Adopt more inclusive language in //net

While this does rename some symbols and APIs, it
does not change externally-exposed values (e.g. preferences
or policies), which may require coordination with Enterprise
to avoid breaking anyone.

Adopt more inclusive language in //net, by deprecating the
terms whitelist and blacklist into more descriptive terms,
such as allowlist and blocklist.

TBR=torne@chromium.org, dgozman@chromium.org, bnc@chromium.org

Bug: 987648, 981129
Change-Id: Id558d29e0049af7e110dbb0528ac9d511e4620ee
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1718348
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Commit-Queue: Ryan Sleevi <rsleevi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#681267}
diff --git a/android_webview/browser/aw_browser_process.cc b/android_webview/browser/aw_browser_process.cc
index 042b08c..f9d62d36 100644
--- a/android_webview/browser/aw_browser_process.cc
+++ b/android_webview/browser/aw_browser_process.cc
@@ -154,7 +154,7 @@
   network::mojom::HttpAuthDynamicParamsPtr auth_dynamic_params =
       network::mojom::HttpAuthDynamicParams::New();
 
-  auth_dynamic_params->server_whitelist =
+  auth_dynamic_params->server_allowlist =
       local_state()->GetString(prefs::kAuthServerWhitelist);
   auth_dynamic_params->android_negotiate_account_type =
       local_state()->GetString(prefs::kAuthAndroidNegotiateAccountType);
diff --git a/android_webview/browser/net/aw_url_request_context_getter.cc b/android_webview/browser/net/aw_url_request_context_getter.cc
index d0661d5..40d194f 100644
--- a/android_webview/browser/net/aw_url_request_context_getter.cc
+++ b/android_webview/browser/net/aw_url_request_context_getter.cc
@@ -193,11 +193,11 @@
   scoped_refptr<base::SingleThreadTaskRunner> io_thread_proxy =
       base::CreateSingleThreadTaskRunnerWithTraits({BrowserThread::IO});
 
-  auth_server_whitelist_.Init(
+  auth_server_allowlist_.Init(
       prefs::kAuthServerWhitelist, user_pref_service,
-      base::BindRepeating(&AwURLRequestContextGetter::UpdateServerWhitelist,
+      base::BindRepeating(&AwURLRequestContextGetter::UpdateServerAllowlist,
                           base::Unretained(this)));
-  auth_server_whitelist_.MoveToSequence(io_thread_proxy);
+  auth_server_allowlist_.MoveToSequence(io_thread_proxy);
 
   auth_android_negotiate_account_type_.Init(
       prefs::kAuthAndroidNegotiateAccountType, user_pref_service,
@@ -374,15 +374,15 @@
 std::unique_ptr<net::HttpAuthHandlerFactory>
 AwURLRequestContextGetter::CreateAuthHandlerFactory() {
   http_auth_preferences_.reset(new net::HttpAuthPreferences());
-  UpdateServerWhitelist();
+  UpdateServerAllowlist();
   UpdateAndroidAuthNegotiateAccountType();
 
   return net::HttpAuthHandlerRegistryFactory::Create(
       http_auth_preferences_.get(), AwBrowserContext::GetAuthSchemes());
 }
 
-void AwURLRequestContextGetter::UpdateServerWhitelist() {
-  http_auth_preferences_->SetServerWhitelist(auth_server_whitelist_.GetValue());
+void AwURLRequestContextGetter::UpdateServerAllowlist() {
+  http_auth_preferences_->SetServerAllowlist(auth_server_allowlist_.GetValue());
 }
 
 void AwURLRequestContextGetter::UpdateAndroidAuthNegotiateAccountType() {
diff --git a/android_webview/browser/net/aw_url_request_context_getter.h b/android_webview/browser/net/aw_url_request_context_getter.h
index 233ccf7..1743ee8 100644
--- a/android_webview/browser/net/aw_url_request_context_getter.h
+++ b/android_webview/browser/net/aw_url_request_context_getter.h
@@ -78,7 +78,7 @@
   std::unique_ptr<net::HttpAuthHandlerFactory> CreateAuthHandlerFactory();
 
   // Update methods for the auth related preferences
-  void UpdateServerWhitelist();
+  void UpdateServerAllowlist();
   void UpdateAndroidAuthNegotiateAccountType();
 
   const base::FilePath cache_path_;
@@ -96,7 +96,7 @@
 
   // Store HTTP Auth-related policies in this thread.
   StringPrefMember auth_android_negotiate_account_type_;
-  StringPrefMember auth_server_whitelist_;
+  StringPrefMember auth_server_allowlist_;
 
   // ProtocolHandlers and interceptors are stored here between
   // SetHandlersAndInterceptors() and the first GetURLRequestContext() call.
diff --git a/chrome/browser/net/system_network_context_manager.cc b/chrome/browser/net/system_network_context_manager.cc
index 156b0226..9c6092c 100644
--- a/chrome/browser/net/system_network_context_manager.cc
+++ b/chrome/browser/net/system_network_context_manager.cc
@@ -169,9 +169,9 @@
   network::mojom::HttpAuthDynamicParamsPtr auth_dynamic_params =
       network::mojom::HttpAuthDynamicParams::New();
 
-  auth_dynamic_params->server_whitelist =
+  auth_dynamic_params->server_allowlist =
       local_state->GetString(prefs::kAuthServerWhitelist);
-  auth_dynamic_params->delegate_whitelist =
+  auth_dynamic_params->delegate_allowlist =
       local_state->GetString(prefs::kAuthNegotiateDelegateWhitelist);
   auth_dynamic_params->negotiate_disable_cname_lookup =
       local_state->GetBoolean(prefs::kDisableAuthNegotiateCnameLookup);
diff --git a/chrome/browser/net/system_network_context_manager_browsertest.cc b/chrome/browser/net/system_network_context_manager_browsertest.cc
index 8010454..d36d128 100644
--- a/chrome/browser/net/system_network_context_manager_browsertest.cc
+++ b/chrome/browser/net/system_network_context_manager_browsertest.cc
@@ -225,8 +225,8 @@
       SystemNetworkContextManager::GetHttpAuthDynamicParamsForTesting();
   EXPECT_EQ(false, dynamic_params->negotiate_disable_cname_lookup);
   EXPECT_EQ(false, dynamic_params->enable_negotiate_port);
-  EXPECT_EQ("", dynamic_params->server_whitelist);
-  EXPECT_EQ("", dynamic_params->delegate_whitelist);
+  EXPECT_EQ("", dynamic_params->server_allowlist);
+  EXPECT_EQ("", dynamic_params->delegate_allowlist);
   EXPECT_FALSE(dynamic_params->delegate_by_kdc_policy);
 
   PrefService* local_state = g_browser_process->local_state();
@@ -236,8 +236,8 @@
       SystemNetworkContextManager::GetHttpAuthDynamicParamsForTesting();
   EXPECT_EQ(true, dynamic_params->negotiate_disable_cname_lookup);
   EXPECT_EQ(false, dynamic_params->enable_negotiate_port);
-  EXPECT_EQ("", dynamic_params->server_whitelist);
-  EXPECT_EQ("", dynamic_params->delegate_whitelist);
+  EXPECT_EQ("", dynamic_params->server_allowlist);
+  EXPECT_EQ("", dynamic_params->delegate_allowlist);
   EXPECT_FALSE(dynamic_params->delegate_by_kdc_policy);
 
   local_state->SetBoolean(prefs::kEnableAuthNegotiatePort, true);
@@ -245,28 +245,28 @@
       SystemNetworkContextManager::GetHttpAuthDynamicParamsForTesting();
   EXPECT_EQ(true, dynamic_params->negotiate_disable_cname_lookup);
   EXPECT_EQ(true, dynamic_params->enable_negotiate_port);
-  EXPECT_EQ("", dynamic_params->server_whitelist);
-  EXPECT_EQ("", dynamic_params->delegate_whitelist);
+  EXPECT_EQ("", dynamic_params->server_allowlist);
+  EXPECT_EQ("", dynamic_params->delegate_allowlist);
   EXPECT_FALSE(dynamic_params->delegate_by_kdc_policy);
 
-  const char kServerWhiteList[] = "foo";
-  local_state->SetString(prefs::kAuthServerWhitelist, kServerWhiteList);
+  const char kServerAllowList[] = "foo";
+  local_state->SetString(prefs::kAuthServerWhitelist, kServerAllowList);
   dynamic_params =
       SystemNetworkContextManager::GetHttpAuthDynamicParamsForTesting();
   EXPECT_EQ(true, dynamic_params->negotiate_disable_cname_lookup);
   EXPECT_EQ(true, dynamic_params->enable_negotiate_port);
-  EXPECT_EQ(kServerWhiteList, dynamic_params->server_whitelist);
-  EXPECT_EQ("", dynamic_params->delegate_whitelist);
+  EXPECT_EQ(kServerAllowList, dynamic_params->server_allowlist);
+  EXPECT_EQ("", dynamic_params->delegate_allowlist);
 
-  const char kDelegateWhiteList[] = "bar, baz";
+  const char kDelegateAllowList[] = "bar, baz";
   local_state->SetString(prefs::kAuthNegotiateDelegateWhitelist,
-                         kDelegateWhiteList);
+                         kDelegateAllowList);
   dynamic_params =
       SystemNetworkContextManager::GetHttpAuthDynamicParamsForTesting();
   EXPECT_EQ(true, dynamic_params->negotiate_disable_cname_lookup);
   EXPECT_EQ(true, dynamic_params->enable_negotiate_port);
-  EXPECT_EQ(kServerWhiteList, dynamic_params->server_whitelist);
-  EXPECT_EQ(kDelegateWhiteList, dynamic_params->delegate_whitelist);
+  EXPECT_EQ(kServerAllowList, dynamic_params->server_allowlist);
+  EXPECT_EQ(kDelegateAllowList, dynamic_params->delegate_allowlist);
   EXPECT_FALSE(dynamic_params->delegate_by_kdc_policy);
 
 #if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_CHROMEOS)
@@ -275,8 +275,8 @@
       SystemNetworkContextManager::GetHttpAuthDynamicParamsForTesting();
   EXPECT_EQ(true, dynamic_params->negotiate_disable_cname_lookup);
   EXPECT_EQ(true, dynamic_params->enable_negotiate_port);
-  EXPECT_EQ(kServerWhiteList, dynamic_params->server_whitelist);
-  EXPECT_EQ(kDelegateWhiteList, dynamic_params->delegate_whitelist);
+  EXPECT_EQ(kServerAllowList, dynamic_params->server_allowlist);
+  EXPECT_EQ(kDelegateAllowList, dynamic_params->delegate_allowlist);
   EXPECT_TRUE(dynamic_params->delegate_by_kdc_policy);
 #endif  // defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_CHROMEOS)
 
diff --git a/components/cronet/url_request_context_config.cc b/components/cronet/url_request_context_config.cc
index c27fa41..adcab67 100644
--- a/components/cronet/url_request_context_config.cc
+++ b/components/cronet/url_request_context_config.cc
@@ -531,14 +531,14 @@
             quic_race_cert_verification;
       }
 
-      std::string quic_host_whitelist;
-      if (quic_args->GetString(kQuicHostWhitelist, &quic_host_whitelist)) {
+      std::string quic_host_allowlist;
+      if (quic_args->GetString(kQuicHostWhitelist, &quic_host_allowlist)) {
         std::vector<std::string> host_vector =
-            base::SplitString(quic_host_whitelist, ",", base::TRIM_WHITESPACE,
+            base::SplitString(quic_host_allowlist, ",", base::TRIM_WHITESPACE,
                               base::SPLIT_WANT_ALL);
-        session_params->quic_host_whitelist.clear();
+        session_params->quic_host_allowlist.clear();
         for (const std::string& host : host_vector) {
-          session_params->quic_host_whitelist.insert(host);
+          session_params->quic_host_allowlist.insert(host);
         }
       }
 
diff --git a/components/cronet/url_request_context_config_unittest.cc b/components/cronet/url_request_context_config_unittest.cc
index 718b2f3..fa88471 100644
--- a/components/cronet/url_request_context_config_unittest.cc
+++ b/components/cronet/url_request_context_config_unittest.cc
@@ -805,8 +805,8 @@
   const net::HttpNetworkSession::Params* params =
       context->GetNetworkSessionParams();
 
-  EXPECT_TRUE(base::Contains(params->quic_host_whitelist, "www.example.com"));
-  EXPECT_TRUE(base::Contains(params->quic_host_whitelist, "www.example.org"));
+  EXPECT_TRUE(base::Contains(params->quic_host_allowlist, "www.example.com"));
+  EXPECT_TRUE(base::Contains(params->quic_host_allowlist, "www.example.org"));
 }
 
 TEST(URLRequestContextConfigTest, SetQuicMaxTimeBeforeCryptoHandshake) {
diff --git a/components/network_session_configurator/browser/network_session_configurator.cc b/components/network_session_configurator/browser/network_session_configurator.cc
index 7979448..7470e85 100644
--- a/components/network_session_configurator/browser/network_session_configurator.cc
+++ b/components/network_session_configurator/browser/network_session_configurator.cc
@@ -411,12 +411,12 @@
   return 0;
 }
 
-base::flat_set<std::string> GetQuicHostWhitelist(
+base::flat_set<std::string> GetQuicHostAllowlist(
     const VariationParameters& quic_trial_params) {
-  std::string host_whitelist =
+  std::string host_allowlist =
       GetVariationParam(quic_trial_params, "host_whitelist");
   std::vector<std::string> host_vector = base::SplitString(
-      host_whitelist, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL);
+      host_allowlist, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL);
   return base::flat_set<std::string>(std::move(host_vector));
 }
 
@@ -560,7 +560,7 @@
     }
     params->quic_params.allow_server_migration =
         ShouldQuicAllowServerMigration(quic_trial_params);
-    params->quic_host_whitelist = GetQuicHostWhitelist(quic_trial_params);
+    params->quic_host_allowlist = GetQuicHostAllowlist(quic_trial_params);
   }
 
   size_t max_packet_length = GetQuicMaxPacketLength(quic_trial_params);
diff --git a/components/network_session_configurator/browser/network_session_configurator_unittest.cc b/components/network_session_configurator/browser/network_session_configurator_unittest.cc
index 4db23a0..a4ded6a 100644
--- a/components/network_session_configurator/browser/network_session_configurator_unittest.cc
+++ b/components/network_session_configurator/browser/network_session_configurator_unittest.cc
@@ -129,7 +129,7 @@
   EXPECT_FALSE(params_.quic_params.go_away_on_path_degrading);
   EXPECT_TRUE(params_.quic_params.initial_rtt_for_handshake.is_zero());
   EXPECT_FALSE(params_.quic_params.allow_server_migration);
-  EXPECT_TRUE(params_.quic_host_whitelist.empty());
+  EXPECT_TRUE(params_.quic_host_allowlist.empty());
   EXPECT_TRUE(params_.quic_params.retransmittable_on_wire_timeout.is_zero());
 
   net::HttpNetworkSession::Params default_params;
@@ -580,7 +580,7 @@
   EXPECT_EQ(options, params_.quic_params.client_connection_options);
 }
 
-TEST_F(NetworkSessionConfiguratorTest, QuicHostWhitelist) {
+TEST_F(NetworkSessionConfiguratorTest, QuicHostAllowlist) {
   std::map<std::string, std::string> field_trial_params;
   field_trial_params["host_whitelist"] = "www.example.org, www.example.com";
   variations::AssociateVariationParams("QUIC", "Enabled", field_trial_params);
@@ -588,12 +588,12 @@
 
   ParseFieldTrials();
 
-  EXPECT_EQ(2u, params_.quic_host_whitelist.size());
-  EXPECT_TRUE(base::Contains(params_.quic_host_whitelist, "www.example.com"));
-  EXPECT_TRUE(base::Contains(params_.quic_host_whitelist, "www.example.org"));
+  EXPECT_EQ(2u, params_.quic_host_allowlist.size());
+  EXPECT_TRUE(base::Contains(params_.quic_host_allowlist, "www.example.com"));
+  EXPECT_TRUE(base::Contains(params_.quic_host_allowlist, "www.example.org"));
 }
 
-TEST_F(NetworkSessionConfiguratorTest, QuicHostWhitelistEmpty) {
+TEST_F(NetworkSessionConfiguratorTest, QuicHostAllowlistEmpty) {
   std::map<std::string, std::string> field_trial_params;
   field_trial_params["host_whitelist"] = "";
   variations::AssociateVariationParams("QUIC", "Enabled", field_trial_params);
@@ -601,7 +601,7 @@
 
   ParseFieldTrials();
 
-  EXPECT_TRUE(params_.quic_host_whitelist.empty());
+  EXPECT_TRUE(params_.quic_host_allowlist.empty());
 }
 
 TEST_F(NetworkSessionConfiguratorTest, Http2SettingsFromFieldTrialParams) {
diff --git a/headless/lib/browser/headless_request_context_manager.cc b/headless/lib/browser/headless_request_context_manager.cc
index 4e0d493..8f03b6a 100644
--- a/headless/lib/browser/headless_request_context_manager.cc
+++ b/headless/lib/browser/headless_request_context_manager.cc
@@ -162,7 +162,7 @@
 
   base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
   auto auth_params = ::network::mojom::HttpAuthDynamicParams::New();
-  auth_params->server_whitelist =
+  auth_params->server_allowlist =
       command_line->GetSwitchValueASCII(switches::kAuthServerWhitelist);
   auto* network_service = content::GetNetworkService();
   network_service->ConfigureHttpAuthPrefs(std::move(auth_params));
diff --git a/net/base/filename_util.cc b/net/base/filename_util.cc
index a3135f1..642b412 100644
--- a/net/base/filename_util.cc
+++ b/net/base/filename_util.cc
@@ -117,7 +117,7 @@
   if (ContainsEncodedBytes(path, illegal_encoded_bytes))
     return false;
 
