In very specific scenarios, the whitelist feature on SWG fails to trigger and the matching policy for the client computer applies instead.
This is a limitation of the whitelisting feature. SWG whitelisting does not check embedded URLs by design.
In order for the redirect to work in the example scenario, whitelist the search engine and the target URLs.
The target URL (www.example.com) is classified as category A and B.
SWG has a matching policy where category A is set to allow and B is set to block. The Multiple Categories option within the policy is set to Restrictive: block takes precedence.
The target URL (www.example.com) is then whitelisted to create an exception so it can be accessed despite the block in place.
When typing the URL in the address bar of a web browser the site can be accessed OK, as expected.
However, if a search engine is used to lookup the target website, and if a matching add or any form of redirection to the target is used to access the website instead, the site is blocked by SWG and reported as matching Category B.
Also, report details show the blocking is done against the search engine's add URL (that usually includes the target's URL) matching Category B.