These ones are correctly blocked:
These ones are not blocked and end up as requests on the local machine:
These ones are blocked by CORS-RFC1918 (chrome://flags/#block-insecure-private-network-requests) but should also be blocked by Shields: