I believe you need to conduct layer 7 programming.
TLS-HOST programming is also a new tool that may help curb https access to such sites.
http://www.mikrotik.co.id/artikel_lihat.php?id=282 (need to translate)
Best to research this and then come back with specific questions.
Did you simply want to detect users going to sites or block access to sites.
It may be easier just to detect and then remove users from access to the router......... BIG STICK approach.
Use a fine approach. First offense, lose access for a day, reinstated for $25
Second offense 5 days, reinstate for $50
Third offense one month, $100 ......... etc .
As another poster in another thread wisely stated............
{pe1chi}
"You will have to understand that there are different agendas here, and the large and powerful companies are working to make it unrealistic to block their services while the small connectivity providers want to block things they don't see as useful or they feel are overloading their limited connections.
There are many topics about this on the forum, and everywhere you see the "solutions" that fail to achieve their goal (blocking) but in the meantime have undesired effects like blocking of unrelated services and overloading the router.
Unless you have unlimited amount of time and a good budget, you better not try to achieve your bandwidth limiting objectives by "blocking youtube". It is a lost race.
And when you need to "block facebook" e.g. because your employees are spending their worktime on their phones instead of on their job,
you better use other methods to achieve better productivity. Blocking isn't going to work well and it will need continuous maintenance and attention."