetupConsoleScreenshotTest_get_admin_succeeds_oteResult.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/OteSetupConsoleScreenshotTest_get_admin_succeeds_oteResult.png
index c0bed6d49..bcd1c4e15 100644
Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/OteSetupConsoleScreenshotTest_get_admin_succeeds_oteResult.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/OteSetupConsoleScreenshotTest_get_admin_succeeds_oteResult.png differ
diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurityWithCerts_edit.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurityWithCerts_edit.png
index 1161ab7ec..2e7661955 100644
Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurityWithCerts_edit.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurityWithCerts_edit.png differ
diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurityWithCerts_view.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurityWithCerts_view.png
index a5b01ba47..d569427f7 100644
Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurityWithCerts_view.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurityWithCerts_view.png differ
diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurityWithHashOnly_edit.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurityWithHashOnly_edit.png
index 5618ff6ee..71d8817aa 100644
Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurityWithHashOnly_edit.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurityWithHashOnly_edit.png differ
diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurityWithHashOnly_view.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurityWithHashOnly_view.png
index 176cab8f7..2cceb49d6 100644
Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurityWithHashOnly_view.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurityWithHashOnly_view.png differ
diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurity_asAdmin_view.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurity_asAdmin_view.png
index bc1a3787e..f265f1579 100644
Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurity_asAdmin_view.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurity_asAdmin_view.png differ
diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurity_edit.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurity_edit.png
index ce7f09af8..022916b29 100644
Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurity_edit.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurity_edit.png differ
diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurity_view.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurity_view.png
index 5285c0b0f..8d29aa222 100644
Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurity_view.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsSecurity_view.png differ
diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarCreateConsoleScreenshotTest_get_admin_succeeds_createResult.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarCreateConsoleScreenshotTest_get_admin_succeeds_createResult.png
index 4f289b703..6e5059d39 100644
Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarCreateConsoleScreenshotTest_get_admin_succeeds_createResult.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarCreateConsoleScreenshotTest_get_admin_succeeds_createResult.png differ
diff --git a/db/src/main/resources/sql/flyway/V35__rename_allow_list.sql b/db/src/main/resources/sql/flyway/V35__rename_allow_list.sql
new file mode 100644
index 000000000..c4aec2747
--- /dev/null
+++ b/db/src/main/resources/sql/flyway/V35__rename_allow_list.sql
@@ -0,0 +1,15 @@
+-- Copyright 2020 The Nomulus Authors. All Rights Reserved.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+ALTER TABLE "Registrar" RENAME COLUMN "ip_address_whitelist" TO "ip_address_allow_list";
diff --git a/db/src/main/resources/sql/schema/db-schema.sql.generated b/db/src/main/resources/sql/schema/db-schema.sql.generated
index c6e21039b..6cd40ffcf 100644
--- a/db/src/main/resources/sql/schema/db-schema.sql.generated
+++ b/db/src/main/resources/sql/schema/db-schema.sql.generated
@@ -332,7 +332,7 @@ create sequence history_id_sequence start 1 increment 1;
         i18n_address_street_line2 text,
         i18n_address_street_line3 text,
         i18n_address_zip text,
-        ip_address_whitelist text[],
+        ip_address_allow_list text[],
         last_certificate_update_time timestamptz,
         last_update_time timestamptz,
         localized_address_city text,
diff --git a/db/src/main/resources/sql/schema/nomulus.golden.sql b/db/src/main/resources/sql/schema/nomulus.golden.sql
index 1af91a10c..63253c14f 100644
--- a/db/src/main/resources/sql/schema/nomulus.golden.sql
+++ b/db/src/main/resources/sql/schema/nomulus.golden.sql
@@ -526,7 +526,7 @@ CREATE TABLE public."Registrar" (
     i18n_address_street_line2 text,
     i18n_address_street_line3 text,
     i18n_address_zip text,
-    ip_address_whitelist text[],
+    ip_address_allow_list text[],
     last_certificate_update_time timestamp with time zone,
     last_update_time timestamp with time zone,
     localized_address_city text,
diff --git a/docs/authentication-framework.md b/docs/authentication-framework.md
index 5b044447f..83c6905f4 100644
--- a/docs/authentication-framework.md
+++ b/docs/authentication-framework.md
@@ -119,7 +119,7 @@ make sense. A master enumeration lists all the valid triplets. They are:
 
 *  `AUTH_PUBLIC_OR_INTERNAL`: Allows anyone access, as long as they use OAuth to
     authenticate. Also allows access from App Engine task-queue. Note that OAuth
-    client ID still needs to be whitelisted in the config file for OAuth-based
+    client ID still needs to be allow-listed in the config file for OAuth-based
     authentication to succeed. This is mainly used by the proxy.
 
