I re-read a lot of documentation and made some tests. My conclusion is that there's no technical way to show a clear block page to the user with current browsers.
I can quote ufdbguard documentation:
5.7 Redirection of HTTPS-based URLs
Squid requires that HTTP-based URLS are redirected to other HTTP-based URLs and that HTTPS-
based URLS are redirected to other HTTPS-based URLs. This causes a problem since most web
browsers do not accept a redirection of a HTTPS-based URL. There is no solution for this issue: the
standards of HTTP, ICAP and web proxies do not have support for such feature. Basically, this means
that blocked HTTPS-based sites cause unexpected browser-generated error messages like “cannot
connect to www.example.com” or “www.example.com does not have a valid SSL certificate”.
You can read chapter 3.1 (https://www.urlfilterdb.com/files/downloads/ReferenceManual.pdf).
In 6.8 we used a different redirector (squidGuard) which is not https aware and no longer compatible with newest squid versions.
We may find a different redirector, but I think that's a protocol and browser issue, we have no control over them.
I appreciate your opinions and experiences with different products.