Chapter 15 Unified Threat Management for FortiOS 5.0 : Web filter : Deep Scanning Restrictions : Enable HTTPS URL Scan Only
  
Enable HTTPS URL Scan Only
When Deep Scanning is turned on traffic that is encrypted using SSL is scanned for issues just as unencrypted traffic is. However, scanning encrypted traffic puts a larger load on the resources of the FortiGate unit.
Even if the scanning of the contents of the traffic is not a requirement many administrator prefer to scan the URLs being sent over HTTPS so that users cannot bypass the blocking of access to a site by putting “https://” as a prefix to a URL. The setting restricts the deep scanning of the traffic to the URL destination which is in the header. This way the resources tied up in decrypting the traffic a are minimized, yet the administrator can still enforce policy regarding access to prohibited websites