 ### Action setting golden files
diff --git a/docs/code-structure.md b/docs/code-structure.md
index 93693cd39..07cd04b2c 100644
--- a/docs/code-structure.md
+++ b/docs/code-structure.md
@@ -137,7 +137,7 @@ used extensively throughout the codebase:
         a loop.
     *   With the `of` method: used when constructing the collection with a
         handful of elements. Most commonly used when creating collections
-        representing constants, like lookup tables or whitelists.
+        representing constants, like lookup tables or allow lists.
     *   With the `copyOf` method: used when constructing the method from a
         reference to another collection. Used to defensively copy a mutable
         collection (like a return value from an external library) to an
diff --git a/docs/flows.md b/docs/flows.md
index 5e57ca52a..325c90f94 100644
--- a/docs/flows.md
+++ b/docs/flows.md
@@ -350,11 +350,11 @@ An EPP flow that creates a new domain resource.
     *   Requested domain is reserved.
     *   Linked resource in pending delete prohibits operation.
     *   Requested domain requires a claims notice.
-    *   Nameservers are not whitelisted for this TLD.
-    *   Nameservers not specified for domain on TLD with nameserver whitelist.
+    *   Nameservers are not allow-listed for this TLD.
+    *   Nameservers not specified for domain on TLD with nameserver allow list.
     *   The requested domain name is on the premium price list, and this
         registrar has blocked premium registrations.
-    *   Registrant is not whitelisted for this TLD.
+    *   Registrant is not allow-listed for this TLD.
     *   Requested domain does not require a claims notice.
 *   2305
     *   The allocation token is not valid for this domain.
@@ -760,9 +760,9 @@ statuses are updated at once.
         clear that status.
     *   Resource status prohibits this operation.
     *   Linked resource in pending delete prohibits operation.
-    *   Nameservers are not whitelisted for this TLD.
-    *   Nameservers not specified for domain on TLD with nameserver whitelist.
-    *   Registrant is not whitelisted for this TLD.
+    *   Nameservers are not allow-listed for this TLD.
+    *   Nameservers not specified for domain on TLD with nameserver allow list.
+    *   Registrant is not allow-listed for this TLD.
 *   2306
     *   Cannot add and remove the same value.
     *   More than one contact for a given role is not allowed.
@@ -950,7 +950,7 @@ An EPP flow for login.
     *   Specified extension is not implemented.
 *   2200
     *   Registrar certificate does not match stored certificate.
-    *   Registrar IP address is not in stored whitelist.
+    *   Registrar IP address is not in stored allow list.
     *   Registrar certificate not present.
     *   Registrar password is incorrect.
     *   Registrar with this client ID could not be found.
diff --git a/docs/operational-procedures/tld-security-restrictions.md b/docs/operational-procedures/tld-security-restrictions.md
index 1d743ec55..5a4fd5b9b 100644
--- a/docs/operational-procedures/tld-security-restrictions.md
+++ b/docs/operational-procedures/tld-security-restrictions.md
@@ -71,9 +71,9 @@ label.
 ## Domain create restriction on closed TLDs
 
 Nomulus offers the ability to "lock-down" a TLD so that domain registration is
-forbidden except for whitelisted domain names. This is achieved by setting the
+forbidden except for allow-listed domain names. This is achieved by setting the
 "domain create restricted" option on the TLD using the `nomulus` tool. Domains
-are whitelisted for registration by adding them to reserved lists with entries
+are allow-listed for registration by adding them to reserved lists with entries
 of type `NAMESERVER_RESTRICTED`. Each domain will thus also need to have
 explicitly allowed nameservers configured in its reserved list entry, per the
 previous section.
@@ -90,7 +90,7 @@ Note that you do **not** have to set a TLD-wide allowed nameservers list with
 this option, because it operates independently from the per-domain nameservers
 restriction that `NAMESERVER_RESTRICTED` reservation imposes.
 
