For
domains that you block, Prisma Access blocks the domains and users
receive a block page during the HTTP GET request (for unencrypted
websites) or HTTP Connect request (for encrypted websites), which
means that domains are blocked during the initial connection request.
When you block access to the site, user are shown a block page after
taking them through the authentication flow, and the username is
captured for further forensics and Security Operations Center (SOC)
workflows.