You have blacklisted the below Hash values on CAS and notice that most safe webpages do not load when the CAS scans them:
SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
These values are well known SHA values of Zero Byte or empty string. This SHA can be triggered by a Webpage due to multiple reasons such as HTTP Redirects (content length 0), or an empty string field, empty string, zero byte file, webpages with empty file etc. and the presence of any of these values in the blacklist causes CAS to block them.
These zero byte instances will be present on many secure webpages & there is no rational to blacklist/block these two hash values as threats. There is no issue with CAS here, blacklisting these hashes will cause this issue due to the presence of these objects & hence these values on many webpages. You may remove these hash values from the blacklist to resolve the issue.