diff --git a/devfront/src/features/clients/ClientGeneralPage.tsx b/devfront/src/features/clients/ClientGeneralPage.tsx
index 18ba1210..752aa731 100644
--- a/devfront/src/features/clients/ClientGeneralPage.tsx
+++ b/devfront/src/features/clients/ClientGeneralPage.tsx
@@ -976,7 +976,7 @@ function ClientGeneralPage() {
                     >
                       {t(
                         "ui.dev.clients.general.security.trusted_rp_enable",
-                        "Trusted RP (자체 로그인 UI 사용)",
+                        "Headless Login (자체 로그인 UI 사용)",
                       )}
                     </Label>
                     <p className="text-[10px] text-muted-foreground">
@@ -998,7 +998,7 @@ function ClientGeneralPage() {
         </CardContent>
       </Card>
 
-      {/* 4. Public Key Registration (Trusted RP) */}
+      {/* 4. Public Key Registration (Headless Login) */}
       {clientType === "pkce" && headlessLoginEnabled && (
         <Card className="glass-panel border-primary/20">
           <CardHeader className="pb-3">
@@ -1013,7 +1013,7 @@ function ClientGeneralPage() {
                 <CardDescription>
                   {t(
                     "msg.dev.clients.general.public_key.subtitle",
-                    "Trusted RP 판정에 필요한 공개키와 headless login 관련 설정을 관리합니다.",
+                    "Headless Login 판정에 필요한 공개키와 관련 설정을 관리합니다.",
                   )}
                 </CardDescription>
               </div>
diff --git a/devfront/src/locales/en.toml b/devfront/src/locales/en.toml
index 74fa2cf2..600a137b 100644
--- a/devfront/src/locales/en.toml
+++ b/devfront/src/locales/en.toml
@@ -390,12 +390,12 @@ subtitle = "Define the permission scopes this application can request."
 private_help = "Server side App: For apps that can safely store a client secret, such as Node.js or Java servers."
 pkce_help = "PKCE App (SPA/Mobile): For apps that cannot safely store a client secret. PKCE is mandatory."
 subtitle = "Select application type. Security level determines authentication method."
-trusted_help = "Operate as a trusted RP using private_key_jwt and public key registration. Headless login is only available for this profile."
+trusted_help = "Operate as Headless Login using private_key_jwt and public key registration. Headless login is only available for this profile."
 
 [msg.dev.clients.general.public_key]
 auth_method_client_secret_basic_help = "Standard authentication method for server-side applications."
 auth_method_none_help = "Use this for PKCE-based public clients."
-auth_method_private_key_jwt_help = "Signed key-based client authentication recommended for trusted RP bootstrap and JAR verification."
+auth_method_private_key_jwt_help = "Signed key-based client authentication recommended for Headless Login bootstrap and JAR verification."
 guide_example = "Recommended example: https://rp.example.com/.well-known/jwks.json"
 guide_intro = "A JWKS URI is not created by Baron. It is the URL where the RP backend exposes its public key."
 guide_step_1 = "Generate a key pair on the RP server and keep the private key only in the RP backend."
@@ -406,7 +406,7 @@ jwks_inline_help = "Prefer the SSH-RSA public key format first. If you paste an
 jwks_uri_help = "Enter the public key endpoint URL exposed by the RP backend. Example: https://rp.example.com/.well-known/jwks.json"
 request_object_alg_help = "Specify the JAR (Request Object) signing algorithm used for headless login."
 source_help = "Register the JWKS URI served by the RP so Baron can verify the public key."
-subtitle = "Manage the public key and headless login settings required for trusted RP evaluation."
+subtitle = "Manage the public key and headless login settings required for Headless Login evaluation."
 
 [msg.dev.clients.general.public_key.validation]
 headless_requires_alg = "Headless login requires a Request Object Signing Algorithm."
@@ -1392,9 +1392,9 @@ delete = "Delete"
 [ui.dev.clients.general.security]
 private = "Server Side App"
 pkce = "PKCE"
-trusted = "Trusted RP"
+trusted = "Headless Login"
 title = "Security Settings"
-trusted_rp_enable = "Trusted RP (Custom Login UI)"
+trusted_rp_enable = "Headless Login (Custom Login UI)"
 trusted_rp_enable_help = "Enable this if you want to implement your own login screen within the app instead of using the Baron SSO login page."
 
