There are several things that XG does "under the hood" including at times header injection.  However generic header injection configurable by user is not supported.

With v17, YouTube restricted mode is enabled whenever Enforce SafeSearch is enabled.  We use the DNS method described here, so that it works even if HTTPS is not decrypted.

https://support.google.com/a/answer/6214622?hl=en

That is unfortunate as I need to be able to do thin in order to block access to consumer Google accounts while still allowing people to access their corporate Google accounts as outlined here:

https://support.google.com/a/answer/1668854?hl=en

I need to be able to enable YouTube restricted mode selectively for some users and not others. 

Is this possible in XG?

lukg said:

I need to be able to enable YouTube restricted mode selectively for some users and not others. 

Is this possible in XG?

 

lukg said:

I need to be able to enable YouTube restricted mode selectively for some users and not others. 

Is this possible in XG?

 

At Sophos ideas -  "Restrict YouTube via HTTP Header for some user groups" - has 12 votes so far but it seems to be on the road map for v17. I hope the roadmap  didn't miss the "for some user groups"

https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/13618821-restrict-youtube-via-http-header-for-some-user-gro

If would be good to see what is on the road map for v17 in some detail.

There is another idea to implement separate general option to enable or disable YouTube restricted mode: