So I just checked Firefox Send and no it's not because of restricted domains. My bad for not properly looking into it at first.
It's actually what maxoku suggested. Because Send uses end-to-end encryption what is actually downloaded is an encrypted "blob" which then gets decrypted via JavaScript and then is served as a download. So it's not like a regular download that has a URL and an HTTP request. DLG detects downloads through interpreting requests.
I have looked into this issue briefly before because Mega also uses this format for downloading and it didn't seem possible because there's no request and no URL. The file is created inside JavaScript code and is lost the moment you click 'cancel' or 'ok'.
I'll look into it some more now that Firefox Send is also using this but I'm pretty sure it's impossible. It's actually "designed" to be impossible to intercept in order to make sure the end-to-end encryption is secure.