You can run Fiddler (free tool to trace web access) to see what URL's arre called from the client while running the application.
As said, the R80 handles HTTPS sites, and mail for sure is that, when HTTPS decryption is not enabled you can add as many urls as you want, but will not be seen and therefore not allowed.
As asked before does the client get a blocked page when theytry to access a page that is not allowed?
Many urls that are used on another page that are blocked will not show a block page either.
Regards, Maarten