Since some websites use several subdomains that are classified under various FortiGuard categories, access to the site will also require exempting each subdomain. 

The easiest approach is to use the browser developer tools and see which sub-domains are used by a specific website. 

Press Ctrl+Shift+I and open the Developer Tools of a browser like Chrome on the desktop and switch to the network tab. Examine what is taking time and which requests are not completing. Errors also can be checked from the Console tab. 

Web filters are applied in this specific order: 

1. URL Filter.
2. FortiGuard Web Filter (also called Category Block).
3. Content Filter (Web Content Filter).
4. Script Filter (filters for Java applets, ActiveX controls, and cookies, CLI config only).
5. Antivirus scanning.

Consider an example where the user attempts to access Pinterest.com.

Website -  pinterest.com 

Category - General Interest – Personal 

Sub Category - Social Networking 

If the Social Networking sub-category under the General Interest –> Personal category is blocked in the Web filter profile, Pinterest.com will not be accessible: it will be blocked.

Similarly, in the logs, Pinterest.com website is getting denied due to the UTM block.

Even if  *.pinterest.*  is allowed in Static URL with the Exempt action, the website only loads partially. Images do not load.

It is possible to check if other URLs are required for the web page to load on the browser's Developer tools as shown below. 

In the logs, the underlying website pinimg.com is getting denied as pinimg.com also belongs to the Social Networking sub-category under General Interest –> Personal category. 

Solution:

In the Static URL filter, add *.pinimg.* with the Exempt action. This modification will allow images to load for the Pinterest.com website.

In the logs, *.pinimg.com is allowed.

Related article: 

Troubleshooting Tip: The website is accessible but not fully rendering all elements when web filter ...