-  // Unescape all percent-encoded sequences, including blacklisted-for-display
+  // Unescape all percent-encoded sequences, including blocked-for-display
   // characters, control characters and invalid UTF-8 byte sequences.
   // Percent-encoded bytes are not meaningful in a file system.
   path = UnescapeBinaryURLComponent(path);
diff --git a/net/base/filename_util_unittest.cc b/net/base/filename_util_unittest.cc
index 4d592d9..7504279 100644
--- a/net/base/filename_util_unittest.cc
+++ b/net/base/filename_util_unittest.cc
@@ -192,8 +192,8 @@
     // Other percent-encoded characters that are left alone when displaying a
     // URL are decoded in a file path (https://crbug.com/585422).
     {L"C:\\foo\\\U0001F512.txt",
-     "file:///C:/foo/%F0%9F%94%92.txt"},                       // Blacklisted.
-    {L"C:\\foo\\\u2001.txt", "file:///C:/foo/%E2%80%81.txt"},  // Blacklisted.
+     "file:///C:/foo/%F0%9F%94%92.txt"},                       // Blocked.
+    {L"C:\\foo\\\u2001.txt", "file:///C:/foo/%E2%80%81.txt"},  // Blocked.
 #elif defined(OS_POSIX) || defined(OS_FUCHSIA)
     {L"/foo/bar.txt", "file:///foo/bar.txt"},
     {L"/foo/BAR.txt", "file:///foo/BAR.txt"},
@@ -213,8 +213,8 @@
      "file:///plane1/%F0%9D%90%80%F0%9D%90%81.txt"},
     // Other percent-encoded characters that are left alone when displaying a
     // URL are decoded in a file path (https://crbug.com/585422).
-    {L"/foo/\U0001F512.txt", "file:///foo/%F0%9F%94%92.txt"},  // Blacklisted.
-    {L"/foo/\u2001.txt", "file:///foo/%E2%80%81.txt"},         // Blacklisted.
+    {L"/foo/\U0001F512.txt", "file:///foo/%F0%9F%94%92.txt"},  // Blocked.
+    {L"/foo/\u2001.txt", "file:///foo/%E2%80%81.txt"},         // Blocked.
 #endif
   };
 
diff --git a/net/base/ip_address.cc b/net/base/ip_address.cc
index b7ca4f0..f8c8805 100644
--- a/net/base/ip_address.cc
+++ b/net/base/ip_address.cc
@@ -50,7 +50,7 @@
 }
 
 // Returns false if |ip_address| matches any of the reserved IPv4 ranges. This
-// method operates on a blacklist of reserved IPv4 ranges. Some ranges are
+// method operates on a list of reserved IPv4 ranges. Some ranges are
 // consolidated.
 // Sources for info:
 // www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml
@@ -80,8 +80,8 @@
 }
 
 // Returns false if |ip_address| matches any of the IPv6 ranges IANA reserved
-// for local networks. This method operates on a whitelist of non-reserved
-// IPv6 ranges, plus the blacklist of reserved IPv4 ranges mapped to IPv6.
+// for local networks. This method operates on an allowlist of non-reserved
+// IPv6 ranges, plus the list of reserved IPv4 ranges mapped to IPv6.
 // Sources for info:
 // www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
 bool IsPubliclyRoutableIPv6(const IPAddressBytes& ip_address) {
diff --git a/net/base/net_error_list.h b/net/base/net_error_list.h
index 6fc8c5e..a028a469 100644
--- a/net/base/net_error_list.h
+++ b/net/base/net_error_list.h
@@ -90,7 +90,7 @@
 // The network changed.
 NET_ERROR(NETWORK_CHANGED, -21)
 
-// The request was blocked by the URL blacklist configured by the domain
+// The request was blocked by the URL block list configured by the domain
 // administrator.
 NET_ERROR(BLOCKED_BY_ADMINISTRATOR, -22)
 
diff --git a/net/base/port_util.cc b/net/base/port_util.cc
index 7ff334c..63a7c35 100644
--- a/net/base/port_util.cc
+++ b/net/base/port_util.cc
@@ -116,7 +116,7 @@
   if (g_explicitly_allowed_ports.Get().count(port) > 0)
     return true;
 
-  // FTP requests have an extra set of whitelisted schemes.
+  // FTP requests have an extra set of allowed schemes.
   if (base::LowerCaseEqualsASCII(url_scheme, url::kFtpScheme)) {
     for (int allowed_ftp_port : kAllowedFtpPorts) {
       if (allowed_ftp_port == port)
diff --git a/net/cert/cert_verifier.h b/net/cert/cert_verifier.h
index 8ea6fac..9b7ff45 100644
--- a/net/cert/cert_verifier.h
+++ b/net/cert/cert_verifier.h
@@ -56,7 +56,7 @@
 
     // Provides an optional CRLSet structure that can be used to avoid
     // revocation checks over the network. CRLSets can be used to add
-    // additional certificates to be blacklisted beyond the internal blacklist,
+    // additional certificates to be blocked beyond the internal block list,
     // whether leaves or intermediates.
     scoped_refptr<CRLSet> crl_set;
 
diff --git a/net/cert/cert_verify_proc.cc b/net/cert/cert_verify_proc.cc
index 906b843..6fedb497 100644
--- a/net/cert/cert_verify_proc.cc
+++ b/net/cert/cert_verify_proc.cc
@@ -773,7 +773,7 @@
       // C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI,
       // CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
       //
-      // net/data/ssl/blacklist/b9bea7860a962ea3611dab97ab6da3e21c1068b97d55575ed0e11279c11c8932.pem
+      // net/data/ssl/blocklist/b9bea7860a962ea3611dab97ab6da3e21c1068b97d55575ed0e11279c11c8932.pem
       {
           {{0x86, 0xc1, 0x3a, 0x34, 0x08, 0xdd, 0x1a, 0xa7, 0x7e, 0xe8, 0xb6,
             0x94, 0x7c, 0x03, 0x95, 0x87, 0x72, 0xf5, 0x31, 0x24, 0x8c, 0x16,
@@ -783,7 +783,7 @@
       // C=IN, O=India PKI, CN=CCA India 2007
       // Expires: July 4th 2015.
       //
-      // net/data/ssl/blacklist/f375e2f77a108bacc4234894a9af308edeca1acd8fbde0e7aaa9634e9daf7e1c.pem
+      // net/data/ssl/blocklist/f375e2f77a108bacc4234894a9af308edeca1acd8fbde0e7aaa9634e9daf7e1c.pem
       {
           {{0x7e, 0x6a, 0xcd, 0x85, 0x3c, 0xac, 0xc6, 0x93, 0x2e, 0x9b, 0x51,
             0x9f, 0xda, 0xd1, 0xbe, 0xb5, 0x15, 0xed, 0x2a, 0x2d, 0x00, 0x25,
@@ -793,7 +793,7 @@
       // C=IN, O=India PKI, CN=CCA India 2011
       // Expires: March 11 2016.
       //
-      // net/data/ssl/blacklist/2d66a702ae81ba03af8cff55ab318afa919039d9f31b4d64388680f81311b65a.pem
+      // net/data/ssl/blocklist/2d66a702ae81ba03af8cff55ab318afa919039d9f31b4d64388680f81311b65a.pem
       {
           {{0x42, 0xa7, 0x09, 0x84, 0xff, 0xd3, 0x99, 0xc4, 0xea, 0xf0, 0xe7,
             0x02, 0xa4, 0x4b, 0xef, 0x2a, 0xd8, 0xa7, 0x9b, 0x8b, 0xf4, 0x64,
@@ -803,7 +803,7 @@
       // C=IN, O=India PKI, CN=CCA India 2014
       // Expires: March 5 2024.
       //
-      // net/data/ssl/blacklist/60109bc6c38328598a112c7a25e38b0f23e5a7511cb815fb64e0c4ff05db7df7.pem
+      // net/data/ssl/blocklist/60109bc6c38328598a112c7a25e38b0f23e5a7511cb815fb64e0c4ff05db7df7.pem
       {
           {{0x9c, 0xf4, 0x70, 0x4f, 0x3e, 0xe5, 0xa5, 0x98, 0x94, 0xb1, 0x6b,
             0xf0, 0x0c, 0xfe, 0x73, 0xd5, 0x88, 0xda, 0xe2, 0x69, 0xf5, 0x1d,
diff --git a/net/cert/cert_verify_proc_blacklist.inc b/net/cert/cert_verify_proc_blocklist.inc
similarity index 98%
rename from net/cert/cert_verify_proc_blacklist.inc
rename to net/cert/cert_verify_proc_blocklist.inc
index e5be854..99a9bcf 100644
--- a/net/cert/cert_verify_proc_blacklist.inc
+++ b/net/cert/cert_verify_proc_blocklist.inc
@@ -3,10 +3,10 @@
 // found in the LICENSE file.
 
 // The certificate(s) that were misissued, and which represent these SPKIs,
-// are stored within net/data/ssl/blacklist. Further details about the
-// rationale is documented in net/data/ssl/blacklist/README.md
+// are stored within net/data/ssl/blocklist. Further details about the
+// rationale is documented in net/data/ssl/blocklist/README.md
 static constexpr uint8_t
-    kBlacklistedSPKIs[][crypto::kSHA256Length] = {
+    kSPKIBlockList[][crypto::kSHA256Length] = {
         // 2740d956b1127b791aa1b3cc644a4dbedba76186a23638b95102351a834ea861.pem
         {0x04, 0xdd, 0xe9, 0xaa, 0x9a, 0x79, 0xf6, 0x14, 0x98, 0x68, 0x23,
          0x25, 0xfa, 0x08, 0x70, 0x27, 0x67, 0x07, 0xfb, 0x9c, 0xa9, 0x53,
diff --git a/net/cert/cert_verify_proc_unittest.cc b/net/cert/cert_verify_proc_unittest.cc
index 64dd416..0d0d2c7 100644
--- a/net/cert/cert_verify_proc_unittest.cc
+++ b/net/cert/cert_verify_proc_unittest.cc
@@ -1185,7 +1185,7 @@
   }
 
   // Either the system crypto library should correctly report a certificate
-  // name mismatch, or our certificate blacklist should cause us to report an
+  // name mismatch, or our certificate block list should cause us to report an
   // invalid certificate.
   if (verify_proc_type() == CERT_VERIFY_PROC_NSS ||
       verify_proc_type() == CERT_VERIFY_PROC_WIN) {
@@ -2246,14 +2246,14 @@
     EXPECT_THAT(error, IsError(ERR_CERT_SYMANTEC_LEGACY));
     EXPECT_TRUE(test_result_1.cert_status & CERT_STATUS_SYMANTEC_LEGACY);
 
-    // ... Unless the Symantec cert chains through a whitelisted intermediate.
-    CertVerifyResult whitelisted_result;
-    whitelisted_result.verified_cert = cert;
-    whitelisted_result.public_key_hashes.push_back(
+    // ... Unless the Symantec cert chains through a allowlisted intermediate.
+    CertVerifyResult allowlisted_result;
+    allowlisted_result.verified_cert = cert;
+    allowlisted_result.public_key_hashes.push_back(
         HashValue(kSymantecHashValue));
-    whitelisted_result.public_key_hashes.push_back(HashValue(kGoogleHashValue));
-    whitelisted_result.is_issued_by_known_root = true;
-    verify_proc = base::MakeRefCounted<MockCertVerifyProc>(whitelisted_result);
+    allowlisted_result.public_key_hashes.push_back(HashValue(kGoogleHashValue));
+    allowlisted_result.is_issued_by_known_root = true;
+    verify_proc = base::MakeRefCounted<MockCertVerifyProc>(allowlisted_result);
 
     CertVerifyResult test_result_2;
     error = verify_proc->Verify(
@@ -2311,14 +2311,14 @@
       EXPECT_FALSE(test_result_1.cert_status & CERT_STATUS_SYMANTEC_LEGACY);
     }
 
-    // ... Unless the Symantec cert chains through a whitelisted intermediate.
-    CertVerifyResult whitelisted_result;
-    whitelisted_result.verified_cert = cert;
-    whitelisted_result.public_key_hashes.push_back(
+    // ... Unless the Symantec cert chains through a allowlisted intermediate.
+    CertVerifyResult allowlisted_result;
+    allowlisted_result.verified_cert = cert;
+    allowlisted_result.public_key_hashes.push_back(
         HashValue(kSymantecHashValue));
-    whitelisted_result.public_key_hashes.push_back(HashValue(kGoogleHashValue));
-    whitelisted_result.is_issued_by_known_root = true;
-    verify_proc = base::MakeRefCounted<MockCertVerifyProc>(whitelisted_result);
+    allowlisted_result.public_key_hashes.push_back(HashValue(kGoogleHashValue));
+    allowlisted_result.is_issued_by_known_root = true;
+    verify_proc = base::MakeRefCounted<MockCertVerifyProc>(allowlisted_result);
 
     CertVerifyResult test_result_2;
     error = verify_proc->Verify(
diff --git a/net/cert/crl_set.cc b/net/cert/crl_set.cc
index 737f233..4f09e69 100644
--- a/net/cert/crl_set.cc
+++ b/net/cert/crl_set.cc
@@ -254,9 +254,9 @@
     return false;
   }
 
-  // Defines kBlacklistedSPKIs.
-#include "net/cert/cert_verify_proc_blacklist.inc"
-  for (const auto& hash : kBlacklistedSPKIs) {
+  // Defines kSPKIBlockList.
+#include "net/cert/cert_verify_proc_blocklist.inc"
+  for (const auto& hash : kSPKIBlockList) {
     crl_set->blocked_spkis_.push_back(std::string(
         reinterpret_cast<const char*>(hash), crypto::kSHA256Length));
   }
diff --git a/net/cert/crl_set.h b/net/cert/crl_set.h
index 52afa8f..bb876db 100644
--- a/net/cert/crl_set.h
+++ b/net/cert/crl_set.h
@@ -74,7 +74,7 @@
 
   // BuiltinCRLSet() returns the default CRLSet, to be used when no CRLSet is
   // available from the network.  The default CRLSet includes a statically-
-  // configured blacklist.
+  // configured block list.
   static scoped_refptr<CRLSet> BuiltinCRLSet();
 
   // EmptyCRLSetForTesting returns a valid, but empty, CRLSet for unit tests.
diff --git a/net/cert/crl_set_unittest.cc b/net/cert/crl_set_unittest.cc
index a549950..bec0d8b 100644
--- a/net/cert/crl_set_unittest.cc
+++ b/net/cert/crl_set_unittest.cc
@@ -126,9 +126,9 @@
             set->CheckSPKI(reinterpret_cast<const char*>(spki_hash)));
 }
 
-TEST(CertVerifyProcTest, CRLSetIncorporatesStaticBlacklist) {
+TEST(CertVerifyProcTest, CRLSetIncorporatesStaticBlocklist) {
   // Test both the builtin CRLSet and a parsed CRLSet to be sure that both
-  // include the blacklist.
+  // include the block list.
   scoped_refptr<CRLSet> set1 = CRLSet::BuiltinCRLSet();
   ASSERT_TRUE(set1);
   base::StringPiece s(reinterpret_cast<const char*>(kGIACRLSet),
diff --git a/net/cert/internal/path_builder_pkits_unittest.cc b/net/cert/internal/path_builder_pkits_unittest.cc
index 32dd630f..cfd32f5 100644
--- a/net/cert/internal/path_builder_pkits_unittest.cc
+++ b/net/cert/internal/path_builder_pkits_unittest.cc
@@ -50,7 +50,7 @@
       size_t i = certs.size() - reverse_i - 1;
 
       // Trust anchors bypass OCSP/CRL revocation checks. (The only way to
-      // revoke trust anchors is via CRLSet or the built-in SPKI blacklist).
+      // revoke trust anchors is via CRLSet or the built-in SPKI block list).
       if (reverse_i == 0 && path->last_cert_trust.IsTrustAnchor())
         continue;
 
diff --git a/net/cert/internal/path_builder_unittest.cc b/net/cert/internal/path_builder_unittest.cc
index 1a954a7..44b4d16 100644
--- a/net/cert/internal/path_builder_unittest.cc
+++ b/net/cert/internal/path_builder_unittest.cc
@@ -1258,13 +1258,13 @@
   }
 
   // Runs the path builder for the target certificate while |distrusted_cert| is
-  // blacklisted, and |delegate| if non-null.
+  // blocked, and |delegate| if non-null.
   void RunPathBuilder(const scoped_refptr<ParsedCertificate>& distrusted_cert,
                       CertPathBuilderDelegate* optional_delegate,
                       CertPathBuilder::Result* result) {
     ASSERT_EQ(3u, test_.chain.size());
 
-    // Set up the trust store such that |distrusted_cert| is blacklisted, and
+    // Set up the trust store such that |distrusted_cert| is blocked, and
     // the root is trusted (except if it was |distrusted_cert|).
     TrustStoreInMemory trust_store;
     if (distrusted_cert != test_.chain.back())
@@ -1309,7 +1309,7 @@
 
  protected:
   // Runs the path builder for the target certificate while |distrusted_cert| is
-  // blacklisted.
+  // blocked.
   void RunPathBuilderWithDistrustedCert(
       const scoped_refptr<ParsedCertificate>& distrusted_cert,
       CertPathBuilder::Result* result) {
@@ -1321,7 +1321,7 @@
 // distrusted (but the path is otherwise valid).
 TEST_F(PathBuilderDistrustTest, TargetIntermediateRoot) {
   CertPathBuilder::Result result;
-  // First do a control test -- path building without any blacklisted
+  // First do a control test -- path building without any blocked
   // certificates should work.
   RunPathBuilderWithDistrustedCert(nullptr, &result);
   {
@@ -1333,7 +1333,7 @@
       EXPECT_EQ(test_.chain[i], path.certs[i]);
   }
 
-  // Try path building when only the target is blacklisted - should fail.
+  // Try path building when only the target is blocked - should fail.
   RunPathBuilderWithDistrustedCert(test_.chain[0], &result);
   {
     EXPECT_FALSE(result.HasValidPath());
@@ -1341,14 +1341,14 @@
     const auto& best_path = result.paths[result.best_result_index];
 
     // The built chain has length 1 since path building stopped once
-    // it encountered the blacklisted certificate (target).
+    // it encountered the blocked certificate (target).
     ASSERT_EQ(1u, best_path->certs.size());
     EXPECT_EQ(best_path->certs[0], test_.chain[0]);
     EXPECT_TRUE(best_path->errors.ContainsHighSeverityErrors());
     best_path->errors.ContainsError(cert_errors::kDistrustedByTrustStore);
   }
 
-  // Try path building when only the intermediate is blacklisted - should fail.
+  // Try path building when only the intermediate is blocked - should fail.
   RunPathBuilderWithDistrustedCert(test_.chain[1], &result);
   {
     EXPECT_FALSE(result.HasValidPath());
@@ -1356,7 +1356,7 @@
     const auto& best_path = result.paths[result.best_result_index];
 
     // The built chain has length 2 since path building stopped once
-    // it encountered the blacklisted certificate (intermediate).
+    // it encountered the blocked certificate (intermediate).
     ASSERT_EQ(2u, best_path->certs.size());
     EXPECT_EQ(best_path->certs[0], test_.chain[0]);
     EXPECT_EQ(best_path->certs[1], test_.chain[1]);
@@ -1364,7 +1364,7 @@
     best_path->errors.ContainsError(cert_errors::kDistrustedByTrustStore);
   }
 
-  // Try path building when only the root is blacklisted - should fail.
+  // Try path building when only the root is blocked - should fail.
   RunPathBuilderWithDistrustedCert(test_.chain[2], &result);
   {
     EXPECT_FALSE(result.HasValidPath());
@@ -1372,7 +1372,7 @@
     const auto& best_path = result.paths[result.best_result_index];
 
