To use the gnosis SafeApp, you must check for it before using other injectors, so it sits in the pageload critical path.
To check for SafeApp, the SDK races an iframe postMessage with a 300ms timeout (see https://github.com/gnosis/safe-apps-sdk/blob/master/packages/safe-apps-web3-react/src/connector.ts#L52). This should be skipped if we are not in an iframe, and there should be an immediate, deterministic way to tell if we are in a SafeApp.