Renderer initiated navigations from non instant process should not fall into instant.

content/public/browser/content_browser_client.h

Index: content/public/browser/content_browser_client.h
diff --git a/content/public/browser/content_browser_client.h b/content/public/browser/content_browser_client.h
index a226872008462384ac043d373f648cff462bd0c8..c7fe00095eb69e338bc575553d6f6db1e7fd65a2 100644
--- a/content/public/browser/content_browser_client.h
+++ b/content/public/browser/content_browser_client.h
@@ -139,6 +139,22 @@ class CONTENT_EXPORT ContentBrowserClient {
   // Notifies that a BrowserChildProcessHost has been created.
   virtual void BrowserChildProcessHostCreated(BrowserChildProcessHost* host) {}
 
+  // Determines whether a navigation from |current_instance| to |url| would be a
+  // valid entry point to a "privileged site," based on whether it
+  // |is_renderer_initiated|. A privileged site requires careful process
+  // isolation to ensure its privileges do not leak, and it can only be entered
+  // via known navigation paths.
+  //
+  // If this is a valid entry to a privileged site, this function should rewrite
+  // the origin of |url| with a non-http(s) origin that represents the
+  // privileged site. This will distinguish the resulting SiteInstance from
+  // other SiteInstances in the process model.
+  virtual GURL GetPossiblyPrivilegedURL(
+      content::BrowserContext* browser_context,
+      const GURL& url,
+      bool is_renderer_initiated,
+      SiteInstance* current_instance);
+
   // Get the effective URL for the given actual URL, to allow an embedder to
   // group different url schemes in the same SiteInstance.
   virtual GURL GetEffectiveURL(BrowserContext* browser_context,