     // The built chain has length 3 since path building stopped once
-    // it encountered the blacklisted certificate (root).
+    // it encountered the blocked certificate (root).
     ASSERT_EQ(3u, best_path->certs.size());
     EXPECT_EQ(best_path->certs[0], test_.chain[0]);
     EXPECT_EQ(best_path->certs[1], test_.chain[1]);
diff --git a/net/cert/internal/revocation_checker.cc b/net/cert/internal/revocation_checker.cc
index 9b444c5..1cc8f16 100644
--- a/net/cert/internal/revocation_checker.cc
+++ b/net/cert/internal/revocation_checker.cc
@@ -273,7 +273,7 @@
     size_t i = certs.size() - reverse_i - 1;
 
     // Trust anchors bypass OCSP/CRL revocation checks. (The only way to revoke
-    // trust anchors is via CRLSet or the built-in SPKI blacklist). Since
+    // trust anchors is via CRLSet or the built-in SPKI block list). Since
     // |certs| must be a validated chain, the final cert must be a trust
     // anchor.
     if (reverse_i == 0)
diff --git a/net/cert/internal/simple_path_builder_delegate.cc b/net/cert/internal/simple_path_builder_delegate.cc
index 584eeed..f5c0cbd 100644
--- a/net/cert/internal/simple_path_builder_delegate.cc
+++ b/net/cert/internal/simple_path_builder_delegate.cc
@@ -29,7 +29,6 @@
                      "Only P-256, P-384, P-521 are supported for ECDSA");
 
 bool IsAcceptableCurveForEcdsa(int curve_nid) {
-  // Whitelist default permitted named curves.
   switch (curve_nid) {
     case NID_X9_62_prime256v1:
     case NID_secp384r1:
@@ -56,7 +55,7 @@
 bool SimplePathBuilderDelegate::IsSignatureAlgorithmAcceptable(
     const SignatureAlgorithm& algorithm,
     CertErrors* errors) {
-  // Whitelist default permitted signature algorithms to:
+  // Restrict default permitted signature algorithms to:
   //
   //    RSA PKCS#1 v1.5
   //    RSASSA-PSS
diff --git a/net/cert/internal/trust_store.h b/net/cert/internal/trust_store.h
index d7acd44..fef7772 100644
--- a/net/cert/internal/trust_store.h
+++ b/net/cert/internal/trust_store.h
@@ -15,7 +15,7 @@
 namespace net {
 
 enum class CertificateTrustType {
-  // This certificate is explicitly blacklisted (distrusted).
+  // This certificate is explicitly blocked (distrusted).
   DISTRUSTED,
 
   // The trustedness of this certificate is unknown (inherits trust from
diff --git a/net/cert/internal/trust_store_mac.cc b/net/cert/internal/trust_store_mac.cc
index e1ce10c..b2bdd34 100644
--- a/net/cert/internal/trust_store_mac.cc
+++ b/net/cert/internal/trust_store_mac.cc
@@ -42,7 +42,7 @@
   UNSPECIFIED,
   // Certificate is a trust anchor.
   TRUSTED,
-  // Certificate is blacklisted / explicitly distrusted.
+  // Certificate is blocked / explicitly distrusted.
   DISTRUSTED
 };
 
diff --git a/net/cookies/cookie_monster.cc b/net/cookies/cookie_monster.cc
index 83a309d4..bf8e2ad 100644
--- a/net/cookies/cookie_monster.cc
+++ b/net/cookies/cookie_monster.cc
@@ -1715,7 +1715,7 @@
     }
   }
 
