Based on the provided FortiSASE security log, the traffic was denied by the Web Filter with the specific message: "URL was blocked because it contained banned word(s)." The log also explicitly identifies the banned word as "fight." In Fortinet architectures, including FortiSASE and FortiOS, inspecting webpage payloads to block or exempt access based on specific words, phrases, or regular expressions is exclusively handled by the web content filter within the broader web filter profile. To restore access to the requested URL, the administrator must navigate to the active web filter configuration and adjust the content filter list by removing the word "fight" or modifying its action.

A. FortiGuard category-based filter: This feature blocks entire domains based on predefined vendor classifications (e.g., blocking all "Gambling" or "Social Media" sites), rather than parsing page payloads for specific banned vocabulary.

C. URL Filter: URL filtering explicitly allows or denies traffic based on predefined lists of URLs, domain names, or wildcards (e.g., blocking *.bbc.com/*), not by scanning the actual text content of the page for banned words.

D. inline cloud access security broker (CASB) headers: Inline CASB is used to inject or modify HTTP headers to control access to specific SaaS tenants (e.g., restricting Microsoft 365 access to a corporate domain). It does not perform banned word filtering.

Fortinet Document Library: FortiOS Administration Guide, Section: Security Profiles > Web Filter > Web content filter. (This document explains that to block or exempt web pages containing specific words or patterns, administrators must configure the web content filter block/exempt lists).

Fortinet Document Library: FortiSASE Administration Guide, Section: Security > Web Filter. (Confirms that FortiSASE inherits FortiOS web filtering mechanisms, including content filtering for banned words).