 [ui.dev.clients.general.public_key]
diff --git a/devfront/src/locales/ko.toml b/devfront/src/locales/ko.toml
index 55d174e6..bc1670c7 100644
--- a/devfront/src/locales/ko.toml
+++ b/devfront/src/locales/ko.toml
@@ -390,12 +390,12 @@ subtitle = "이 앱이 요청할 수 있는 권한 범위를 정의합니다."
 pkce_help = "PKCE 앱 (SPA/모바일): 브라우저나 앱처럼 비밀키를 보관하기 어려운 경우 사용하며, PKCE가 강제됩니다."
 private_help = "Server side App (서버 사이드 앱): Node.js, Java 등 비밀키를 안전하게 보관 가능한 경우 사용합니다."
 subtitle = "앱 유형을 선택하세요. 보안 수준에 따라 인증 방식이 달라집니다."
-trusted_help = "private_key_jwt와 공개키 등록을 사용해 trusted RP로 운영합니다.\nHeadless Login은 이 프로필에서만 사용할 수 있습니다."
+trusted_help = "private_key_jwt와 공개키 등록을 사용해 Headless Login으로 운영합니다.\nHeadless Login은 이 프로필에서만 사용할 수 있습니다."
 
 [msg.dev.clients.general.public_key]
 auth_method_client_secret_basic_help = "일반적인 서버 사이드 앱 인증 방식입니다."
 auth_method_none_help = "PKCE 기반 public client에 사용하는 방식입니다."
-auth_method_private_key_jwt_help = "Trusted RP bootstrap과 JAR 검증에 필요한 서명 키 기반 인증 방식입니다."
+auth_method_private_key_jwt_help = "Headless Login bootstrap과 JAR 검증에 필요한 서명 키 기반 인증 방식입니다."
 guide_example = "권장 예시: https://rp.example.com/.well-known/jwks.json"
 guide_intro = "JWKS URI는 Baron이 만드는 값이 아니라 RP backend가 공개키를 노출하는 URL입니다."
 guide_step_1 = "RP 서버에서 key pair를 생성하고 private key는 RP backend에만 보관합니다."
@@ -406,7 +406,7 @@ jwks_inline_help = "SSH-RSA 공개키 형식을 우선 권장합니다. 'ssh-rsa
 jwks_uri_help = "RP backend가 제공하는 공개키 endpoint URL을 입력하세요. 예: https://rp.example.com/.well-known/jwks.json"
 request_object_alg_help = "Headless Login을 사용할 때 JAR(Request Object) 서명 알고리즘을 명시합니다."
 source_help = "애플리케이션의 공개키(SSH-RSA)를 직접 등록하거나, 운영 환경이라면 JWKS URI를 통해 자동으로 검증할 수 있습니다."
-subtitle = "Trusted RP 판정에 필요한 공개키와 headless login 관련 설정을 관리합니다."
+subtitle = "Headless Login 판정에 필요한 공개키와 관련 설정을 관리합니다."
 
 [msg.dev.clients.general.public_key.validation]
 headless_requires_alg = "Headless Login을 사용하려면 Request Object Signing Algorithm을 입력해야 합니다."
@@ -1393,7 +1393,7 @@ delete = "삭제"
 private = "Server side App"
 pkce = "PKCE"
 title = "보안 설정"
-trusted_rp_enable = "Trusted RP (자체 로그인 UI 사용)"
+trusted_rp_enable = "Headless Login (자체 로그인 UI 사용)"
 trusted_rp_enable_help = "Baron SSO 로그인 창을 거치지 않고 애플리케이션 내의 자체 로그인 화면을 직접 구현하고 싶은 경우 활성화합니다."
 
 
diff --git a/devfront/tests/devfront-clients-lifecycle.spec.ts b/devfront/tests/devfront-clients-lifecycle.spec.ts
index 689df680..31af52f1 100644
--- a/devfront/tests/devfront-clients-lifecycle.spec.ts
+++ b/devfront/tests/devfront-clients-lifecycle.spec.ts
@@ -123,7 +123,7 @@ test.describe("DevFront clients lifecycle", () => {
     ).toHaveValue(/https:\/\/after\.example\.com\/callback/);
   });
 
-  test("pkce trusted rp with inline ssh-rsa key should persist mapped payload", async ({
+  test("pkce headless login with inline ssh-rsa key should persist mapped payload", async ({
     page,
   }) => {
     const state = {
@@ -139,7 +139,7 @@ test.describe("DevFront clients lifecycle", () => {
 
     await page
       .getByRole("switch", {
-        name: /Trusted RP \(자체 로그인 UI 사용\)|Trusted RP \(Custom Login UI\)/i,
+        name: /Headless Login \(자체 로그인 UI 사용\)|Headless Login \(Custom Login UI\)/i,
       })
       .click();