-  // The scheme didn't match any in our whitelist.
+  // The scheme didn't match any in our allowed list.
   DVLOG(net::cookie_util::kVlogPerCookieMonster)
       << "WARNING: Unsupported cookie scheme: " << url.scheme();
   return false;
diff --git a/net/data/ssl/blacklist/0d136e439f0ab6e97f3a02a540da9f0641aa554e1d66ea51ae2920d51b2f7217.pem b/net/data/ssl/blocklist/0d136e439f0ab6e97f3a02a540da9f0641aa554e1d66ea51ae2920d51b2f7217.pem
similarity index 100%
rename from net/data/ssl/blacklist/0d136e439f0ab6e97f3a02a540da9f0641aa554e1d66ea51ae2920d51b2f7217.pem
rename to net/data/ssl/blocklist/0d136e439f0ab6e97f3a02a540da9f0641aa554e1d66ea51ae2920d51b2f7217.pem
diff --git a/net/data/ssl/blacklist/0d90cd8e35209b4cefebdd62b644bed8eb55c74dddff26e75caf8ae70491f0bd.pem b/net/data/ssl/blocklist/0d90cd8e35209b4cefebdd62b644bed8eb55c74dddff26e75caf8ae70491f0bd.pem
similarity index 100%
rename from net/data/ssl/blacklist/0d90cd8e35209b4cefebdd62b644bed8eb55c74dddff26e75caf8ae70491f0bd.pem
rename to net/data/ssl/blocklist/0d90cd8e35209b4cefebdd62b644bed8eb55c74dddff26e75caf8ae70491f0bd.pem
diff --git a/net/data/ssl/blacklist/0ef7c54a3af101a2cfedb0c9f36fe8214d51a504fdc2ad1e243019cefd7d03c2.pem b/net/data/ssl/blocklist/0ef7c54a3af101a2cfedb0c9f36fe8214d51a504fdc2ad1e243019cefd7d03c2.pem
similarity index 100%
rename from net/data/ssl/blacklist/0ef7c54a3af101a2cfedb0c9f36fe8214d51a504fdc2ad1e243019cefd7d03c2.pem
rename to net/data/ssl/blocklist/0ef7c54a3af101a2cfedb0c9f36fe8214d51a504fdc2ad1e243019cefd7d03c2.pem
diff --git a/net/data/ssl/blacklist/0f912fd7be760be25afbc56bdc09cd9e5dcc9c6f6a55a778aefcb6aa30e31554.pem b/net/data/ssl/blocklist/0f912fd7be760be25afbc56bdc09cd9e5dcc9c6f6a55a778aefcb6aa30e31554.pem
similarity index 100%
rename from net/data/ssl/blacklist/0f912fd7be760be25afbc56bdc09cd9e5dcc9c6f6a55a778aefcb6aa30e31554.pem
rename to net/data/ssl/blocklist/0f912fd7be760be25afbc56bdc09cd9e5dcc9c6f6a55a778aefcb6aa30e31554.pem
diff --git a/net/data/ssl/blacklist/159ca03a88897c8f13817a212629df84ce824709492b8c9adb8e5437d2fc72be.pem b/net/data/ssl/blocklist/159ca03a88897c8f13817a212629df84ce824709492b8c9adb8e5437d2fc72be.pem
similarity index 100%
rename from net/data/ssl/blacklist/159ca03a88897c8f13817a212629df84ce824709492b8c9adb8e5437d2fc72be.pem
rename to net/data/ssl/blocklist/159ca03a88897c8f13817a212629df84ce824709492b8c9adb8e5437d2fc72be.pem
diff --git a/net/data/ssl/blacklist/1af56c98ff043ef92bebff54cebb4dd67a25ba956c817f3e6dd3c1e52eb584c1.key b/net/data/ssl/blocklist/1af56c98ff043ef92bebff54cebb4dd67a25ba956c817f3e6dd3c1e52eb584c1.key
similarity index 100%
rename from net/data/ssl/blacklist/1af56c98ff043ef92bebff54cebb4dd67a25ba956c817f3e6dd3c1e52eb584c1.key
rename to net/data/ssl/blocklist/1af56c98ff043ef92bebff54cebb4dd67a25ba956c817f3e6dd3c1e52eb584c1.key
diff --git a/net/data/ssl/blacklist/1c01c6f4dbb2fefc22558b2bca32563f49844acfc32b7be4b0ff599f9e8c7af7.pem b/net/data/ssl/blocklist/1c01c6f4dbb2fefc22558b2bca32563f49844acfc32b7be4b0ff599f9e8c7af7.pem
similarity index 100%
rename from net/data/ssl/blacklist/1c01c6f4dbb2fefc22558b2bca32563f49844acfc32b7be4b0ff599f9e8c7af7.pem
rename to net/data/ssl/blocklist/1c01c6f4dbb2fefc22558b2bca32563f49844acfc32b7be4b0ff599f9e8c7af7.pem
diff --git a/net/data/ssl/blacklist/1f17f2cbb109f01c885c94d9e74a48625ae9659665d6d7e7bc5a10332976370f.pem b/net/data/ssl/blocklist/1f17f2cbb109f01c885c94d9e74a48625ae9659665d6d7e7bc5a10332976370f.pem
similarity index 100%
rename from net/data/ssl/blacklist/1f17f2cbb109f01c885c94d9e74a48625ae9659665d6d7e7bc5a10332976370f.pem
rename to net/data/ssl/blocklist/1f17f2cbb109f01c885c94d9e74a48625ae9659665d6d7e7bc5a10332976370f.pem
diff --git a/net/data/ssl/blacklist/2740d956b1127b791aa1b3cc644a4dbedba76186a23638b95102351a834ea861.pem b/net/data/ssl/blocklist/2740d956b1127b791aa1b3cc644a4dbedba76186a23638b95102351a834ea861.pem
similarity index 100%
rename from net/data/ssl/blacklist/2740d956b1127b791aa1b3cc644a4dbedba76186a23638b95102351a834ea861.pem
rename to net/data/ssl/blocklist/2740d956b1127b791aa1b3cc644a4dbedba76186a23638b95102351a834ea861.pem
diff --git a/net/data/ssl/blacklist/294f55ef3bd7244c6ff8a68ab797e9186ec27582751a791515e3292e48372d61.pem b/net/data/ssl/blocklist/294f55ef3bd7244c6ff8a68ab797e9186ec27582751a791515e3292e48372d61.pem
similarity index 100%
rename from net/data/ssl/blacklist/294f55ef3bd7244c6ff8a68ab797e9186ec27582751a791515e3292e48372d61.pem
rename to net/data/ssl/blocklist/294f55ef3bd7244c6ff8a68ab797e9186ec27582751a791515e3292e48372d61.pem
diff --git a/net/data/ssl/blacklist/2a33f5b48176523fd3c0d854f20093417175bfd498ef354cc7f38b54adabaf1a.pem b/net/data/ssl/blocklist/2a33f5b48176523fd3c0d854f20093417175bfd498ef354cc7f38b54adabaf1a.pem
similarity index 100%
rename from net/data/ssl/blacklist/2a33f5b48176523fd3c0d854f20093417175bfd498ef354cc7f38b54adabaf1a.pem
rename to net/data/ssl/blocklist/2a33f5b48176523fd3c0d854f20093417175bfd498ef354cc7f38b54adabaf1a.pem
diff --git a/net/data/ssl/blacklist/2a3699deca1e9fd099ba45de8489e205977c9f2a5e29d5dd747381eec0744d71.pem b/net/data/ssl/blocklist/2a3699deca1e9fd099ba45de8489e205977c9f2a5e29d5dd747381eec0744d71.pem
similarity index 100%
rename from net/data/ssl/blacklist/2a3699deca1e9fd099ba45de8489e205977c9f2a5e29d5dd747381eec0744d71.pem
rename to net/data/ssl/blocklist/2a3699deca1e9fd099ba45de8489e205977c9f2a5e29d5dd747381eec0744d71.pem
diff --git a/net/data/ssl/blacklist/2a4397aafa6227fa11f9f9d76ecbb022b0a4494852c2b93fb2085c8afb19b62a.pem b/net/data/ssl/blocklist/2a4397aafa6227fa11f9f9d76ecbb022b0a4494852c2b93fb2085c8afb19b62a.pem
similarity index 100%
rename from net/data/ssl/blacklist/2a4397aafa6227fa11f9f9d76ecbb022b0a4494852c2b93fb2085c8afb19b62a.pem
rename to net/data/ssl/blocklist/2a4397aafa6227fa11f9f9d76ecbb022b0a4494852c2b93fb2085c8afb19b62a.pem
diff --git a/net/data/ssl/blacklist/2d11e736f0427fd6ba4b372755d34a0edd8d83f7e9e7f6c01b388c9b7afa850d.pem b/net/data/ssl/blocklist/2d11e736f0427fd6ba4b372755d34a0edd8d83f7e9e7f6c01b388c9b7afa850d.pem
similarity index 100%
rename from net/data/ssl/blacklist/2d11e736f0427fd6ba4b372755d34a0edd8d83f7e9e7f6c01b388c9b7afa850d.pem
rename to net/data/ssl/blocklist/2d11e736f0427fd6ba4b372755d34a0edd8d83f7e9e7f6c01b388c9b7afa850d.pem
diff --git a/net/data/ssl/blacklist/2e0f66a9f9e764c33008482058fe0d92fc0ec0b122fbe994ed7bf6463668cdd4.pem b/net/data/ssl/blocklist/2e0f66a9f9e764c33008482058fe0d92fc0ec0b122fbe994ed7bf6463668cdd4.pem
similarity index 100%
rename from net/data/ssl/blacklist/2e0f66a9f9e764c33008482058fe0d92fc0ec0b122fbe994ed7bf6463668cdd4.pem
rename to net/data/ssl/blocklist/2e0f66a9f9e764c33008482058fe0d92fc0ec0b122fbe994ed7bf6463668cdd4.pem
diff --git a/net/data/ssl/blacklist/31c8fd37db9b56e708b03d1f01848b068c6da66f36fb5d82c008c6040fa3e133.pem b/net/data/ssl/blocklist/31c8fd37db9b56e708b03d1f01848b068c6da66f36fb5d82c008c6040fa3e133.pem
similarity index 100%
rename from net/data/ssl/blacklist/31c8fd37db9b56e708b03d1f01848b068c6da66f36fb5d82c008c6040fa3e133.pem
rename to net/data/ssl/blocklist/31c8fd37db9b56e708b03d1f01848b068c6da66f36fb5d82c008c6040fa3e133.pem
diff --git a/net/data/ssl/blacklist/32ecc96f912f96d889e73088cd031c7ded2c651c805016157a23b6f32f798a3b.key b/net/data/ssl/blocklist/32ecc96f912f96d889e73088cd031c7ded2c651c805016157a23b6f32f798a3b.key
similarity index 100%
rename from net/data/ssl/blacklist/32ecc96f912f96d889e73088cd031c7ded2c651c805016157a23b6f32f798a3b.key
rename to net/data/ssl/blocklist/32ecc96f912f96d889e73088cd031c7ded2c651c805016157a23b6f32f798a3b.key
diff --git a/net/data/ssl/blacklist/372447c43185c38edd2ce0e9c853f9ac1576ddd1704c2f54d96076c089cb4227.pem b/net/data/ssl/blocklist/372447c43185c38edd2ce0e9c853f9ac1576ddd1704c2f54d96076c089cb4227.pem
similarity index 100%
rename from net/data/ssl/blacklist/372447c43185c38edd2ce0e9c853f9ac1576ddd1704c2f54d96076c089cb4227.pem
rename to net/data/ssl/blocklist/372447c43185c38edd2ce0e9c853f9ac1576ddd1704c2f54d96076c089cb4227.pem
diff --git a/net/data/ssl/blacklist/3946901f46b0071e90d78279e82fababca177231a704be72c5b0e8918566ea66.pem b/net/data/ssl/blocklist/3946901f46b0071e90d78279e82fababca177231a704be72c5b0e8918566ea66.pem
similarity index 100%
rename from net/data/ssl/blacklist/3946901f46b0071e90d78279e82fababca177231a704be72c5b0e8918566ea66.pem
rename to net/data/ssl/blocklist/3946901f46b0071e90d78279e82fababca177231a704be72c5b0e8918566ea66.pem
diff --git a/net/data/ssl/blacklist/3ab0fcc7287454c405863e3aa204fea8eb0c50a524d2a7e15524a830cd4ab0fe.pem b/net/data/ssl/blocklist/3ab0fcc7287454c405863e3aa204fea8eb0c50a524d2a7e15524a830cd4ab0fe.pem
similarity index 100%
rename from net/data/ssl/blacklist/3ab0fcc7287454c405863e3aa204fea8eb0c50a524d2a7e15524a830cd4ab0fe.pem
rename to net/data/ssl/blocklist/3ab0fcc7287454c405863e3aa204fea8eb0c50a524d2a7e15524a830cd4ab0fe.pem
diff --git a/net/data/ssl/blacklist/3d3d823fad13dfeef32da580166d4a4992bed5a22d695d12c8b08cc3463c67a2.pem b/net/data/ssl/blocklist/3d3d823fad13dfeef32da580166d4a4992bed5a22d695d12c8b08cc3463c67a2.pem
similarity index 100%
rename from net/data/ssl/blacklist/3d3d823fad13dfeef32da580166d4a4992bed5a22d695d12c8b08cc3463c67a2.pem
rename to net/data/ssl/blocklist/3d3d823fad13dfeef32da580166d4a4992bed5a22d695d12c8b08cc3463c67a2.pem
diff --git a/net/data/ssl/blacklist/3e26492e20b52de79e15766e6cb4251a1d566b0dbfb225aa7d08dda1dcebbf0a.pem b/net/data/ssl/blocklist/3e26492e20b52de79e15766e6cb4251a1d566b0dbfb225aa7d08dda1dcebbf0a.pem
similarity index 100%
rename from net/data/ssl/blacklist/3e26492e20b52de79e15766e6cb4251a1d566b0dbfb225aa7d08dda1dcebbf0a.pem
rename to net/data/ssl/blocklist/3e26492e20b52de79e15766e6cb4251a1d566b0dbfb225aa7d08dda1dcebbf0a.pem
diff --git a/net/data/ssl/blacklist/42187727be39faf667aeb92bf0cc4e268f6e2ead2cefbec575bdc90430024f69.pem b/net/data/ssl/blocklist/42187727be39faf667aeb92bf0cc4e268f6e2ead2cefbec575bdc90430024f69.pem
similarity index 100%
rename from net/data/ssl/blacklist/42187727be39faf667aeb92bf0cc4e268f6e2ead2cefbec575bdc90430024f69.pem
rename to net/data/ssl/blocklist/42187727be39faf667aeb92bf0cc4e268f6e2ead2cefbec575bdc90430024f69.pem
diff --git a/net/data/ssl/blacklist/450f1b421bb05c8609854884559c323319619e8b06b001ea2dcbb74a23aa3be2.pem b/net/data/ssl/blocklist/450f1b421bb05c8609854884559c323319619e8b06b001ea2dcbb74a23aa3be2.pem
similarity index 100%
rename from net/data/ssl/blacklist/450f1b421bb05c8609854884559c323319619e8b06b001ea2dcbb74a23aa3be2.pem
rename to net/data/ssl/blocklist/450f1b421bb05c8609854884559c323319619e8b06b001ea2dcbb74a23aa3be2.pem
diff --git a/net/data/ssl/blacklist/487afc8d0d411b2a05561a2a6f35918f4040e5570c4c73ee323cc50583bcfbb7.pem b/net/data/ssl/blocklist/487afc8d0d411b2a05561a2a6f35918f4040e5570c4c73ee323cc50583bcfbb7.pem
similarity index 100%
rename from net/data/ssl/blacklist/487afc8d0d411b2a05561a2a6f35918f4040e5570c4c73ee323cc50583bcfbb7.pem
rename to net/data/ssl/blocklist/487afc8d0d411b2a05561a2a6f35918f4040e5570c4c73ee323cc50583bcfbb7.pem
diff --git a/net/data/ssl/blacklist/4aefc3d39ef59e4d4b0304b20f53a8af2efb69edece66def74494abfc10a2d66.pem b/net/data/ssl/blocklist/4aefc3d39ef59e4d4b0304b20f53a8af2efb69edece66def74494abfc10a2d66.pem
similarity index 100%
rename from net/data/ssl/blacklist/4aefc3d39ef59e4d4b0304b20f53a8af2efb69edece66def74494abfc10a2d66.pem
rename to net/data/ssl/blocklist/4aefc3d39ef59e4d4b0304b20f53a8af2efb69edece66def74494abfc10a2d66.pem
diff --git a/net/data/ssl/blacklist/4b22d5a6aec99f3cdb79aa5ec06838479cd5ecba7164f7f22dc1d65f63d85708.pem b/net/data/ssl/blocklist/4b22d5a6aec99f3cdb79aa5ec06838479cd5ecba7164f7f22dc1d65f63d85708.pem
similarity index 100%
rename from net/data/ssl/blacklist/4b22d5a6aec99f3cdb79aa5ec06838479cd5ecba7164f7f22dc1d65f63d85708.pem
rename to net/data/ssl/blocklist/4b22d5a6aec99f3cdb79aa5ec06838479cd5ecba7164f7f22dc1d65f63d85708.pem
diff --git a/net/data/ssl/blacklist/4bf6bb839b03b72839329b4ea70bb1b2f0d07e014d9d24aa9cc596114702bee3.pem b/net/data/ssl/blocklist/4bf6bb839b03b72839329b4ea70bb1b2f0d07e014d9d24aa9cc596114702bee3.pem
similarity index 100%
rename from net/data/ssl/blacklist/4bf6bb839b03b72839329b4ea70bb1b2f0d07e014d9d24aa9cc596114702bee3.pem
rename to net/data/ssl/blocklist/4bf6bb839b03b72839329b4ea70bb1b2f0d07e014d9d24aa9cc596114702bee3.pem
diff --git a/net/data/ssl/blacklist/4fee0163686ecbd65db968e7494f55d84b25486d438e9de558d629d28cd4d176.pem b/net/data/ssl/blocklist/4fee0163686ecbd65db968e7494f55d84b25486d438e9de558d629d28cd4d176.pem
similarity index 100%
rename from net/data/ssl/blacklist/4fee0163686ecbd65db968e7494f55d84b25486d438e9de558d629d28cd4d176.pem
rename to net/data/ssl/blocklist/4fee0163686ecbd65db968e7494f55d84b25486d438e9de558d629d28cd4d176.pem
diff --git a/net/data/ssl/blacklist/53d48e7b8869a3314f213fd2e0178219ca09022dbe50053bf6f76fccd61e8112.pem b/net/data/ssl/blocklist/53d48e7b8869a3314f213fd2e0178219ca09022dbe50053bf6f76fccd61e8112.pem
similarity index 100%
rename from net/data/ssl/blacklist/53d48e7b8869a3314f213fd2e0178219ca09022dbe50053bf6f76fccd61e8112.pem
rename to net/data/ssl/blocklist/53d48e7b8869a3314f213fd2e0178219ca09022dbe50053bf6f76fccd61e8112.pem
diff --git a/net/data/ssl/blacklist/5472692abe5d02cd22eae3e0a0077f17802721d6576cde1cba2263ee803410c5.pem b/net/data/ssl/blocklist/5472692abe5d02cd22eae3e0a0077f17802721d6576cde1cba2263ee803410c5.pem
similarity index 100%
rename from net/data/ssl/blacklist/5472692abe5d02cd22eae3e0a0077f17802721d6576cde1cba2263ee803410c5.pem
rename to net/data/ssl/blocklist/5472692abe5d02cd22eae3e0a0077f17802721d6576cde1cba2263ee803410c5.pem
diff --git a/net/data/ssl/blacklist/5ccaf9f8f2bb3a0d215922eca383354b6ee3c62407ed32e30f6fb2618edeea10.pem b/net/data/ssl/blocklist/5ccaf9f8f2bb3a0d215922eca383354b6ee3c62407ed32e30f6fb2618edeea10.pem
similarity index 100%
rename from net/data/ssl/blacklist/5ccaf9f8f2bb3a0d215922eca383354b6ee3c62407ed32e30f6fb2618edeea10.pem
rename to net/data/ssl/blocklist/5ccaf9f8f2bb3a0d215922eca383354b6ee3c62407ed32e30f6fb2618edeea10.pem
diff --git a/net/data/ssl/blacklist/5e8e77aafdda2ba5ce442f27d8246650bbd6508befbeda35966a4dc7e6174edc.pem b/net/data/ssl/blocklist/5e8e77aafdda2ba5ce442f27d8246650bbd6508befbeda35966a4dc7e6174edc.pem
similarity index 100%
rename from net/data/ssl/blacklist/5e8e77aafdda2ba5ce442f27d8246650bbd6508befbeda35966a4dc7e6174edc.pem
rename to net/data/ssl/blocklist/5e8e77aafdda2ba5ce442f27d8246650bbd6508befbeda35966a4dc7e6174edc.pem
diff --git a/net/data/ssl/blacklist/60911c79835c3739432d08c45df64311e06985c5889dc5420ce3d142c8c7ef58.pem b/net/data/ssl/blocklist/60911c79835c3739432d08c45df64311e06985c5889dc5420ce3d142c8c7ef58.pem
similarity index 100%
rename from net/data/ssl/blacklist/60911c79835c3739432d08c45df64311e06985c5889dc5420ce3d142c8c7ef58.pem
rename to net/data/ssl/blocklist/60911c79835c3739432d08c45df64311e06985c5889dc5420ce3d142c8c7ef58.pem
diff --git a/net/data/ssl/blacklist/67ed4b703d15dc555f8c444b3a05a32579cb7599bd19c9babe10c584ea327ae0.pem b/net/data/ssl/blocklist/67ed4b703d15dc555f8c444b3a05a32579cb7599bd19c9babe10c584ea327ae0.pem
similarity index 100%
rename from net/data/ssl/blacklist/67ed4b703d15dc555f8c444b3a05a32579cb7599bd19c9babe10c584ea327ae0.pem
rename to net/data/ssl/blocklist/67ed4b703d15dc555f8c444b3a05a32579cb7599bd19c9babe10c584ea327ae0.pem
diff --git a/net/data/ssl/blacklist/79f69a47cfd6c4b4ceae8030d04b49f6171d3b5d6c812f58d040e586f1cb3f14.pem b/net/data/ssl/blocklist/79f69a47cfd6c4b4ceae8030d04b49f6171d3b5d6c812f58d040e586f1cb3f14.pem
similarity index 100%
rename from net/data/ssl/blacklist/79f69a47cfd6c4b4ceae8030d04b49f6171d3b5d6c812f58d040e586f1cb3f14.pem
rename to net/data/ssl/blocklist/79f69a47cfd6c4b4ceae8030d04b49f6171d3b5d6c812f58d040e586f1cb3f14.pem
diff --git a/net/data/ssl/blacklist/7abd72a323c9d179c722564f4e27a51dd4afd24006b38a40ce918b94960bcf18.pem b/net/data/ssl/blocklist/7abd72a323c9d179c722564f4e27a51dd4afd24006b38a40ce918b94960bcf18.pem
similarity index 100%
rename from net/data/ssl/blacklist/7abd72a323c9d179c722564f4e27a51dd4afd24006b38a40ce918b94960bcf18.pem
rename to net/data/ssl/blocklist/7abd72a323c9d179c722564f4e27a51dd4afd24006b38a40ce918b94960bcf18.pem
diff --git a/net/data/ssl/blacklist/7d8ce822222b90c0b14342c7a8145d1f24351f4d1a1fe0edfd312ee73fb00149.pem b/net/data/ssl/blocklist/7d8ce822222b90c0b14342c7a8145d1f24351f4d1a1fe0edfd312ee73fb00149.pem
similarity index 100%
rename from net/data/ssl/blacklist/7d8ce822222b90c0b14342c7a8145d1f24351f4d1a1fe0edfd312ee73fb00149.pem
rename to net/data/ssl/blocklist/7d8ce822222b90c0b14342c7a8145d1f24351f4d1a1fe0edfd312ee73fb00149.pem
diff --git a/net/data/ssl/blacklist/817d4e05063d5942869c47d8504dc56a5208f7569c3d6d67f3457cfe921b3e29.pem b/net/data/ssl/blocklist/817d4e05063d5942869c47d8504dc56a5208f7569c3d6d67f3457cfe921b3e29.pem
similarity index 100%
rename from net/data/ssl/blacklist/817d4e05063d5942869c47d8504dc56a5208f7569c3d6d67f3457cfe921b3e29.pem
rename to net/data/ssl/blocklist/817d4e05063d5942869c47d8504dc56a5208f7569c3d6d67f3457cfe921b3e29.pem
diff --git a/net/data/ssl/blacklist/8253da6738b60c5c0bb139c78e045428a0c841272abdcb952f95ff05ed1ab476.pem b/net/data/ssl/blocklist/8253da6738b60c5c0bb139c78e045428a0c841272abdcb952f95ff05ed1ab476.pem
similarity index 100%
rename from net/data/ssl/blacklist/8253da6738b60c5c0bb139c78e045428a0c841272abdcb952f95ff05ed1ab476.pem
rename to net/data/ssl/blocklist/8253da6738b60c5c0bb139c78e045428a0c841272abdcb952f95ff05ed1ab476.pem
diff --git a/net/data/ssl/blacklist/8290cc3fc1c3aac3239782c141ace8f88aeef4e9576a43d01867cf19d025be66.pem b/net/data/ssl/blocklist/8290cc3fc1c3aac3239782c141ace8f88aeef4e9576a43d01867cf19d025be66.pem
similarity index 100%
rename from net/data/ssl/blacklist/8290cc3fc1c3aac3239782c141ace8f88aeef4e9576a43d01867cf19d025be66.pem
rename to net/data/ssl/blocklist/8290cc3fc1c3aac3239782c141ace8f88aeef4e9576a43d01867cf19d025be66.pem
diff --git a/net/data/ssl/blacklist/83618f932d6947744d5ecca299d4b2820c01483947bd16be814e683f7436be24.pem b/net/data/ssl/blocklist/83618f932d6947744d5ecca299d4b2820c01483947bd16be814e683f7436be24.pem
similarity index 100%
rename from net/data/ssl/blacklist/83618f932d6947744d5ecca299d4b2820c01483947bd16be814e683f7436be24.pem
rename to net/data/ssl/blocklist/83618f932d6947744d5ecca299d4b2820c01483947bd16be814e683f7436be24.pem
diff --git a/net/data/ssl/blacklist/8a1bd21661c60015065212cc98b1abb50dfd14c872a208e66bae890f25c448af.pem b/net/data/ssl/blocklist/8a1bd21661c60015065212cc98b1abb50dfd14c872a208e66bae890f25c448af.pem
similarity index 100%
rename from net/data/ssl/blacklist/8a1bd21661c60015065212cc98b1abb50dfd14c872a208e66bae890f25c448af.pem
rename to net/data/ssl/blocklist/8a1bd21661c60015065212cc98b1abb50dfd14c872a208e66bae890f25c448af.pem
diff --git a/net/data/ssl/blacklist/8b45da1c06f791eb0cabf26be588f5fb23165c2e614bf885562d0dce50b29b02.pem b/net/data/ssl/blocklist/8b45da1c06f791eb0cabf26be588f5fb23165c2e614bf885562d0dce50b29b02.pem
similarity index 100%
rename from net/data/ssl/blacklist/8b45da1c06f791eb0cabf26be588f5fb23165c2e614bf885562d0dce50b29b02.pem
rename to net/data/ssl/blocklist/8b45da1c06f791eb0cabf26be588f5fb23165c2e614bf885562d0dce50b29b02.pem
diff --git a/net/data/ssl/blacklist/91e5cc32910686c5cac25c18cc805696c7b33868c280caf0c72844a2a8eb91e2.pem b/net/data/ssl/blocklist/91e5cc32910686c5cac25c18cc805696c7b33868c280caf0c72844a2a8eb91e2.pem
similarity index 100%
rename from net/data/ssl/blacklist/91e5cc32910686c5cac25c18cc805696c7b33868c280caf0c72844a2a8eb91e2.pem
rename to net/data/ssl/blocklist/91e5cc32910686c5cac25c18cc805696c7b33868c280caf0c72844a2a8eb91e2.pem
diff --git a/net/data/ssl/blacklist/933f7d8cda9f0d7c8bfd3c22bf4653f4161fd38ccdcf66b22e95a2f49c2650f8.pem b/net/data/ssl/blocklist/933f7d8cda9f0d7c8bfd3c22bf4653f4161fd38ccdcf66b22e95a2f49c2650f8.pem
similarity index 100%
rename from net/data/ssl/blacklist/933f7d8cda9f0d7c8bfd3c22bf4653f4161fd38ccdcf66b22e95a2f49c2650f8.pem
rename to net/data/ssl/blocklist/933f7d8cda9f0d7c8bfd3c22bf4653f4161fd38ccdcf66b22e95a2f49c2650f8.pem
diff --git a/net/data/ssl/blacklist/9532e8b504964331c271f3f5f10070131a08bf8ba438978ce394c34feeae246f.pem b/net/data/ssl/blocklist/9532e8b504964331c271f3f5f10070131a08bf8ba438978ce394c34feeae246f.pem
similarity index 100%
rename from net/data/ssl/blacklist/9532e8b504964331c271f3f5f10070131a08bf8ba438978ce394c34feeae246f.pem
rename to net/data/ssl/blocklist/9532e8b504964331c271f3f5f10070131a08bf8ba438978ce394c34feeae246f.pem
diff --git a/net/data/ssl/blacklist/9ed8f9b0e8e42a1656b8e1dd18f42ba42dc06fe52686173ba2fc70e756f207dc.pem b/net/data/ssl/blocklist/9ed8f9b0e8e42a1656b8e1dd18f42ba42dc06fe52686173ba2fc70e756f207dc.pem
similarity index 100%
rename from net/data/ssl/blacklist/9ed8f9b0e8e42a1656b8e1dd18f42ba42dc06fe52686173ba2fc70e756f207dc.pem
rename to net/data/ssl/blocklist/9ed8f9b0e8e42a1656b8e1dd18f42ba42dc06fe52686173ba2fc70e756f207dc.pem
diff --git a/net/data/ssl/blacklist/README.md b/net/data/ssl/blocklist/README.md
similarity index 96%
rename from net/data/ssl/blacklist/README.md
rename to net/data/ssl/blocklist/README.md
index 758b198..5de614a 100644
--- a/net/data/ssl/blacklist/README.md
+++ b/net/data/ssl/blocklist/README.md
@@ -1,7 +1,7 @@
-# Certificate Blacklist
+# Certificate Blocklist
 
 This directory contains a number of certificates and public keys which are
-considered blacklisted within Chromium-based products. 
+considered blocked within Chromium-based products. 
 
 When applicable, additional information and the full certificate or key
 are included.
@@ -19,7 +19,7 @@
 For details, see <https://security.googleblog.com/2015/03/maintaining-digital-certificate-security.html>
 
 As a result of misissuance of a sub-CA certificate, CNNIC end-entity
-certificates were temporarily whitelisted, and then trust in the root fully
+certificates were temporarily allowlisted, and then trust in the root fully
 removed.
 
   * [1c01c6f4dbb2fefc22558b2bca32563f49844acfc32b7be4b0ff599f9e8c7af7.pem](1c01c6f4dbb2fefc22558b2bca32563f49844acfc32b7be4b0ff599f9e8c7af7.pem)
@@ -139,7 +139,7 @@
 
 Device manufacturer Cyberoam used the same private key for all devices by
 default, which subsequently leaked and is included below. The associated
-public key is blacklisted.
+public key is blocked.
 
   * [1af56c98ff043ef92bebff54cebb4dd67a25ba956c817f3e6dd3c1e52eb584c1.key](1af56c98ff043ef92bebff54cebb4dd67a25ba956c817f3e6dd3c1e52eb584c1.key)
 
@@ -150,7 +150,7 @@
 
 The private keys for both the eDellRoot and DSDTestProvider certificates were
 trivially extracted, and thus their associated public keys are
-blacklisted.
+blocked.
 
   * [0f912fd7be760be25afbc56bdc09cd9e5dcc9c6f6a55a778aefcb6aa30e31554.pem](0f912fd7be760be25afbc56bdc09cd9e5dcc9c6f6a55a778aefcb6aa30e31554.pem)
   * [ec30c9c3065a06bb07dc5b1c6b497f370c1ca65c0f30c08e042ba6bcecc78f2c.pem](ec30c9c3065a06bb07dc5b1c6b497f370c1ca65c0f30c08e042ba6bcecc78f2c.pem)
@@ -182,7 +182,7 @@
 to avoid having to acquire certificates.
 
 As the private key could be used to intercept all communications to this
-domain, the associated public key was blacklisted.
+domain, the associated public key was blocked.
 
   * [f3bae5e9c0adbfbfb6dbf7e04e74be6ead3ca98a5604ffe591cea86c241848ec.pem](f3bae5e9c0adbfbfb6dbf7e04e74be6ead3ca98a5604ffe591cea86c241848ec.pem)
 
@@ -203,7 +203,7 @@
 Superfish software with an associated root certificate came preinstalled on
 Lenovo computers. The software used a single root certificate across all
 computers, and the private key was trivially extracted; thus the associated
-public key was blacklisted.
+public key was blocked.
 
   * [b6fe9151402bad1c06d7e66db67a26aa7356f2e6c644dbcf9f98968ff632e1b7.pem](b6fe9151402bad1c06d7e66db67a26aa7356f2e6c644dbcf9f98968ff632e1b7.pem)
 
@@ -214,7 +214,7 @@
 For details, see <https://bugzilla.mozilla.org/show_bug.cgi?id=1242758> and
 <https://bugzilla.mozilla.org/show_bug.cgi?id=1224104>
 
-These two intermediates were retired by DigiCert, and blacklisted for
+These two intermediates were retired by DigiCert, and blocked for
 robustness at their request.
 
