you would not believe the number of end users who get angry that there's a firewall or website blacklist active at a company. we'll get these incensed emails from end users berating us for "blacklisting a needed site" that they "must get into ASAP" when it's clear this is the first time they've ever tried to access it.
by default, most companies with this setup work off a whitelist of allowed sites, and everything else is blocked either by policy or category. if you ever went to an internet-connected high school and tried to visit Facebook in the computer labs, you'll be familiar with what happens.
This is mostly implemented to prevent end-users from clicking on malicious links to spam or virus-laden websites. Which they do much more frequently than you'd think for "professionally trained" employees.
Just think, if Richard from accounting would stop believing his manager is giving him a $1,000 Amazon giftcard, we wouldn't be in this mess.