What exact traffic can the Filter Provider Extension intercept?

I've been testing this for a while and also getting controversial information from internet. Some people says the Filter Providers can only get traffics initiated from a webkit, while others suggest they can get all network traffic through the device.

Here's a code snippet of my test filter data provider extension and some detailed questions.

     override func handleNewFlow(_ flow: NEFilterFlow) -> NEFilterNewFlowVerdict {
          return .filterDataVerdict(withFilterInbound: true, peekInboundBytes: Int.max, filterOutbound: true, peekOutboundBytes: Int.max)
     }

     overrdie func handleInboundData(from flow: NEFilterFlow, readBytesStartOffset offset: Int, readBytes: Data) -> NEFilterDataVerdict {
          return NEFilterDataVerdict(passBytes: offset + readBytes.count, peekBytes: Int.max)
     }

     override func handleOutboundData(from flow: NEFilterFlow, readBytesStartOffset offset: Int, readBytes: Data) -> NEFilterDataVerdict {
          return NEFilterDataVerdict(passBytes: offset + readBytes.count, peekBytes: Int.max)
     }

     override func handleInboundDataComplete(for flow: NEFilterFlow) -> NEFilterDataVerdict {
          return .allow()
     }

     override func handleOutboundDataComplete(for flow: NEFilterFlow) -> NEFilterDataVerdict {
          return .allow()
     }

1. My own test program can only get the web traffic, from browsers and from embedded webkits. It cannot get the traffic if I send an email from the Mail app or if I watch a streaming from Youtube app, or even if I access an HTTP server via URLSession & URLRequest in my own app. Is this expected?

2. If the filter can only get traffic from browsers and webkits I'd expect every flow is a NEFilterBrowserFlow. So where does the NEFilterSocketFlow come into play? Web sockets?

3. Also how can I trigger handleOutboundData()? My expectation is that if there is any data in my HTTP request like if I'm posting some form data or uploading something I should be able to monitor these data via handleOutboutData() API. But I've never triggered this function in my filter provider extension.

4. I'm also seeing some strange inconsistencies in some websites' login post requests. My filter provider can intercept some websites' login post requests, but cannot do it with some others'. E.g. I cannot intercept the post request when signing in to account.google.com (I confirmed in an HTTP proxy tool that the browser is indeed sending out a POST request, but it does not trigger hendleNewFlow()).

Thanks.