   * [159ca03a88897c8f13817a212629df84ce824709492b8c9adb8e5437d2fc72be.pem](159ca03a88897c8f13817a212629df84ce824709492b8c9adb8e5437d2fc72be.pem)
@@ -229,7 +229,7 @@
 ### Hacking Team
 
 The following keys were reported as used by Hacking Team to compromise users,
-and are blacklisted for robustness.
+and are blocked for robustness.
 
   * [c4387d45364a313fbfe79812b35b815d42852ab03b06f11589638021c8f2cb44.key](c4387d45364a313fbfe79812b35b815d42852ab03b06f11589638021c8f2cb44.key)
   * [ea08c8d45d52ca593de524f0513ca6418da9859f7b08ef13ff9dd7bf612d6a37.key](ea08c8d45d52ca593de524f0513ca6418da9859f7b08ef13ff9dd7bf612d6a37.key)
@@ -249,7 +249,7 @@
 A user of live.fi was able to register a reserved email address that can be
 used to cause certificate issuance, as described in the CA/Browser Forum's
 Baseline Requirements. This was not intended by Microsoft, the operators of
-live.fi, but conformed to the Baseline Requirements. It was blacklisted for
+live.fi, but conformed to the Baseline Requirements. It was blocked for
 robustness.
 
   * [c67d722c1495be02cbf9ef1159f5ca4aa782dc832dc6aa60c9aa076a0ad1e69d.pem](c67d722c1495be02cbf9ef1159f5ca4aa782dc832dc6aa60c9aa076a0ad1e69d.pem)
@@ -273,7 +273,7 @@
 
 For details, see <https://bugzilla.mozilla.org/show_bug.cgi?id=1188582>
 
-This intermediate certificate was retired by SECOM, and blacklisted for
+This intermediate certificate was retired by SECOM, and blocked for
 robustness at their request.
 
   * [817d4e05063d5942869c47d8504dc56a5208f7569c3d6d67f3457cfe921b3e29.pem](817d4e05063d5942869c47d8504dc56a5208f7569c3d6d67f3457cfe921b3e29.pem)
@@ -283,7 +283,7 @@
 For details, see <https://bugzilla.mozilla.org/show_bug.cgi?id=966060> 
 
 These three intermediate certificates were retired by Symantec, and
-blacklisted for robustness at their request.
+blocked for robustness at their request.
 
   * [1f17f2cbb109f01c885c94d9e74a48625ae9659665d6d7e7bc5a10332976370f.pem](1f17f2cbb109f01c885c94d9e74a48625ae9659665d6d7e7bc5a10332976370f.pem)
   * [3e26492e20b52de79e15766e6cb4251a1d566b0dbfb225aa7d08dda1dcebbf0a.pem](3e26492e20b52de79e15766e6cb4251a1d566b0dbfb225aa7d08dda1dcebbf0a.pem)
@@ -293,7 +293,7 @@
 
 For details, see <https://bugzilla.mozilla.org/show_bug.cgi?id=1076940>
 
-This intermediate certificate was retired by T-Systems, and blacklisted
+This intermediate certificate was retired by T-Systems, and blocked
 for robustness at their request.
 
   * [f4a5984324de98bd979ef181a100cf940f2166173319a86a0d9d7c8fac3b0a8f.pem](f4a5984324de98bd979ef181a100cf940f2166173319a86a0d9d7c8fac3b0a8f.pem)
diff --git a/net/data/ssl/blacklist/a2e3bdaacaaf2d2e8204b3bc7eddc805d54d3ab8bdfe7bf102c035f67d8f898a.pem b/net/data/ssl/blocklist/a2e3bdaacaaf2d2e8204b3bc7eddc805d54d3ab8bdfe7bf102c035f67d8f898a.pem
similarity index 100%
rename from net/data/ssl/blacklist/a2e3bdaacaaf2d2e8204b3bc7eddc805d54d3ab8bdfe7bf102c035f67d8f898a.pem
rename to net/data/ssl/blocklist/a2e3bdaacaaf2d2e8204b3bc7eddc805d54d3ab8bdfe7bf102c035f67d8f898a.pem
diff --git a/net/data/ssl/blacklist/a686fee577c88ab664d0787ecdfff035f4806f3de418dc9e4d516324fff02083.pem b/net/data/ssl/blocklist/a686fee577c88ab664d0787ecdfff035f4806f3de418dc9e4d516324fff02083.pem
similarity index 100%
rename from net/data/ssl/blacklist/a686fee577c88ab664d0787ecdfff035f4806f3de418dc9e4d516324fff02083.pem
rename to net/data/ssl/blocklist/a686fee577c88ab664d0787ecdfff035f4806f3de418dc9e4d516324fff02083.pem
diff --git a/net/data/ssl/blacklist/a8e1dfd9cd8e470aa2f443914f931cfd61c323e94d75827affee985241c35ce5.pem b/net/data/ssl/blocklist/a8e1dfd9cd8e470aa2f443914f931cfd61c323e94d75827affee985241c35ce5.pem
similarity index 100%
rename from net/data/ssl/blacklist/a8e1dfd9cd8e470aa2f443914f931cfd61c323e94d75827affee985241c35ce5.pem
rename to net/data/ssl/blocklist/a8e1dfd9cd8e470aa2f443914f931cfd61c323e94d75827affee985241c35ce5.pem
diff --git a/net/data/ssl/blacklist/b6fe9151402bad1c06d7e66db67a26aa7356f2e6c644dbcf9f98968ff632e1b7.pem b/net/data/ssl/blocklist/b6fe9151402bad1c06d7e66db67a26aa7356f2e6c644dbcf9f98968ff632e1b7.pem
similarity index 100%
rename from net/data/ssl/blacklist/b6fe9151402bad1c06d7e66db67a26aa7356f2e6c644dbcf9f98968ff632e1b7.pem
rename to net/data/ssl/blocklist/b6fe9151402bad1c06d7e66db67a26aa7356f2e6c644dbcf9f98968ff632e1b7.pem
diff --git a/net/data/ssl/blacklist/b8686723e415534bc0dbd16326f9486f85b0b0799bf6639334e61daae67f36cd.pem b/net/data/ssl/blocklist/b8686723e415534bc0dbd16326f9486f85b0b0799bf6639334e61daae67f36cd.pem
similarity index 100%
rename from net/data/ssl/blacklist/b8686723e415534bc0dbd16326f9486f85b0b0799bf6639334e61daae67f36cd.pem
rename to net/data/ssl/blocklist/b8686723e415534bc0dbd16326f9486f85b0b0799bf6639334e61daae67f36cd.pem
diff --git a/net/data/ssl/blacklist/b8c1b957c077ea76e00b0f45bff5ae3acb696f221d2e062164fe37125e5a8d25.pem b/net/data/ssl/blocklist/b8c1b957c077ea76e00b0f45bff5ae3acb696f221d2e062164fe37125e5a8d25.pem
similarity index 100%
rename from net/data/ssl/blacklist/b8c1b957c077ea76e00b0f45bff5ae3acb696f221d2e062164fe37125e5a8d25.pem
rename to net/data/ssl/blocklist/b8c1b957c077ea76e00b0f45bff5ae3acb696f221d2e062164fe37125e5a8d25.pem
diff --git a/net/data/ssl/blacklist/be144b56fb1163c49c9a0e6b5a458df6b29f7e6449985960c178a4744624b7bc.pem b/net/data/ssl/blocklist/be144b56fb1163c49c9a0e6b5a458df6b29f7e6449985960c178a4744624b7bc.pem
similarity index 100%
rename from net/data/ssl/blacklist/be144b56fb1163c49c9a0e6b5a458df6b29f7e6449985960c178a4744624b7bc.pem
rename to net/data/ssl/blocklist/be144b56fb1163c49c9a0e6b5a458df6b29f7e6449985960c178a4744624b7bc.pem
diff --git a/net/data/ssl/blacklist/c43807a64c51a3fbde5421011698013d8b46f4e315c46186dc23aea2670cd34f.pem b/net/data/ssl/blocklist/c43807a64c51a3fbde5421011698013d8b46f4e315c46186dc23aea2670cd34f.pem
similarity index 100%
rename from net/data/ssl/blacklist/c43807a64c51a3fbde5421011698013d8b46f4e315c46186dc23aea2670cd34f.pem
rename to net/data/ssl/blocklist/c43807a64c51a3fbde5421011698013d8b46f4e315c46186dc23aea2670cd34f.pem
diff --git a/net/data/ssl/blacklist/c4387d45364a313fbfe79812b35b815d42852ab03b06f11589638021c8f2cb44.key b/net/data/ssl/blocklist/c4387d45364a313fbfe79812b35b815d42852ab03b06f11589638021c8f2cb44.key
similarity index 100%
rename from net/data/ssl/blacklist/c4387d45364a313fbfe79812b35b815d42852ab03b06f11589638021c8f2cb44.key
rename to net/data/ssl/blocklist/c4387d45364a313fbfe79812b35b815d42852ab03b06f11589638021c8f2cb44.key
diff --git a/net/data/ssl/blacklist/c67d722c1495be02cbf9ef1159f5ca4aa782dc832dc6aa60c9aa076a0ad1e69d.pem b/net/data/ssl/blocklist/c67d722c1495be02cbf9ef1159f5ca4aa782dc832dc6aa60c9aa076a0ad1e69d.pem
similarity index 100%
rename from net/data/ssl/blacklist/c67d722c1495be02cbf9ef1159f5ca4aa782dc832dc6aa60c9aa076a0ad1e69d.pem
rename to net/data/ssl/blocklist/c67d722c1495be02cbf9ef1159f5ca4aa782dc832dc6aa60c9aa076a0ad1e69d.pem
diff --git a/net/data/ssl/blacklist/c71f33c36d8efeefbed9d44e85e21cfe96b36fb0e132c52dca2415868492bf8a.pem b/net/data/ssl/blocklist/c71f33c36d8efeefbed9d44e85e21cfe96b36fb0e132c52dca2415868492bf8a.pem
similarity index 100%
rename from net/data/ssl/blacklist/c71f33c36d8efeefbed9d44e85e21cfe96b36fb0e132c52dca2415868492bf8a.pem
rename to net/data/ssl/blocklist/c71f33c36d8efeefbed9d44e85e21cfe96b36fb0e132c52dca2415868492bf8a.pem
diff --git a/net/data/ssl/blacklist/c766a9bef2d4071c863a31aa4920e813b2d198608cb7b7cfe21143b836df09ea.pem b/net/data/ssl/blocklist/c766a9bef2d4071c863a31aa4920e813b2d198608cb7b7cfe21143b836df09ea.pem
similarity index 100%
rename from net/data/ssl/blacklist/c766a9bef2d4071c863a31aa4920e813b2d198608cb7b7cfe21143b836df09ea.pem
rename to net/data/ssl/blocklist/c766a9bef2d4071c863a31aa4920e813b2d198608cb7b7cfe21143b836df09ea.pem
diff --git a/net/data/ssl/blacklist/c7ba6567de93a798ae1faa791e712d378fae1f93c4397fea441bb7cbe6fd5995.pem b/net/data/ssl/blocklist/c7ba6567de93a798ae1faa791e712d378fae1f93c4397fea441bb7cbe6fd5995.pem
similarity index 100%
rename from net/data/ssl/blacklist/c7ba6567de93a798ae1faa791e712d378fae1f93c4397fea441bb7cbe6fd5995.pem
rename to net/data/ssl/blocklist/c7ba6567de93a798ae1faa791e712d378fae1f93c4397fea441bb7cbe6fd5995.pem
diff --git a/net/data/ssl/blacklist/cb954e9d80a3e520ac71f1a84511657f2f309d172d0bb55e0ec2c236e74ff4b4.pem b/net/data/ssl/blocklist/cb954e9d80a3e520ac71f1a84511657f2f309d172d0bb55e0ec2c236e74ff4b4.pem
similarity index 100%
rename from net/data/ssl/blacklist/cb954e9d80a3e520ac71f1a84511657f2f309d172d0bb55e0ec2c236e74ff4b4.pem
rename to net/data/ssl/blocklist/cb954e9d80a3e520ac71f1a84511657f2f309d172d0bb55e0ec2c236e74ff4b4.pem
diff --git a/net/data/ssl/blacklist/d0d672c2547d574ae055d9e78a993ddbcc74044c4253fbfaca573a67d368e1db.pem b/net/data/ssl/blocklist/d0d672c2547d574ae055d9e78a993ddbcc74044c4253fbfaca573a67d368e1db.pem
similarity index 100%
rename from net/data/ssl/blacklist/d0d672c2547d574ae055d9e78a993ddbcc74044c4253fbfaca573a67d368e1db.pem
rename to net/data/ssl/blocklist/d0d672c2547d574ae055d9e78a993ddbcc74044c4253fbfaca573a67d368e1db.pem
diff --git a/net/data/ssl/blacklist/d487a56f83b07482e85e963394c1ecc2c9e51d0903ee946b02c301581ed99e16.pem b/net/data/ssl/blocklist/d487a56f83b07482e85e963394c1ecc2c9e51d0903ee946b02c301581ed99e16.pem
similarity index 100%
rename from net/data/ssl/blacklist/d487a56f83b07482e85e963394c1ecc2c9e51d0903ee946b02c301581ed99e16.pem
rename to net/data/ssl/blocklist/d487a56f83b07482e85e963394c1ecc2c9e51d0903ee946b02c301581ed99e16.pem
diff --git a/net/data/ssl/blacklist/d6f034bd94aa233f0297eca4245b283973e447aa590f310c77f48fdf83112254.pem b/net/data/ssl/blocklist/d6f034bd94aa233f0297eca4245b283973e447aa590f310c77f48fdf83112254.pem
similarity index 100%
rename from net/data/ssl/blacklist/d6f034bd94aa233f0297eca4245b283973e447aa590f310c77f48fdf83112254.pem
rename to net/data/ssl/blocklist/d6f034bd94aa233f0297eca4245b283973e447aa590f310c77f48fdf83112254.pem
diff --git a/net/data/ssl/blacklist/ddd8ab9178c99cbd9685ea4ae66dc28bfdc9a5a8a166f7f69ad0b5042ad6eb28.pem b/net/data/ssl/blocklist/ddd8ab9178c99cbd9685ea4ae66dc28bfdc9a5a8a166f7f69ad0b5042ad6eb28.pem
similarity index 100%
rename from net/data/ssl/blacklist/ddd8ab9178c99cbd9685ea4ae66dc28bfdc9a5a8a166f7f69ad0b5042ad6eb28.pem
rename to net/data/ssl/blocklist/ddd8ab9178c99cbd9685ea4ae66dc28bfdc9a5a8a166f7f69ad0b5042ad6eb28.pem
diff --git a/net/data/ssl/blacklist/e17890ee09a3fbf4f48b9c414a17d637b7a50647e9bc752322727fcc1742a911.pem b/net/data/ssl/blocklist/e17890ee09a3fbf4f48b9c414a17d637b7a50647e9bc752322727fcc1742a911.pem
similarity index 100%
rename from net/data/ssl/blacklist/e17890ee09a3fbf4f48b9c414a17d637b7a50647e9bc752322727fcc1742a911.pem
rename to net/data/ssl/blocklist/e17890ee09a3fbf4f48b9c414a17d637b7a50647e9bc752322727fcc1742a911.pem
diff --git a/net/data/ssl/blacklist/e28393773da845a679f2080cc7fb44a3b7a1c3792cb7eb7729fdcb6a8d99aea7.pem b/net/data/ssl/blocklist/e28393773da845a679f2080cc7fb44a3b7a1c3792cb7eb7729fdcb6a8d99aea7.pem
similarity index 100%
rename from net/data/ssl/blacklist/e28393773da845a679f2080cc7fb44a3b7a1c3792cb7eb7729fdcb6a8d99aea7.pem
rename to net/data/ssl/blocklist/e28393773da845a679f2080cc7fb44a3b7a1c3792cb7eb7729fdcb6a8d99aea7.pem
diff --git a/net/data/ssl/blacklist/e4f9a3235df7330255f36412bc849fb630f8519961ec3538301deb896c953da5.pem b/net/data/ssl/blocklist/e4f9a3235df7330255f36412bc849fb630f8519961ec3538301deb896c953da5.pem
similarity index 100%
rename from net/data/ssl/blacklist/e4f9a3235df7330255f36412bc849fb630f8519961ec3538301deb896c953da5.pem
rename to net/data/ssl/blocklist/e4f9a3235df7330255f36412bc849fb630f8519961ec3538301deb896c953da5.pem
diff --git a/net/data/ssl/blacklist/e54e9fc27e7350ff63a77764a40267b7e95ae5df3ed7df5336e8f8541356c845.pem b/net/data/ssl/blocklist/e54e9fc27e7350ff63a77764a40267b7e95ae5df3ed7df5336e8f8541356c845.pem
similarity index 100%
rename from net/data/ssl/blacklist/e54e9fc27e7350ff63a77764a40267b7e95ae5df3ed7df5336e8f8541356c845.pem
rename to net/data/ssl/blocklist/e54e9fc27e7350ff63a77764a40267b7e95ae5df3ed7df5336e8f8541356c845.pem
diff --git a/net/data/ssl/blacklist/e757fd60d8dd4c26f77aca6a87f63ea4d38d0b736c7f79b56cad932d4c400fb5.pem b/net/data/ssl/blocklist/e757fd60d8dd4c26f77aca6a87f63ea4d38d0b736c7f79b56cad932d4c400fb5.pem
similarity index 100%
rename from net/data/ssl/blacklist/e757fd60d8dd4c26f77aca6a87f63ea4d38d0b736c7f79b56cad932d4c400fb5.pem
rename to net/data/ssl/blocklist/e757fd60d8dd4c26f77aca6a87f63ea4d38d0b736c7f79b56cad932d4c400fb5.pem
diff --git a/net/data/ssl/blacklist/ea08c8d45d52ca593de524f0513ca6418da9859f7b08ef13ff9dd7bf612d6a37.key b/net/data/ssl/blocklist/ea08c8d45d52ca593de524f0513ca6418da9859f7b08ef13ff9dd7bf612d6a37.key
similarity index 100%
rename from net/data/ssl/blacklist/ea08c8d45d52ca593de524f0513ca6418da9859f7b08ef13ff9dd7bf612d6a37.key
rename to net/data/ssl/blocklist/ea08c8d45d52ca593de524f0513ca6418da9859f7b08ef13ff9dd7bf612d6a37.key
diff --git a/net/data/ssl/blacklist/ead610e6e90b439f2ecb51628b0932620f6ef340bd843fca38d3181b8f4ba197.pem b/net/data/ssl/blocklist/ead610e6e90b439f2ecb51628b0932620f6ef340bd843fca38d3181b8f4ba197.pem
similarity index 100%
rename from net/data/ssl/blacklist/ead610e6e90b439f2ecb51628b0932620f6ef340bd843fca38d3181b8f4ba197.pem
rename to net/data/ssl/blocklist/ead610e6e90b439f2ecb51628b0932620f6ef340bd843fca38d3181b8f4ba197.pem
diff --git a/net/data/ssl/blacklist/ec30c9c3065a06bb07dc5b1c6b497f370c1ca65c0f30c08e042ba6bcecc78f2c.pem b/net/data/ssl/blocklist/ec30c9c3065a06bb07dc5b1c6b497f370c1ca65c0f30c08e042ba6bcecc78f2c.pem
similarity index 100%
rename from net/data/ssl/blacklist/ec30c9c3065a06bb07dc5b1c6b497f370c1ca65c0f30c08e042ba6bcecc78f2c.pem
rename to net/data/ssl/blocklist/ec30c9c3065a06bb07dc5b1c6b497f370c1ca65c0f30c08e042ba6bcecc78f2c.pem
diff --git a/net/data/ssl/blacklist/f3bae5e9c0adbfbfb6dbf7e04e74be6ead3ca98a5604ffe591cea86c241848ec.pem b/net/data/ssl/blocklist/f3bae5e9c0adbfbfb6dbf7e04e74be6ead3ca98a5604ffe591cea86c241848ec.pem
similarity index 100%
rename from net/data/ssl/blacklist/f3bae5e9c0adbfbfb6dbf7e04e74be6ead3ca98a5604ffe591cea86c241848ec.pem
rename to net/data/ssl/blocklist/f3bae5e9c0adbfbfb6dbf7e04e74be6ead3ca98a5604ffe591cea86c241848ec.pem
diff --git a/net/data/ssl/blacklist/f4a5984324de98bd979ef181a100cf940f2166173319a86a0d9d7c8fac3b0a8f.pem b/net/data/ssl/blocklist/f4a5984324de98bd979ef181a100cf940f2166173319a86a0d9d7c8fac3b0a8f.pem
similarity index 100%
rename from net/data/ssl/blacklist/f4a5984324de98bd979ef181a100cf940f2166173319a86a0d9d7c8fac3b0a8f.pem
rename to net/data/ssl/blocklist/f4a5984324de98bd979ef181a100cf940f2166173319a86a0d9d7c8fac3b0a8f.pem
diff --git a/net/data/ssl/blacklist/f8a5ff189fedbfe34e21103389a68340174439ad12974a4e8d4d784d1f3a0faa.pem b/net/data/ssl/blocklist/f8a5ff189fedbfe34e21103389a68340174439ad12974a4e8d4d784d1f3a0faa.pem
similarity index 100%
rename from net/data/ssl/blacklist/f8a5ff189fedbfe34e21103389a68340174439ad12974a4e8d4d784d1f3a0faa.pem
rename to net/data/ssl/blocklist/f8a5ff189fedbfe34e21103389a68340174439ad12974a4e8d4d784d1f3a0faa.pem
diff --git a/net/data/ssl/blacklist/fa5a828c9a7e732692682e60b14c634309cbb2bb79eb12aef44318d853ee97e3.pem b/net/data/ssl/blocklist/fa5a828c9a7e732692682e60b14c634309cbb2bb79eb12aef44318d853ee97e3.pem
similarity index 100%
rename from net/data/ssl/blacklist/fa5a828c9a7e732692682e60b14c634309cbb2bb79eb12aef44318d853ee97e3.pem
rename to net/data/ssl/blocklist/fa5a828c9a7e732692682e60b14c634309cbb2bb79eb12aef44318d853ee97e3.pem
diff --git a/net/data/ssl/blacklist/fdedb5bdfcb67411513a61aee5cb5b5d7c52af06028efc996cc1b05b1d6cea2b.pem b/net/data/ssl/blocklist/fdedb5bdfcb67411513a61aee5cb5b5d7c52af06028efc996cc1b05b1d6cea2b.pem
similarity index 100%
rename from net/data/ssl/blacklist/fdedb5bdfcb67411513a61aee5cb5b5d7c52af06028efc996cc1b05b1d6cea2b.pem
rename to net/data/ssl/blocklist/fdedb5bdfcb67411513a61aee5cb5b5d7c52af06028efc996cc1b05b1d6cea2b.pem
diff --git a/net/data/ssl/name_constrained/README.md b/net/data/ssl/name_constrained/README.md
index 641183bf..335368b 100644
--- a/net/data/ssl/name_constrained/README.md
+++ b/net/data/ssl/name_constrained/README.md
@@ -1,4 +1,4 @@
-# Certificate Blacklist
+# Certificate Blocklist
 
