NOTE: This page is a recollection of what I've written previously. I do not guarantee it's accuracy.
The first thing this
DocumentLoader does upon receiving these signals is to cancel any requests after a page has been unloaded, fetches info for security checks and headers, possibly find another frame in the frame tree to hand the load off to, considers opening a new window, and considers just scrolling the page instead before handing off to the next method.
Which then determines a history entry to write into and determines iframe sandboxing rules, for the subsequent method to perform the additional security checks, does some performance logging for WebInspector, considers just scrolling the page again, and checks with the UI for permission and adjustments (e.g. for “new tab” gestures).
Once that check succeeds it stops all in-progress loads, registers to be notified of updates, takes a fast path for tab history, and possibly notifies the UI of any attached textual form data (e.g. to store website credentials, or handle POST forms from internal pages).
Once that check succeeds it hands the task off onto the
DocumentLoader which performs more intensive security checks specified by HTTP or HTML, notifies various parties of any progress, and dispatches to the HTTP, Service Worker, or app manifest caches. The HTTP cache in turn dispatches to the network sandbox, or for custom URI schemes the UI process, to actually fetch the page.
The requests in the network sandbox can be translated into a download whenever the UI wants by telling it to save any data it receives to disk and notify a different party of any progress.