Check the file extension requested in the raw HTTP request if your WAF reports a URL Access Violation.

If the request ends in '.js.map' it likely means a user has opened the developer tools in the browser (Chrome DevTools) whilst visiting your site.

When DevTools renders JavaScript in the Sources view, it will request a dot map URL for the selected JavaScript file, which may generate a WAF alert.

Unfortunately, some WAF vendors flagged this event as high severity. As a signal in isolation, consider this "background noise".