 This directory contains a number of certificates and public keys which are to be
 treated as named-constrained during certiicate validation within Chromium-based
diff --git a/net/data/ssl/root_stores/README.md b/net/data/ssl/root_stores/README.md
index d85a6d2..6cfefadc 100644
--- a/net/data/ssl/root_stores/README.md
+++ b/net/data/ssl/root_stores/README.md
@@ -68,7 +68,7 @@
 
 Additional restrictions upon trusted CAs are maintained both within the code
 of Security.framework and through additional plist expressions, such as for
-whitelisted certificates. However, these were not consulted, as they're not
+allowlisted certificates. However, these were not consulted, as they're not
 applicable to this use case.
 
 ### Mozilla NSS
diff --git a/net/dns/BUILD.gn b/net/dns/BUILD.gn
index efca167..514dbac 100644
--- a/net/dns/BUILD.gn
+++ b/net/dns/BUILD.gn
@@ -152,7 +152,7 @@
     "//net",
   ]
 
-  # Whitelist-only access so we can keep track of all usage external to the
+  # Restricted access so we can keep track of all usage external to the
   # network stack and network service.
   friend = [
     # chromecast/browser/url_request_context_factory.cc
@@ -223,7 +223,7 @@
     "//net",
   ]
 
-  # Whitelist-only access so we can keep track of all usage external to the
+  # Restricted access so we can keep track of all usage external to the
   # network stack and network service.
   friend = [
     # chromecast/browser/url_request_context_factory.cc
@@ -268,7 +268,7 @@
     "//net",
   ]
 
-  # Whitelist-only access so we can keep track of all usage external to the
+  # Restricted access so we can keep track of all usage external to the
   # network stack.
   friend = [
     # chrome/browser/local_discovery/service_discovery_client_impl.cc
@@ -324,7 +324,7 @@
     "//net",
   ]
 
-  # Whitelist-only access so we can keep track of all usage external to the
+  # Restricted access so we can keep track of all usage external to the
   # network stack.
   friend = [
     # chrome/browser/local_discovery/service_discovery_client_mdns.h
diff --git a/net/ftp/ftp_network_transaction.cc b/net/ftp/ftp_network_transaction.cc
index 4780240..a24102f 100644
--- a/net/ftp/ftp_network_transaction.cc
+++ b/net/ftp/ftp_network_transaction.cc
@@ -697,8 +697,8 @@
       if (ip_endpoint.GetFamily() == ADDRESS_FAMILY_IPV4) {
         // Do not use EPSV for IPv4 connections. Some servers become confused
         // and we time out while waiting to connect. PASV is perfectly fine for
-        // IPv4. Note that this blacklists IPv4 not to use EPSV instead of
-        // whitelisting IPv6 to use it, to make the code more future-proof:
+        // IPv4. Note that this blocks IPv4 not to use EPSV instead of allowing
+        // IPv6 to use it, to make the code more future-proof:
         // all future protocols should just use EPSV.
         use_epsv_ = false;
       }
diff --git a/net/http/http_auth_filter.cc b/net/http/http_auth_filter.cc
index d5efb6dd..33f0eac 100644
--- a/net/http/http_auth_filter.cc
+++ b/net/http/http_auth_filter.cc
@@ -8,23 +8,20 @@
 
 namespace net {
 
-// Using a std::set<> has the benefit of removing duplicates automatically.
-typedef std::set<base::string16> RegistryWhitelist;
-
-// TODO(ahendrickson) -- Determine if we want separate whitelists for HTTP and
+// TODO(ahendrickson) -- Determine if we want separate allowlists for HTTP and
 // HTTPS, one for both, or only an HTTP one.  My understanding is that the HTTPS
 // entries in the registry mean that you are only allowed to connect to the site
 // via HTTPS and still be considered 'safe'.
 
-HttpAuthFilterWhitelist::HttpAuthFilterWhitelist(
-    const std::string& server_whitelist) {
-  SetWhitelist(server_whitelist);
+HttpAuthFilterAllowlist::HttpAuthFilterAllowlist(
+    const std::string& server_allowlist) {
+  SetAllowlist(server_allowlist);
 }
 
-HttpAuthFilterWhitelist::~HttpAuthFilterWhitelist() = default;
+HttpAuthFilterAllowlist::~HttpAuthFilterAllowlist() = default;
 
-// Add a new domain |filter| to the whitelist, if it's not already there
-bool HttpAuthFilterWhitelist::AddFilter(const std::string& filter,
+// Add a new domain |filter| to the allowlist, if it's not already there
+bool HttpAuthFilterAllowlist::AddFilter(const std::string& filter,
                                         HttpAuth::Target target) {
   if ((target != HttpAuth::AUTH_SERVER) && (target != HttpAuth::AUTH_PROXY))
     return false;
@@ -35,7 +32,7 @@
   return true;
 }
 
-bool HttpAuthFilterWhitelist::IsValid(const GURL& url,
+bool HttpAuthFilterAllowlist::IsValid(const GURL& url,
                                       HttpAuth::Target target) const {
   if ((target != HttpAuth::AUTH_SERVER) && (target != HttpAuth::AUTH_PROXY))
     return false;
@@ -45,14 +42,14 @@
   return rules_.Matches(url);
 }
 
-void HttpAuthFilterWhitelist::SetWhitelist(
-    const std::string& server_whitelist) {
+void HttpAuthFilterAllowlist::SetAllowlist(
+    const std::string& server_allowlist) {
   // TODO(eroman): Is this necessary? The issue is that
-  // HttpAuthFilterWhitelist is trying to use ProxyBypassRules as a generic
+  // HttpAuthFilterAllowlist is trying to use ProxyBypassRules as a generic
   // URL filter. However internally it has some implicit rules for localhost
   // and linklocal addresses.
   rules_.ParseFromString(ProxyBypassRules::GetRulesToSubtractImplicit() + ";" +
-                         server_whitelist);
+                         server_allowlist);
 }
 
 }  // namespace net
diff --git a/net/http/http_auth_filter.h b/net/http/http_auth_filter.h
index 4ebe897..45515fc 100644
--- a/net/http/http_auth_filter.h
+++ b/net/http/http_auth_filter.h
@@ -28,15 +28,15 @@
   virtual bool IsValid(const GURL& url, HttpAuth::Target target) const = 0;
 };
 
-// Whitelist HTTP authentication filter.
-// Explicit whitelists of domains are set via SetWhitelist().
+// Allowlist HTTP authentication filter.
+// Explicit allowlists of domains are set via SetAllowlist().
 //
-// Uses the ProxyBypassRules class to do whitelisting for servers.
+// Uses the ProxyBypassRules class to do allowlisting for servers.
 // All proxies are allowed.
-class NET_EXPORT HttpAuthFilterWhitelist : public HttpAuthFilter {
+class NET_EXPORT HttpAuthFilterAllowlist : public HttpAuthFilter {
  public:
-  explicit HttpAuthFilterWhitelist(const std::string& server_whitelist);
-  ~HttpAuthFilterWhitelist() override;
+  explicit HttpAuthFilterAllowlist(const std::string& server_allowlist);
+  ~HttpAuthFilterAllowlist() override;
 
   // Adds an individual URL |filter| to the list, of the specified |target|.
   bool AddFilter(const std::string& filter, HttpAuth::Target target);
@@ -47,15 +47,15 @@
   bool IsValid(const GURL& url, HttpAuth::Target target) const override;
 
  private:
-  // Installs the whitelist.
-  // |server_whitelist| is parsed by ProxyBypassRules.
-  void SetWhitelist(const std::string& server_whitelist);
+  // Installs the allowlist.
+  // |server_allowlist| is parsed by ProxyBypassRules.
+  void SetAllowlist(const std::string& server_allowlist);
 
   // We are using ProxyBypassRules because they have the functionality that we
   // want, but we are not using it for proxy bypass.
   ProxyBypassRules rules_;
 
-  DISALLOW_COPY_AND_ASSIGN(HttpAuthFilterWhitelist);
+  DISALLOW_COPY_AND_ASSIGN(HttpAuthFilterAllowlist);
 };
 
 }   // namespace net
diff --git a/net/http/http_auth_filter_unittest.cc b/net/http/http_auth_filter_unittest.cc
index bf72616..17f9354 100644
--- a/net/http/http_auth_filter_unittest.cc
+++ b/net/http/http_auth_filter_unittest.cc
@@ -15,16 +15,10 @@
 
 namespace {
 
-static const char* const server_whitelist_array[] = {
-  "google.com",
-  "linkedin.com",
-  "book.com",
-  ".chromium.org",
-  ".gag",
-  "gog"
-};
+static const char* const server_allowlist_array[] = {
+    "google.com", "linkedin.com", "book.com", ".chromium.org", ".gag", "gog"};
 
-enum { ALL_SERVERS_MATCH = (1 << base::size(server_whitelist_array)) - 1 };
+enum { ALL_SERVERS_MATCH = (1 << base::size(server_allowlist_array)) - 1 };
 
 struct UrlData {
   GURL url;
@@ -71,7 +65,7 @@
 
 TEST(HttpAuthFilterTest, EmptyFilter) {
   // Create an empty filter
-  HttpAuthFilterWhitelist filter((std::string()));
+  HttpAuthFilterAllowlist filter((std::string()));
   for (size_t i = 0; i < base::size(urls); i++) {
     EXPECT_EQ(urls[i].target == HttpAuth::AUTH_PROXY,
               filter.IsValid(urls[i].url, urls[i].target))
@@ -81,14 +75,14 @@
 
 TEST(HttpAuthFilterTest, NonEmptyFilter) {
   // Create an non-empty filter
-  std::string server_whitelist_filter_string;
-  for (size_t i = 0; i < base::size(server_whitelist_array); ++i) {
-    if (!server_whitelist_filter_string.empty())
-      server_whitelist_filter_string += ",";
-    server_whitelist_filter_string += "*";
-    server_whitelist_filter_string += server_whitelist_array[i];
+  std::string server_allowlist_filter_string;
+  for (size_t i = 0; i < base::size(server_allowlist_array); ++i) {
+    if (!server_allowlist_filter_string.empty())
+      server_allowlist_filter_string += ",";
+    server_allowlist_filter_string += "*";
+    server_allowlist_filter_string += server_allowlist_array[i];
   }
-  HttpAuthFilterWhitelist filter(server_whitelist_filter_string);
+  HttpAuthFilterAllowlist filter(server_allowlist_filter_string);
   for (size_t i = 0; i < base::size(urls); i++) {
     EXPECT_EQ(urls[i].matches, filter.IsValid(urls[i].url, urls[i].target))
         << " " << i << ": " << urls[i].url;
diff --git a/net/http/http_auth_handler_negotiate.cc b/net/http/http_auth_handler_negotiate.cc
index 83e8872..c9980c1 100644
--- a/net/http/http_auth_handler_negotiate.cc
+++ b/net/http/http_auth_handler_negotiate.cc
@@ -191,7 +191,7 @@
   }
   // GSSAPI does not provide a way to enter username/password to
   // obtain a TGT. If the default credentials are not allowed for
-  // a particular site (based on whitelist), fall back to a
+  // a particular site (based on allowlist), fall back to a
   // different scheme.
   if (!AllowsDefaultCredentials())
     return false;
diff --git a/net/http/http_auth_preferences.cc b/net/http/http_auth_preferences.cc
index 0672f2c..15ab440 100644
--- a/net/http/http_auth_preferences.cc
+++ b/net/http/http_auth_preferences.cc
@@ -63,20 +63,20 @@
   return DelegationType::kUnconstrained;
 }
 
-void HttpAuthPreferences::SetServerWhitelist(
-    const std::string& server_whitelist) {
-  std::unique_ptr<HttpAuthFilter> whitelist;
-  if (!server_whitelist.empty())
-    whitelist = std::make_unique<HttpAuthFilterWhitelist>(server_whitelist);
-  security_manager_->SetDefaultWhitelist(std::move(whitelist));
+void HttpAuthPreferences::SetServerAllowlist(
+    const std::string& server_allowlist) {
+  std::unique_ptr<HttpAuthFilter> allowlist;
+  if (!server_allowlist.empty())
+    allowlist = std::make_unique<HttpAuthFilterAllowlist>(server_allowlist);
+  security_manager_->SetDefaultAllowlist(std::move(allowlist));
 }
 
-void HttpAuthPreferences::SetDelegateWhitelist(
-    const std::string& delegate_whitelist) {
-  std::unique_ptr<HttpAuthFilter> whitelist;
-  if (!delegate_whitelist.empty())
-    whitelist = std::make_unique<HttpAuthFilterWhitelist>(delegate_whitelist);
-  security_manager_->SetDelegateWhitelist(std::move(whitelist));
+void HttpAuthPreferences::SetDelegateAllowlist(
+    const std::string& delegate_allowlist) {
+  std::unique_ptr<HttpAuthFilter> allowlist;
+  if (!delegate_allowlist.empty())
+    allowlist = std::make_unique<HttpAuthFilterAllowlist>(delegate_allowlist);
+  security_manager_->SetDelegateAllowlist(std::move(allowlist));
 }
 
 }  // namespace net
diff --git a/net/http/http_auth_preferences.h b/net/http/http_auth_preferences.h
index 06a30e6..8f44323 100644
--- a/net/http/http_auth_preferences.h
+++ b/net/http/http_auth_preferences.h
@@ -68,9 +68,9 @@
   }
 #endif
 
-  void SetServerWhitelist(const std::string& server_whitelist);
+  void SetServerAllowlist(const std::string& server_allowlist);
 
-  void SetDelegateWhitelist(const std::string& delegate_whitelist);
+  void SetDelegateAllowlist(const std::string& delegate_allowlist);
 
 #if defined(OS_ANDROID)
   void set_auth_android_negotiate_account_type(
diff --git a/net/http/http_auth_preferences_unittest.cc b/net/http/http_auth_preferences_unittest.cc
index 9395212..7418b13 100644
--- a/net/http/http_auth_preferences_unittest.cc
+++ b/net/http/http_auth_preferences_unittest.cc
@@ -59,11 +59,11 @@
 }
 #endif
 