-In addition to disabling registration of non-whitelisted domains, setting a TLD
+In addition to disabling registration of non-allow-listed domains, setting a TLD
 as domain create restricted also applies the `SERVER_UPDATE_PROHIBITED` and
 `SERVER_TRANSFER_PROHIBITED` statuses to domains upon creation. Any domains on a
 domain create restricted TLD are therefore virtually immutable, and must be
diff --git a/docs/registrar-faq.md b/docs/registrar-faq.md
index 1abb6692b..491e14ddd 100644
--- a/docs/registrar-faq.md
+++ b/docs/registrar-faq.md
@@ -28,7 +28,7 @@ certifications required across gTLDs?**
 implementation. Here is how we answer it: ]*
 
 The registry does not provide a secure certificate. Registrars must provide
-their own certificate during onboarding, which will be whitelisted for the
+their own certificate during onboarding, which will be allow-listed for the
 connection. A single certificate can be used for multiple TLDs.
 
 **1.4 Locks and statuses: do lock and status rules follow RFC specifications?**
@@ -277,7 +277,7 @@ We have a shared registry system for EPP, with a shared namespace across all
 supported TLDs. Contacts and hosts are shared across all TLDs; for instance, the
 same contact can be used for all of a registrar's domains in the system.
 
-**7.11 If using a DRS, are login credentials, IP whitelisting, etc. configured
+**7.11 If using a DRS, are login credentials, IP allow listing, etc. configured
 separately or will these be the same for all TLDs in your system?**
 
 These will be the same for all TLDs, because we are a shared registry system.
@@ -477,20 +477,20 @@ commands.
 ## Security
 
 *[ The answers in this section depend on your EPP proxy implementation. These
-are the answers that we give, because our EPP proxy has IP whitelists, and
+are the answers that we give, because our EPP proxy has IP allow lists, and
 requires SSL certificates and SNI. We recommend that other proxy implementations
 do likewise. ]*
 
 **9.1 How do I specify the IP addresses that can access your EPP system?**
 
-You will be asked to submit your whitelisted IPs (in CIDR notation) during the
+You will be asked to submit your allow-listed IPs (in CIDR notation) during the
 onboarding process. After completion of the onboarding process, you can use the
-support console to manage the IP whitelist for your production account.
+support console to manage the IP allow list for your production account.
 
 **9.2 What SSL certificates will you accept for EPP connections?**
 
 We will accept any SSL certificate. You will be asked to submit your certificate
-for whitelisting during the onboarding process. After completion of the
+for allow-listing during the onboarding process. After completion of the
 onboarding process, you can use the support console to manage the certificate
 for your production account.
 
