diff --git a/core/server/monitor.js b/core/server/monitor.js
index 209dc6d42a..b7d854b257 100644
--- a/core/server/monitor.js
+++ b/core/server/monitor.js
@@ -20,12 +20,12 @@ function setRoutes({ rateLimit }, { server, metricInstance }) {
   const ipRateLimit = new RateLimit({
     // Exclude IPs for GitHub Camo, determined experimentally by running e.g.
     // `curl --insecure -u ":shields-secret" https://s0.shields-server.com/sys/rate-limit`
-    whitelist: /^(?:192\.30\.252\.\d+)|(?:140\.82\.115\.\d+)$/,
+    safelist: /^(?:192\.30\.252\.\d+)|(?:140\.82\.115\.\d+)$/,
   })
   const badgeTypeRateLimit = new RateLimit({ maxHitsPerPeriod: 3000 })
   const refererRateLimit = new RateLimit({
     maxHitsPerPeriod: 300,
-    whitelist: /^https?:\/\/shields\.io\/$/,
+    safelist: /^https?:\/\/shields\.io\/$/,
   })
 
   server.handle((req, res, next) => {
diff --git a/core/server/rate-limit.js b/core/server/rate-limit.js
index a3378d0901..9d9f5a6fc6 100644
--- a/core/server/rate-limit.js
+++ b/core/server/rate-limit.js
@@ -10,7 +10,7 @@ module.exports = class RateLimit {
     this.maxHitsPerPeriod = options.maxHitsPerPeriod || 500
     this.banned = new Set()
     this.bannedUrls = new Set()
-    this.whitelist = options.whitelist || /(?!)/ // Matches nothing by default.
+    this.safelist = options.safelist || /(?!)/ // Matches nothing by default.
     this.interval = setInterval(this.resetHits.bind(this), this.period * 1000)
   }
 
@@ -29,7 +29,7 @@ module.exports = class RateLimit {
     const hitsInCurrentPeriod = this.hits.get(reqParam) || 0
     if (
       reqParam != null &&
-      !this.whitelist.test(reqParam) &&
+      !this.safelist.test(reqParam) &&
       hitsInCurrentPeriod > this.maxHitsPerPeriod
     ) {
       this.banned.add(reqParam)