-TEST(HttpAuthPreferencesTest, AuthServerWhitelist) {
+TEST(HttpAuthPreferencesTest, AuthServerAllowlist) {
   HttpAuthPreferences http_auth_preferences;
   // Check initial value
   EXPECT_FALSE(http_auth_preferences.CanUseDefaultCredentials(GURL("abc")));
-  http_auth_preferences.SetServerWhitelist("*");
+  http_auth_preferences.SetServerAllowlist("*");
   EXPECT_TRUE(http_auth_preferences.CanUseDefaultCredentials(GURL("abc")));
 }
 
@@ -74,7 +74,7 @@
   EXPECT_EQ(DelegationType::kNone,
             http_auth_preferences.GetDelegationType(GURL("abc")));
 
-  http_auth_preferences.SetDelegateWhitelist("*");
+  http_auth_preferences.SetDelegateAllowlist("*");
   EXPECT_EQ(DelegationType::kUnconstrained,
             http_auth_preferences.GetDelegationType(GURL("abc")));
 
@@ -82,7 +82,7 @@
   EXPECT_EQ(DelegationType::kByKdcPolicy,
             http_auth_preferences.GetDelegationType(GURL("abc")));
 
-  http_auth_preferences.SetDelegateWhitelist("");
+  http_auth_preferences.SetDelegateAllowlist("");
   EXPECT_EQ(DelegationType::kNone,
             http_auth_preferences.GetDelegationType(GURL("abc")));
 }
diff --git a/net/http/http_network_session.h b/net/http/http_network_session.h
index 1e2131f..0538207 100644
--- a/net/http/http_network_session.h
+++ b/net/http/http_network_session.h
@@ -140,7 +140,7 @@
     QuicParams quic_params;
 
     // If non-empty, QUIC will only be spoken to hosts in this list.
-    base::flat_set<std::string> quic_host_whitelist;
+    base::flat_set<std::string> quic_host_allowlist;
 
     // Enable HTTP/0.9 for HTTP/HTTPS on ports other than the default one for
     // each protocol.
diff --git a/net/http/http_stream_factory_job_controller.cc b/net/http/http_stream_factory_job_controller.cc
index 45a9e84..ffe8aae 100644
--- a/net/http/http_stream_factory_job_controller.cc
+++ b/net/http/http_stream_factory_job_controller.cc
@@ -1079,7 +1079,7 @@
                                                                destination))
       return alternative_service_info;
 
-    if (!IsQuicWhitelistedForHost(destination.host()))
+    if (!IsQuicAllowedForHost(destination.host()))
       continue;
 
     // Cache this entry if we don't have a non-broken Alt-Svc yet.
@@ -1233,15 +1233,15 @@
   return OK;
 }
 
-bool HttpStreamFactory::JobController::IsQuicWhitelistedForHost(
+bool HttpStreamFactory::JobController::IsQuicAllowedForHost(
     const std::string& host) {
-  const base::flat_set<std::string>& host_whitelist =
-      session_->params().quic_host_whitelist;
-  if (host_whitelist.empty())
+  const base::flat_set<std::string>& host_allowlist =
+      session_->params().quic_host_allowlist;
+  if (host_allowlist.empty())
     return true;
 
   std::string lowered_host = base::ToLowerASCII(host);
-  return base::Contains(host_whitelist, lowered_host);
+  return base::Contains(host_allowlist, lowered_host);
 }
 
 }  // namespace net
diff --git a/net/http/http_stream_factory_job_controller.h b/net/http/http_stream_factory_job_controller.h
index 783759e..d91a559 100644
--- a/net/http/http_stream_factory_job_controller.h
+++ b/net/http/http_stream_factory_job_controller.h
@@ -282,8 +282,8 @@
   // given error code is simply returned.
   int ReconsiderProxyAfterError(Job* job, int error);
 
-  // Returns true if QUIC is whitelisted for |host|.
-  bool IsQuicWhitelistedForHost(const std::string& host);
+  // Returns true if QUIC is allowed for |host|.
+  bool IsQuicAllowedForHost(const std::string& host);
 
   HttpStreamFactory* factory_;
   HttpNetworkSession* session_;
diff --git a/net/http/http_stream_factory_job_controller_unittest.cc b/net/http/http_stream_factory_job_controller_unittest.cc
index b3407f0..75356c9 100644
--- a/net/http/http_stream_factory_job_controller_unittest.cc
+++ b/net/http/http_stream_factory_job_controller_unittest.cc
@@ -2995,19 +2995,19 @@
   EXPECT_EQ(0u, alt_svc_info.advertised_versions().size());
 }
 
-// Tests that if HttpNetworkSession has a non-empty QUIC host whitelist,
+// Tests that if HttpNetworkSession has a non-empty QUIC host allowlist,
 // then GetAlternativeServiceFor() will not return any QUIC alternative service
-// that's not on the whitelist.
-TEST_F(HttpStreamFactoryJobControllerTest, QuicHostWhitelist) {
+// that's not on the allowlist.
+TEST_F(HttpStreamFactoryJobControllerTest, QuicHostAllowlist) {
   HttpRequestInfo request_info;
   request_info.method = "GET";
   request_info.url = GURL("https://www.google.com");
 
   Initialize(request_info);
 
-  // Set HttpNetworkSession's QUIC host whitelist to only have www.example.com
+  // Set HttpNetworkSession's QUIC host allowlist to only have www.example.com
   HttpNetworkSessionPeer session_peer(session_.get());
-  session_peer.params()->quic_host_whitelist.insert("www.example.com");
+  session_peer.params()->quic_host_allowlist.insert("www.example.com");
   session_peer.params()->quic_params.allow_remote_alt_svc = true;
 
   // Set alternative service for www.google.com to be www.example.com over QUIC.
diff --git a/net/http/transport_security_state_unittest.cc b/net/http/transport_security_state_unittest.cc
index 7ff717fd..2533c30 100644
--- a/net/http/transport_security_state_unittest.cc
+++ b/net/http/transport_security_state_unittest.cc
@@ -1580,7 +1580,7 @@
 
 // Tests that Certificate Transparency is required for Symantec-issued
 // certificates, unless the certificate was issued prior to 1 June 2016
-// or the issuing CA is whitelisted as independently operated.
+// or the issuing CA is permitted as independently operated.
 TEST_F(TransportSecurityStateTest, RequireCTForSymantec) {
   // Test certificates before and after the 1 June 2016 deadline.
   scoped_refptr<X509Certificate> before_cert =
diff --git a/net/http/url_security_manager.cc b/net/http/url_security_manager.cc
index 9c94243..c7cbc4c 100644
--- a/net/http/url_security_manager.cc
+++ b/net/http/url_security_manager.cc
@@ -10,35 +10,35 @@
 
 namespace net {
 
-URLSecurityManagerWhitelist::URLSecurityManagerWhitelist() = default;
+URLSecurityManagerAllowlist::URLSecurityManagerAllowlist() = default;
 
-URLSecurityManagerWhitelist::~URLSecurityManagerWhitelist() = default;
+URLSecurityManagerAllowlist::~URLSecurityManagerAllowlist() = default;
 
-bool URLSecurityManagerWhitelist::CanUseDefaultCredentials(
-    const GURL& auth_origin) const  {
-  if (whitelist_default_.get())
-    return whitelist_default_->IsValid(auth_origin, HttpAuth::AUTH_SERVER);
+bool URLSecurityManagerAllowlist::CanUseDefaultCredentials(
+    const GURL& auth_origin) const {
+  if (allowlist_default_.get())
+    return allowlist_default_->IsValid(auth_origin, HttpAuth::AUTH_SERVER);
   return false;
 }
 
-bool URLSecurityManagerWhitelist::CanDelegate(const GURL& auth_origin) const {
-  if (whitelist_delegate_.get())
-    return whitelist_delegate_->IsValid(auth_origin, HttpAuth::AUTH_SERVER);
+bool URLSecurityManagerAllowlist::CanDelegate(const GURL& auth_origin) const {
+  if (allowlist_delegate_.get())
+    return allowlist_delegate_->IsValid(auth_origin, HttpAuth::AUTH_SERVER);
   return false;
 }
 
-void URLSecurityManagerWhitelist::SetDefaultWhitelist(
-    std::unique_ptr<HttpAuthFilter> whitelist_default) {
-  whitelist_default_ = std::move(whitelist_default);
+void URLSecurityManagerAllowlist::SetDefaultAllowlist(
+    std::unique_ptr<HttpAuthFilter> allowlist_default) {
+  allowlist_default_ = std::move(allowlist_default);
 }
 
-void URLSecurityManagerWhitelist::SetDelegateWhitelist(
-    std::unique_ptr<HttpAuthFilter> whitelist_delegate) {
-  whitelist_delegate_ = std::move(whitelist_delegate);
+void URLSecurityManagerAllowlist::SetDelegateAllowlist(
+    std::unique_ptr<HttpAuthFilter> allowlist_delegate) {
+  allowlist_delegate_ = std::move(allowlist_delegate);
 }
 
-bool URLSecurityManagerWhitelist::HasDefaultWhitelist() const {
-  return whitelist_default_.get() != nullptr;
+bool URLSecurityManagerAllowlist::HasDefaultAllowlist() const {
+  return allowlist_default_.get() != nullptr;
 }
 
 }  //  namespace net
diff --git a/net/http/url_security_manager.h b/net/http/url_security_manager.h
index 8c2ef2f..83fc5e1 100644
--- a/net/http/url_security_manager.h
+++ b/net/http/url_security_manager.h
@@ -25,20 +25,20 @@
 
   // Creates a platform-dependent instance of URLSecurityManager.
   //
-  // A security manager has two whitelists, a "default whitelist" that is a
-  // whitelist of servers with which default credentials can be used, and a
-  // "delegate whitelist" that is the whitelist of servers that are allowed to
+  // A security manager has two allowlists, a "default allowlist" that is a
+  // allowlist of servers with which default credentials can be used, and a
+  // "delegate allowlist" that is the allowlist of servers that are allowed to
   // have delegated Kerberos tickets.
   //
-  // On creation both whitelists are empty.
+  // On creation both allowlists are empty.
   //
-  // If the default whitelist is empty and the platform is Windows, it indicates
+  // If the default allowlist is empty and the platform is Windows, it indicates
   // that security zone mapping should be used to determine whether default
-  // credentials should be used. If the default whitelist is empty and the
+  // credentials should be used. If the default allowlist is empty and the
   // platform is non-Windows, it indicates that no servers should be
-  // whitelisted.
+  // allowlisted.
   //
-  // If the delegate whitelist is empty no servers can have delegated Kerberos
+  // If the delegate allowlist is empty no servers can have delegated Kerberos
   // tickets.
   //
   static std::unique_ptr<URLSecurityManager> Create();
@@ -51,36 +51,36 @@
   // |auth_origin| for HTTP Negotiate authentication.
   virtual bool CanDelegate(const GURL& auth_origin) const = 0;
 
-  virtual void SetDefaultWhitelist(
-      std::unique_ptr<HttpAuthFilter> whitelist_default) = 0;
-  virtual void SetDelegateWhitelist(
-      std::unique_ptr<HttpAuthFilter> whitelist_delegate) = 0;
+  virtual void SetDefaultAllowlist(
+      std::unique_ptr<HttpAuthFilter> allowlist_default) = 0;
+  virtual void SetDelegateAllowlist(
+      std::unique_ptr<HttpAuthFilter> allowlist_delegate) = 0;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(URLSecurityManager);
 };
 
-class URLSecurityManagerWhitelist : public URLSecurityManager {
+class URLSecurityManagerAllowlist : public URLSecurityManager {
  public:
-  URLSecurityManagerWhitelist();
-  ~URLSecurityManagerWhitelist() override;
+  URLSecurityManagerAllowlist();
+  ~URLSecurityManagerAllowlist() override;
 
   // URLSecurityManager methods.
   bool CanUseDefaultCredentials(const GURL& auth_origin) const override;
   bool CanDelegate(const GURL& auth_origin) const override;
-  void SetDefaultWhitelist(
-      std::unique_ptr<HttpAuthFilter> whitelist_default) override;
-  void SetDelegateWhitelist(
-      std::unique_ptr<HttpAuthFilter> whitelist_delegate) override;
+  void SetDefaultAllowlist(
+      std::unique_ptr<HttpAuthFilter> allowlist_default) override;
+  void SetDelegateAllowlist(
+      std::unique_ptr<HttpAuthFilter> allowlist_delegate) override;
 
  protected:
-  bool HasDefaultWhitelist() const;
+  bool HasDefaultAllowlist() const;
 
  private:
-  std::unique_ptr<const HttpAuthFilter> whitelist_default_;
-  std::unique_ptr<const HttpAuthFilter> whitelist_delegate_;
+  std::unique_ptr<const HttpAuthFilter> allowlist_default_;
+  std::unique_ptr<const HttpAuthFilter> allowlist_delegate_;
 
-  DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist);
+  DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerAllowlist);
 };
 
 }  // namespace net
diff --git a/net/http/url_security_manager_posix.cc b/net/http/url_security_manager_posix.cc
index a0bc27d..c181a908 100644
--- a/net/http/url_security_manager_posix.cc
+++ b/net/http/url_security_manager_posix.cc
@@ -12,7 +12,7 @@
 
 // static
 std::unique_ptr<URLSecurityManager> URLSecurityManager::Create() {
-  return std::make_unique<URLSecurityManagerWhitelist>();
+  return std::make_unique<URLSecurityManagerAllowlist>();
 }
 
 }  //  namespace net
diff --git a/net/http/url_security_manager_unittest.cc b/net/http/url_security_manager_unittest.cc
index 97dda33..93f3118 100644
--- a/net/http/url_security_manager_unittest.cc
+++ b/net/http/url_security_manager_unittest.cc
@@ -19,16 +19,16 @@
 struct TestData {
   const char* const url;
   bool succeds_in_windows_default;
-  bool succeeds_in_whitelist;
+  bool succeeds_in_allowlist;
 };
 
-const char kTestAuthWhitelist[] = "*example.com,*foobar.com,baz";
+const char kTestAuthAllowlist[] = "*example.com,*foobar.com,baz";
 
 // Under Windows the following will be allowed by default:
 //    localhost
 //    host names without a period.
-// In Posix systems (or on Windows if a whitelist is specified explicitly),
-// everything depends on the whitelist.
+// In Posix systems (or on Windows if an allowlist is specified explicitly),
+// everything depends on the allowlist.
 const TestData kTestDataList[] = {
   { "http://localhost", true, false },
   { "http://bat", true, false },
@@ -47,12 +47,12 @@
 
 TEST(URLSecurityManager, UseDefaultCredentials) {
   std::unique_ptr<HttpAuthFilter> auth_filter(
-      new HttpAuthFilterWhitelist(kTestAuthWhitelist));
+      new HttpAuthFilterAllowlist(kTestAuthAllowlist));
   ASSERT_TRUE(auth_filter);
   // The URL security manager takes ownership of |auth_filter|.
   std::unique_ptr<URLSecurityManager> url_security_manager(
       URLSecurityManager::Create());
-  url_security_manager->SetDefaultWhitelist(std::move(auth_filter));
+  url_security_manager->SetDefaultAllowlist(std::move(auth_filter));
   ASSERT_TRUE(url_security_manager.get());
 
   for (size_t i = 0; i < base::size(kTestDataList); ++i) {
@@ -60,30 +60,30 @@
     bool can_use_default =
         url_security_manager->CanUseDefaultCredentials(gurl);
 
-    EXPECT_EQ(kTestDataList[i].succeeds_in_whitelist, can_use_default)
+    EXPECT_EQ(kTestDataList[i].succeeds_in_allowlist, can_use_default)
         << " Run: " << i << " URL: '" << gurl << "'";
   }
 }
 
 TEST(URLSecurityManager, CanDelegate) {
   std::unique_ptr<HttpAuthFilter> auth_filter(
-      new HttpAuthFilterWhitelist(kTestAuthWhitelist));
+      new HttpAuthFilterAllowlist(kTestAuthAllowlist));
   ASSERT_TRUE(auth_filter);
   // The URL security manager takes ownership of |auth_filter|.
   std::unique_ptr<URLSecurityManager> url_security_manager(
       URLSecurityManager::Create());
-  url_security_manager->SetDelegateWhitelist(std::move(auth_filter));
+  url_security_manager->SetDelegateAllowlist(std::move(auth_filter));
   ASSERT_TRUE(url_security_manager.get());
 
   for (size_t i = 0; i < base::size(kTestDataList); ++i) {
     GURL gurl(kTestDataList[i].url);
     bool can_delegate = url_security_manager->CanDelegate(gurl);
-    EXPECT_EQ(kTestDataList[i].succeeds_in_whitelist, can_delegate)
+    EXPECT_EQ(kTestDataList[i].succeeds_in_allowlist, can_delegate)
         << " Run: " << i << " URL: '" << gurl << "'";
   }
 }
 
-TEST(URLSecurityManager, CanDelegate_NoWhitelist) {
+TEST(URLSecurityManager, CanDelegate_NoAllowlist) {
   // Nothing can delegate in this case.
   std::unique_ptr<URLSecurityManager> url_security_manager(
       URLSecurityManager::Create());
@@ -96,5 +96,4 @@
   }
 }
 
-
 }  // namespace net
diff --git a/net/http/url_security_manager_win.cc b/net/http/url_security_manager_win.cc
index 3d6b0100..a2cc194 100644
--- a/net/http/url_security_manager_win.cc
+++ b/net/http/url_security_manager_win.cc
@@ -26,7 +26,7 @@
 
 namespace net {
 
-class URLSecurityManagerWin : public URLSecurityManagerWhitelist {
+class URLSecurityManagerWin : public URLSecurityManagerAllowlist {
  public:
   URLSecurityManagerWin();
   ~URLSecurityManagerWin() override;
@@ -47,8 +47,8 @@
 
 bool URLSecurityManagerWin::CanUseDefaultCredentials(
     const GURL& auth_origin) const {
-  if (HasDefaultWhitelist())
-    return URLSecurityManagerWhitelist::CanUseDefaultCredentials(auth_origin);
+  if (HasDefaultAllowlist())
+    return URLSecurityManagerAllowlist::CanUseDefaultCredentials(auth_origin);
   if (!const_cast<URLSecurityManagerWin*>(this)->EnsureSystemSecurityManager())
     return false;
 
diff --git a/net/ntlm/ntlm_client.h b/net/ntlm/ntlm_client.h
index 16f4833..622a9e9 100644
--- a/net/ntlm/ntlm_client.h
+++ b/net/ntlm/ntlm_client.h
@@ -65,7 +65,7 @@
   // optionally omit the '@domain.com' part.
   // |hostname| can be a short NetBIOS name or an FQDN, however the server will
   // only inspect this field if the default domain policy is to restrict NTLM.
-  // In this case the hostname will be compared to a whitelist stored in this
+  // In this case the hostname will be compared to an allowlist stored in this
   // group policy [1].
   // |channel_bindings| is a string supplied out of band (usually from a web
   // browser) and is a (21+sizeof(hash)) byte ASCII string, where 'hash' is
diff --git a/net/proxy_resolution/proxy_config_service_linux.h b/net/proxy_resolution/proxy_config_service_linux.h
index 963b1bcf..718732fe 100644
--- a/net/proxy_resolution/proxy_config_service_linux.h
+++ b/net/proxy_resolution/proxy_config_service_linux.h
@@ -129,7 +129,7 @@
                                std::vector<std::string>* result) = 0;
 
