Block streaming-media in your URL Filtering Profile. Get there in the WebGUI > Objects > Security Profiles > URL Filtering > click on the URL Filtering profile you would like to use. URL Filtering Profile detail showing Streaming-Media being set to Block.
Create a Custom URL Category from Objects > Custom Objects > URL Category. Your Custom URL Category must include the following entries:
... this will make sure that any youtube page or content you go to is decrypted, so that the full HTTP GET can be read.
Add a decryption policy of type SSL Forward Proxy, the decryption policy must be tied to your Custom URL Category in the "Service/URL Category" tab. Please see the following article about configuring SSL Decryption: How to Implement and Test SSL Decryption
Go to your URL Filtering profile, in the Allow list add the following URL's: