The appliance's CPU Monitor reports high CPU utilization in SSL and Cryptography and Policy evaluation - HTTP.
The high CPU usage is caused by Google Chrome sending a large volume of web request traffic to https://clients1.google.com/tbproxy/af/query?client=Google Chrome. If you stop Chrome from accessing the URL, the CPU utilization goes down.
The specific POST request URL is sent by Google Chrome's Autofill Download Manager component as seen in the source code file ("autofill_download_manager.cc") available at:
https://cs.chromium.org/chromium/src/components/autofill/core/browser/autofill_download_manager.cc?q=tbproxy&sq=package:chromium&l=88
Additionally, the Blocked web browsing per user and Default Bandwidth reports are useful.
After reviewing the access logs, if you see significant SSL traffic to https://clients1.google.com/tbproxy/af/query?client=Google%20Chrome, you can apply a policy to disable SSL interception or deny access to the URL.
Disable SSL Interception by url.domain:
<ssl-intercept>
url.domain=clients1.google.com ssl.forward_proxy(no)
<proxy>
url.domain=clients1.google.com detect_protocol(none)
This requires SSL Interception to be enabled to block the URL query path.
<proxy>
DENY url.domain=clients1.google.com url.substring="tbproxy/af"