     // Returns true if the bypass list should be interpreted as a proxy
-    // whitelist rather than blacklist. (This is KDE-specific.)
+    // allow list rather than block list. (This is KDE-specific.)
     virtual bool BypassListIsReversed() = 0;
 
     // Returns the format to use when parsing the bypass rules list.
diff --git a/net/quic/quic_network_transaction_unittest.cc b/net/quic/quic_network_transaction_unittest.cc
index 2a24deb..745ccf5 100644
--- a/net/quic/quic_network_transaction_unittest.cc
+++ b/net/quic/quic_network_transaction_unittest.cc
@@ -6523,8 +6523,8 @@
   EXPECT_TRUE(mock_quic_data.AllWriteDataConsumed());
 }
 
-TEST_P(QuicNetworkTransactionTest, HostInWhitelist) {
-  session_params_.quic_host_whitelist.insert("mail.example.org");
+TEST_P(QuicNetworkTransactionTest, HostInAllowlist) {
+  session_params_.quic_host_allowlist.insert("mail.example.org");
 
   MockRead http_reads[] = {
       MockRead("HTTP/1.1 200 OK\r\n"), MockRead(kQuicAlternativeServiceHeader),
@@ -6565,8 +6565,8 @@
   SendRequestAndExpectQuicResponse("hello!");
 }
 
-TEST_P(QuicNetworkTransactionTest, HostNotInWhitelist) {
-  session_params_.quic_host_whitelist.insert("mail.example.com");
+TEST_P(QuicNetworkTransactionTest, HostNotInAllowlist) {
+  session_params_.quic_host_allowlist.insert("mail.example.com");
 
   MockRead http_reads[] = {
       MockRead("HTTP/1.1 200 OK\r\n"), MockRead(kQuicAlternativeServiceHeader),
diff --git a/net/quic/quic_stream_factory.cc b/net/quic/quic_stream_factory.cc
index ede94e1..5d4f04d 100644
--- a/net/quic/quic_stream_factory.cc
+++ b/net/quic/quic_stream_factory.cc
@@ -2064,10 +2064,10 @@
   if (!session_was_active)
     return;
 
-  // TODO(rch):  In the special case where the session has received no
-  // packets from the peer, we should consider blacklisting this
-  // differently so that we still race TCP but we don't consider the
-  // session connected until the handshake has been confirmed.
+  // TODO(rch):  In the special case where the session has received no packets
+  // from the peer, we should consider blocking this differently so that we
+  // still race TCP but we don't consider the session connected until the
+  // handshake has been confirmed.
   HistogramBrokenAlternateProtocolLocation(
       BROKEN_ALTERNATE_PROTOCOL_LOCATION_QUIC_STREAM_FACTORY);
 
diff --git a/net/url_request/url_request_context.h b/net/url_request/url_request_context.h
index 41663f7..77f1bbab 100644
--- a/net/url_request/url_request_context.h
+++ b/net/url_request/url_request_context.h
@@ -310,7 +310,7 @@
   }
 
  private:
-  // Whitelist legacy usage of now-deprecated CopyFrom().
+  // Allowed legacy usage of now-deprecated CopyFrom().
   friend class ::ChromeBrowserStateImplIOData;
   friend class ::ProfileImplIOData;
   friend class safe_browsing::SafeBrowsingURLRequestContextGetter;
diff --git a/net/url_request/url_request_context_unittest.cc b/net/url_request/url_request_context_unittest.cc
index c0e515a..29c5af2 100644
--- a/net/url_request/url_request_context_unittest.cc
+++ b/net/url_request/url_request_context_unittest.cc
@@ -48,7 +48,7 @@
     const std::string& dump_name = it.first;
     if (dump_name.find("net/http_network_session") != std::string::npos)
       did_dump_http_network_session = true;
-    // Match against a relaxed form of the memory dump whitelist pattern.
+    // Match against a relaxed form of the memory dump permitted pattern.
     if (base::MatchPattern(
             dump_name, "net/http_network_session_0x*/ssl_client_session_cache"))
       did_dump_ssl_client_session_cache = true;
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index 9ebd699..7ff600f 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -881,20 +881,20 @@
 };
 
 // This NetworkDelegate is picky about what files are accessible. Only
-// whitelisted files are allowed.
+// allowlisted files are allowed.
 class CookieBlockingNetworkDelegate : public TestNetworkDelegate {
  public:
   CookieBlockingNetworkDelegate() = default;
 
-  // Adds |directory| to the access white list.
-  void AddToWhitelist(const base::FilePath& directory) {
-    whitelist_.insert(directory);
+  // Adds |directory| to the access allow list.
+  void AddToAllowlist(const base::FilePath& directory) {
+    allowlist_.insert(directory);
   }
 
  private:
-  // Returns true if |path| matches the white list.
+  // Returns true if |path| matches the allow list.
   bool OnCanAccessFileInternal(const base::FilePath& path) const {
-    for (const auto& directory : whitelist_) {
+    for (const auto& directory : allowlist_) {
       if (directory == path || directory.IsParent(path))
         return true;
     }
@@ -902,7 +902,7 @@
   }
 
   // Returns true only if both |original_path| and |absolute_path| match the
-  // white list.
+  // allow list.
   bool OnCanAccessFile(const URLRequest& request,
                        const base::FilePath& original_path,
                        const base::FilePath& absolute_path) const override {
@@ -910,7 +910,7 @@
             OnCanAccessFileInternal(absolute_path));
   }
 
-  std::set<base::FilePath> whitelist_;
+  std::set<base::FilePath> allowlist_;
 
   DISALLOW_COPY_AND_ASSIGN(CookieBlockingNetworkDelegate);
 };
@@ -1151,19 +1151,19 @@
   // can be slightly different from |absolute_temp_dir| on Windows.
   // Example: C:\\Users\\CHROME~2 -> C:\\Users\\chrome-bot
   // Hence the test should use the directory name of |test_file|, rather than
-  // |absolute_temp_dir|, for whitelisting.
+  // |absolute_temp_dir|, for allowlisting.
   base::FilePath real_temp_dir = test_file.DirName();
   GURL test_file_url = FilePathToFileURL(test_file);
   {
     TestDelegate d;
     CookieBlockingNetworkDelegate network_delegate;
-    network_delegate.AddToWhitelist(real_temp_dir);
+    network_delegate.AddToAllowlist(real_temp_dir);
     default_context().set_network_delegate(&network_delegate);
     std::unique_ptr<URLRequest> r(default_context().CreateRequest(
         test_file_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
     r->Start();
     d.RunUntilComplete();
-    // This should be allowed as the file path is whitelisted.
+    // This should be allowed as the file path is allowlisted.
     EXPECT_FALSE(d.request_failed());
     EXPECT_EQ(test_data, d.data_received());
   }
@@ -1176,7 +1176,7 @@
         test_file_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
     r->Start();
     d.RunUntilComplete();
-    // This should be rejected as the file path is not whitelisted.
+    // This should be rejected as the file path is not allowlisted.
     EXPECT_TRUE(d.request_failed());
     EXPECT_EQ("", d.data_received());
     EXPECT_EQ(ERR_ACCESS_DENIED, d.request_status());
@@ -1191,7 +1191,7 @@
   base::FilePath absolute_temp_dir =
       base::MakeAbsoluteFilePath(temp_dir_.GetPath());
 
-  // Create a good directory (will be whitelisted) and a good file.
+  // Create a good directory (will be allowlisted) and a good file.
   base::FilePath good_dir = absolute_temp_dir.AppendASCII("good");
   ASSERT_TRUE(base::CreateDirectory(good_dir));
   base::FilePath good_file;
@@ -1201,7 +1201,7 @@
   // See the comment in AllowFileURLs() for why this is done.
   base::FilePath real_good_dir = good_file.DirName();
 
-  // Create a bad directory (will not be whitelisted) and a bad file.
+  // Create a bad directory (will not be allowlisted) and a bad file.
   base::FilePath bad_dir = absolute_temp_dir.AppendASCII("bad");
   ASSERT_TRUE(base::CreateDirectory(bad_dir));
   base::FilePath bad_file;
@@ -1223,7 +1223,7 @@
   GURL bad_file_url = FilePathToFileURL(bad_symlink);
 
   CookieBlockingNetworkDelegate network_delegate;
-  network_delegate.AddToWhitelist(real_good_dir);
+  network_delegate.AddToAllowlist(real_good_dir);
   {
     TestDelegate d;
     default_context().set_network_delegate(&network_delegate);
@@ -1256,11 +1256,11 @@
   base::FilePath absolute_temp_dir =
       base::MakeAbsoluteFilePath(temp_dir_.GetPath());
 
-  // Create a good directory (will be whitelisted).
+  // Create a good directory (will be allowlisted).
   base::FilePath good_dir = absolute_temp_dir.AppendASCII("good");
   ASSERT_TRUE(base::CreateDirectory(good_dir));
 
-  // Create a bad directory (will not be whitelisted).
+  // Create a bad directory (will not be allowlisted).
   base::FilePath bad_dir = absolute_temp_dir.AppendASCII("bad");
   ASSERT_TRUE(base::CreateDirectory(bad_dir));
 
@@ -1278,7 +1278,7 @@
   GURL bad_file_url = FilePathToFileURL(bad_symlink);
 
   CookieBlockingNetworkDelegate network_delegate;
-  network_delegate.AddToWhitelist(good_dir);
+  network_delegate.AddToAllowlist(good_dir);
   {
     TestDelegate d;
     default_context().set_network_delegate(&network_delegate);
@@ -7828,7 +7828,7 @@
 
 // Tests that redirection to an unsafe URL is allowed when it has been marked as
 // safe.
-TEST_F(URLRequestTestHTTP, UnsafeRedirectToWhitelistedUnsafeURL) {
+TEST_F(URLRequestTestHTTP, UnsafeRedirectToAllowedUnsafeURL) {
   ASSERT_TRUE(http_test_server()->Start());
 
   GURL unsafe_url("data:text/html,this-is-considered-an-unsafe-url");
@@ -7852,7 +7852,7 @@
 }
 
 // Tests that a redirect to a different unsafe URL is blocked, even after adding
-// some other URL to the whitelist.
+// some other URL to the allowlist.
 TEST_F(URLRequestTestHTTP, UnsafeRedirectToDifferentUnsafeURL) {
   ASSERT_TRUE(http_test_server()->Start());
 
diff --git a/services/network/network_service.cc b/services/network/network_service.cc
index c9fc62e..0b886de 100644
--- a/services/network/network_service.cc
+++ b/services/network/network_service.cc
@@ -507,10 +507,10 @@
 
 void NetworkService::ConfigureHttpAuthPrefs(
     mojom::HttpAuthDynamicParamsPtr http_auth_dynamic_params) {
-  http_auth_preferences_.SetServerWhitelist(
-      http_auth_dynamic_params->server_whitelist);
-  http_auth_preferences_.SetDelegateWhitelist(
-      http_auth_dynamic_params->delegate_whitelist);
+  http_auth_preferences_.SetServerAllowlist(
+      http_auth_dynamic_params->server_allowlist);
+  http_auth_preferences_.SetDelegateAllowlist(
+      http_auth_dynamic_params->delegate_allowlist);
   http_auth_preferences_.set_delegate_by_kdc_policy(
       http_auth_dynamic_params->delegate_by_kdc_policy);
   http_auth_preferences_.set_negotiate_disable_cname_lookup(
diff --git a/services/network/network_service_unittest.cc b/services/network/network_service_unittest.cc
index 0fbb0e9..28911ef 100644
--- a/services/network/network_service_unittest.cc
+++ b/services/network/network_service_unittest.cc
@@ -249,14 +249,14 @@
 }
 #endif  // BUILDFLAG(USE_EXTERNAL_GSSAPI)
 
-TEST_F(NetworkServiceTest, AuthServerWhitelist) {
-  // Add one server to the whitelist before creating any NetworkContexts.
+TEST_F(NetworkServiceTest, AuthServerAllowlist) {
+  // Add one server to the allowlist before creating any NetworkContexts.
   mojom::HttpAuthDynamicParamsPtr auth_params =
       mojom::HttpAuthDynamicParams::New();
-  auth_params->server_whitelist = "server1";
+  auth_params->server_allowlist = "server1";
   service()->ConfigureHttpAuthPrefs(std::move(auth_params));
 
-  // Create a network context, which should reflect the whitelist.
+  // Create a network context, which should reflect the allowlist.
   mojom::NetworkContextPtr network_context_ptr;
   NetworkContext network_context(service(),
                                  mojo::MakeRequest(&network_context_ptr),
@@ -272,10 +272,10 @@
       auth_handler_factory->http_auth_preferences()->CanUseDefaultCredentials(
           GURL("https://server2/")));
 
-  // Change whitelist to only have a different server on it. The pre-existing
+  // Change allowlist to only have a different server on it. The pre-existing
   // NetworkContext should be using the new list.
   auth_params = mojom::HttpAuthDynamicParams::New();
-  auth_params->server_whitelist = "server2";
+  auth_params->server_allowlist = "server2";
   service()->ConfigureHttpAuthPrefs(std::move(auth_params));
   EXPECT_FALSE(
       auth_handler_factory->http_auth_preferences()->CanUseDefaultCredentials(
@@ -284,10 +284,10 @@
       auth_handler_factory->http_auth_preferences()->CanUseDefaultCredentials(
           GURL("https://server2/")));
 
-  // Change whitelist to have multiple servers. The pre-existing NetworkContext
+  // Change allowlist to have multiple servers. The pre-existing NetworkContext
   // should be using the new list.
   auth_params = mojom::HttpAuthDynamicParams::New();
-  auth_params->server_whitelist = "server1,server2";
+  auth_params->server_allowlist = "server1,server2";
   service()->ConfigureHttpAuthPrefs(std::move(auth_params));
   EXPECT_TRUE(
       auth_handler_factory->http_auth_preferences()->CanUseDefaultCredentials(
@@ -297,16 +297,16 @@
           GURL("https://server2/")));
 }
 
-TEST_F(NetworkServiceTest, AuthDelegateWhitelist) {
+TEST_F(NetworkServiceTest, AuthDelegateAllowlist) {
   using DelegationType = net::HttpAuth::DelegationType;
 
-  // Add one server to the whitelist before creating any NetworkContexts.
+  // Add one server to the allowlist before creating any NetworkContexts.
   mojom::HttpAuthDynamicParamsPtr auth_params =
       mojom::HttpAuthDynamicParams::New();
-  auth_params->delegate_whitelist = "server1";
+  auth_params->delegate_allowlist = "server1";
   service()->ConfigureHttpAuthPrefs(std::move(auth_params));
 
-  // Create a network context, which should reflect the whitelist.
+  // Create a network context, which should reflect the allowlist.
   mojom::NetworkContextPtr network_context_ptr;
   NetworkContext network_context(service(),
                                  mojo::MakeRequest(&network_context_ptr),
@@ -322,20 +322,20 @@
   EXPECT_EQ(DelegationType::kNone,
             auth_prefs->GetDelegationType(GURL("https://server2/")));
 
-  // Change whitelist to only have a different server on it. The pre-existing
+  // Change allowlist to only have a different server on it. The pre-existing
   // NetworkContext should be using the new list.
   auth_params = mojom::HttpAuthDynamicParams::New();
-  auth_params->delegate_whitelist = "server2";
+  auth_params->delegate_allowlist = "server2";
   service()->ConfigureHttpAuthPrefs(std::move(auth_params));
   EXPECT_EQ(DelegationType::kNone,
             auth_prefs->GetDelegationType(GURL("https://server1/")));
   EXPECT_EQ(DelegationType::kUnconstrained,
             auth_prefs->GetDelegationType(GURL("https://server2/")));
 
-  // Change whitelist to have multiple servers. The pre-existing NetworkContext
+  // Change allowlist to have multiple servers. The pre-existing NetworkContext
   // should be using the new list.
   auth_params = mojom::HttpAuthDynamicParams::New();
-  auth_params->delegate_whitelist = "server1,server2";
+  auth_params->delegate_allowlist = "server1,server2";
   service()->ConfigureHttpAuthPrefs(std::move(auth_params));
   EXPECT_EQ(DelegationType::kUnconstrained,
             auth_prefs->GetDelegationType(GURL("https://server1/")));
@@ -356,7 +356,7 @@
   EXPECT_FALSE(
       auth_handler_factory->http_auth_preferences()->delegate_by_kdc_policy());
 
-  // Change whitelist to only have a different server on it. The pre-existing
+  // Change allowlist to only have a different server on it. The pre-existing
   // NetworkContext should be using the new list.
   mojom::HttpAuthDynamicParamsPtr auth_params =
       mojom::HttpAuthDynamicParams::New();
@@ -1045,7 +1045,7 @@
 
   uint32_t options = mojom::kURLLoadOptionSendSSLInfoWithResponse |
                      mojom::kURLLoadOptionSendSSLInfoForCertificateError;
-  // Make sure the connection loads, due to the root being whitelisted.
+  // Make sure the connection loads, due to the root being permitted.
   LoadURL(test_server.GetURL("/echo"), options);
   ASSERT_EQ(net::OK, client()->completion_status().error_code);
 
diff --git a/services/network/public/mojom/network_service.mojom b/services/network/public/mojom/network_service.mojom
index c51da43..cd3d86c 100644
--- a/services/network/public/mojom/network_service.mojom
+++ b/services/network/public/mojom/network_service.mojom
@@ -211,17 +211,17 @@
 
 // Values for configurating HTTP authentication that can be changed as needed.
 struct HttpAuthDynamicParams {
-  // Comma / semi-colon delimited whitelist of server origins which the network
+  // Comma / semi-colon delimited allowlist of server origins which the network
   // service may send the default credentials for NTLM or Negotiate
   // authentication.
-  string server_whitelist;
+  string server_allowlist;
 
-  // Comma / semi-colon delimited whitelist of server origins for which Kerberos
+  // Comma / semi-colon delimited allowlist of server origins for which Kerberos
   // delegation is allowed for NTLM or Negotiate authentication.
-  string delegate_whitelist;
+  string delegate_allowlist;
 
   // True if OK-AS-DELEGATE flag from KDC should be used to allow delegation for
-  // Negotiate authentication along with delegate_whitelist;
+  // Negotiate authentication along with delegate_allowlist;
   bool delegate_by_kdc_policy = false;
 
   // True if canonical hostnames should be resolved when using Negotiate.