You have tried to whitelist a domain via the Domain Filter in your Agent configuration, but incidents are still being reported against that domain.
For example, you have whitelisted "example.com" under Agent Configuration > Channel FIlters > Domain filter (HTTP, HTTPS):
But you are seeing incidents where the "recipient URL" matches that domain:
DLP Endpoint Agents with functioning Browser Extensions reporting "recipient" URLs to the detection engine
A non-standard port number is being used to access the website, which changes the URL being reported - and no longer matches the domain as specified in the filter.
Web traffic using standard ports (8080, 443) is reported with no port indicated in the URL reported by a browser. Thus, these domains can easily be filtered via the DLP Agent Configuration for "Domain Filters".
However, if a web application or user uses a non-standard port number of any HTTP or HTTPS website, that port number is usually reported in the browser as part of the URL, e.g., "https://example.com:9190/file-upload-folder/".
Under Agent Configuration > Channel FIlters > Domain filter (HTTP, HTTPS), enter any domains for which non-standard ports are reported in incidents using the asterisk wildcard after the top-level domain designation:
Agents updated with that configuration will now drop traffic being uploaded to that site, regardless of the port reported by the Browser Extension.