Tests navigation-layer egress paths: location.assign(), location.replace(), meta http-equiv=refresh, <a ping> hyperlink auditing, window.open() variants, history.pushState() + navigate, form submissions with target=_blank, and nested browsing context navigation.

Navigation attempts that cause a top-level page transition are wrapped in a sandboxed same-origin iframe with allow-scripts allow-same-origin allow-forms allow-popups so the outer runner page survives. A CORS fetch oracle to the target domain is used to confirm whether the filter also blocks subresource access from the same origin.