Hi Aboo,
The purpose of Web Request Layer is mainly to control whether proxy can attempt to contact the server for policy evaluation or not. An example below with google.com. Rule comments are converted for ease of understanding
Web Access Layer 1:
domain=google.com DENY
Web Access Layer 2:
If response.header.Content-Type=Audio ALLOW
In this setup, when a client requests for google.com, proxy will have to contact the server to see whether there is a header of Content-Type which is having a value of "Audio". Even though the policy is set to Deny google.com and will get denied, proxy will still need to contact OCS to complete the evaluation of "response" based rule in Layer 2. This can be a concern for customer as they are noticing proxy trying to connect to a server which is denied by policy. This is where "Web Request Layer" will come into picture. This layer can be used to put restrictions on a proxy to control its attempt to reach OCS for policy evaluation also. Ref: https://support.symantec.com/en_US/article.TECH247799.html .
Due to the specific purpose of the Web Request Layer, the controls normally available on a Web Access Layer will not be found in it. Also for your understanding, a "DENY" action in a Web Request Layer is converted as "Deny access_server(no)"
Note: This layer is normally found to be used against categories related to "Malicious" type as customer will be worried to see proxy attempting connection to such known Malicious hosts only for the sake of policy evaluation.