A common issue with blocking/allowing access to a site (www.example.newsite.com) is that additional domains need to be accounted for.
Let's say that you want to allow www.sfgate.com, and so you add sfgate.com to your allow list. However, after visiting the site you find that only the text is showing. When this happens, there are domains needed by the domain that are still being blocked.
If we do a HAR capture in the browser, we can see some of the domains being called out after www.sfgate.com has successfully resolved. In this capture we would see the following DNS records:
Why is this necessary?
For efficiency, almost all websites load content from other sources. This can include but is not limited to image resources, scripts, ads, social media plugins, etc. As such, your settings might be blocking some of these resources, thus preventing them from rendering in your web browser.
As such, in order to view this content, your settings need to be updated to allow for the domains. Note: If you're using Allow Only Mode, you will almost always have to take these steps.
Ways to identify the domains.
One easy way to find the domains required is to use Google Chrome's DNS prefetch tool which logs your queries.
More detailed information about the feature is available here -> http://www.chromium.org/developers/design-documents/dns-prefetching
Once the feature is turned on in your browser, you can visit the site you want to collect information about.
After the site has completely rendered (all elements are downloaded), you can enter the following into the URL bar in the browser:
Now use CTRL-F to find the domain you are looking for. I've used www.bostonglobe.com as an example.
These entries would be required in order to Allow this site to render completely:
Other methods of identifying these domains include packet captures (collected by tools such as Wireshark), collecting HAR files, or using websites such as webpagetest.org.