My WAF is reporting a URL Access Violation.
WAF meets MAP
Check the file extension requested in the raw HTTP request if your WAF reports a URL Access Violation.
If the request ends in '.js.map' it likely means a user has opened the developer tools in the browser (Chrome DevTools) whilst visiting your site.
When DevTools renders JavaScript in the Sources view, it will request a dot map URL for the selected JavaScript file, which may generate a WAF alert.
Unfortunately, some WAF vendors flagged this event as high severity. As a signal in isolation, consider this "background noise".