Block streaming-media in your URL Filtering Profile. Get there in the WebGUI > Objects > Security Profiles > URL Filtering > click on the URL Filtering profile you would like to use. URL Filtering Profile detail showing Streaming-Media being set to Block.
Create a Custom URL Category from Objects > Custom Objects > URL Category. Your Custom URL Category must include the following entries:
... this will make sure that any youtube page or content you go to is decrypted, so that the full HTTP GET can be read. Custom URL Category showing the needed domains.
Add a decryption policy of type SSL Forward Proxy, the decryption policy must be tied to your Custom URL Category in the "Service/URL Category" tab. Please see the following article about configuring SSL Decryption: How to Implement and Test SSL Decryption
Go to your URL Filtering profile, in the Allow list add the following URL's: