The proxy appliance is using more than one content filtering provider like Blue Coat and Youtube.

The policy is using "request.header.Referer.url.category" CPL object.

The user request does not match the rule that is using the CPL object mentioned above even though the request is being categorized as one of the category.

An example of policy been used:

<Proxy>
request.header.Referer.url.category=Games@YouTube Deny

Release : 6.7 and 7.x

Component : Policy

Using the example policy:

<Proxy>
request.header.Referer.url.category=Games@YouTube Deny

The policy trace below shows that it missed the rule even though the "request.header.Referer.url.category" is being categorized as "Games@Youtube".

 <Proxy>
  miss:     request.header.Referer.url.category=Games@YouTube

...

GET https://www.youtube.com/s/player/2b718ca6/player_ias.vflset/en_US/annotations_module.js
...
Referer: https://www.youtube.com/watch?v=D5VN56jQMWM
...
  request.header.Referer.url.category: none@Policy;none@IWF;Audio/Video Clips@Blue Coat;Games@YouTube; Mixed Content/Potentially Adult@Blue Coat

There is a limitation on the "request.header.Referer.url.category" CPL object where it unable to be specific on which provider that it could apply to, so in this case, the CPL object will apply to all the content filtering provider that have the "Games" category and in this case, its falls under the Youtube and Blue Coat content filter provider.
    

Use the following CPL where instead of using "Games@Youtube", just use "Games" in the rule or policy like the one below.

<Proxy>
request.header.Referer.url.category=Games Deny