diff --git a/proxy/src/main/java/google/registry/proxy/handler/ProxyProtocolHandler.java b/proxy/src/main/java/google/registry/proxy/handler/ProxyProtocolHandler.java
index 2612f14d3..6b738b31d 100644
--- a/proxy/src/main/java/google/registry/proxy/handler/ProxyProtocolHandler.java
+++ b/proxy/src/main/java/google/registry/proxy/handler/ProxyProtocolHandler.java
@@ -33,7 +33,7 @@ import javax.inject.Inject;
  * <p>When an EPP client connects to the registry (through the proxy), the registry performs two
  * validations to ensure that only known registrars are allowed. First it checks the sha265 hash of
  * the client SSL certificate and match it to the hash stored in datastore for the registrar. It
- * then checks if the connection is from an whitelisted IP address that belongs to that registrar.
+ * then checks if the connection is from an allow-listed IP address that belongs to that registrar.
  *
  * <p>The proxy receives client connects via the GCP load balancer, which results in the loss of
  * original client IP from the channel. Luckily, the load balancer supports the PROXY protocol v1,
diff --git a/util/src/main/java/google/registry/util/Retrier.java b/util/src/main/java/google/registry/util/Retrier.java
index 305a064fe..eed0a3062 100644
--- a/util/src/main/java/google/registry/util/Retrier.java
+++ b/util/src/main/java/google/registry/util/Retrier.java
@@ -78,9 +78,9 @@ public class Retrier implements Serializable {
    * Retries a unit of work in the face of transient errors and returns the result.
    *
    * <p>Retrying is done a fixed number of times, with exponential backoff, if the exception that is
-   * thrown is on a whitelist of retryable errors. If the error is not on the whitelist, or if the
-   * thread is interrupted, or if the allowable number of attempts has been exhausted, the original
-   * exception is propagated through to the caller. Checked exceptions are wrapped in a
+   * thrown is on an allow list of retryable errors. If the error is not on the allow list, or if
+   * the thread is interrupted, or if the allowable number of attempts has been exhausted, the
+   * original exception is propagated through to the caller. Checked exceptions are wrapped in a
    * RuntimeException, while unchecked exceptions are propagated as-is.
    *
    * <p>Uses a default FailureReporter that logs before each retry.
@@ -112,9 +112,9 @@ public class Retrier implements Serializable {
    * Retries a unit of work in the face of transient errors and returns the result.
    *
    * <p>Retrying is done a fixed number of times, with exponential backoff, if the exception that is
-   * thrown is on a whitelist of retryable errors. If the error is not on the whitelist, or if the
-   * thread is interrupted, or if the allowable number of attempts has been exhausted, the original
-   * exception is propagated through to the caller. Checked exceptions are wrapped in a
+   * thrown is on an allow list of retryable errors. If the error is not on the allow list, or if
+   * the thread is interrupted, or if the allowable number of attempts has been exhausted, the
+   * original exception is propagated through to the caller. Checked exceptions are wrapped in a
    * RuntimeException, while unchecked exceptions are propagated as-is.
    *
    * @return the value returned by the {@link Callable}.
diff --git a/util/src/main/java/google/registry/util/SqlTemplate.java b/util/src/main/java/google/registry/util/SqlTemplate.java
index a7892e927..13de4a97c 100644
--- a/util/src/main/java/google/registry/util/SqlTemplate.java
+++ b/util/src/main/java/google/registry/util/SqlTemplate.java
@@ -48,12 +48,12 @@ public final class SqlTemplate {
   /**
    * Adds a key/value that should be substituted an individual variable in the template.
    *
-   * <p>Your template variables should appear as follows: {@code WHERE foo = '%BAR%'} and you
-   * would call {@code .put("BAR", "some value"} to safely substitute it with a value. Only
-   * whitelisted characters (as defined by {@link #LEGAL_SUBSTITUTIONS}) are allowed in values.
+   * <p>Your template variables should appear as follows: {@code WHERE foo = '%BAR%'} and you would
+   * call {@code .put("BAR", "some value"} to safely substitute it with a value. Only allow-listed
+   * characters (as defined by {@link #LEGAL_SUBSTITUTIONS}) are allowed in values.
    *
    * @param key uppercase string that can have digits and underscores
-   * @param value substitution value, comprised of whitelisted characters
+   * @param value substitution value, composed of allow-listed characters
    * @throws IllegalArgumentException if key or value has bad chars or duplicate keys were added
    */
   public SqlTemplate put(String key, String value) {
diff --git a/util/src/main/java/google/registry/util/X509Utils.java b/util/src/main/java/google/registry/util/X509Utils.java
index 3ab1dd7bf..f51e6ba08 100644
--- a/util/src/main/java/google/registry/util/X509Utils.java
+++ b/util/src/main/java/google/registry/util/X509Utils.java
@@ -52,7 +52,7 @@ public final class X509Utils {
    * SHA-256 digest of the certificate.
    *
    * <p>Note that this must match the method used by the GFE to generate the client certificate hash
-   * so that the two will match when we check against the whitelist.
+   * so that the two will match when we check against the allow list.
    */
   public static String getCertificateHash(X509Certificate cert) {
     try {