It appears certain post requests / Facebook traffic is not being routed via WSS and therefore not forwarded to DLP cloud. The issue is intermittent and does not occur on all DCs.

The traffic does not show in WSS reporting or policy trace.

Therefore the traffic is evading DLP cloud controls to block post requests over a certain size.

WSS Agent

'Allow HTTP/3' setting enabled will send HTTP/3 traffic direct to the OCS from the customer network, bypassing the WSS tunnel. 

Chrome 

'Allow HTTP/3' setting enabled will send HTTP/3 traffic direct to the OCS from the customer network, bypassing the WSS tunnel. 

HTTP/3 also referred to as QUIC is over the UDP protocol and therefore is not being inspected by WSS at the moment.

If you want to ensure that traffic is inspected by WSS, forwarded on to DLP cloud disable the 'Allow HTTP/3' control which would revert that traffic to TCP and be routed via WSS proxy.