Yeah do some research on how proxy works in general, then do some research how squid is setup in pfsense. Then implement that how you want to.. Its not something that you get from a "snap" ;)
You prob have a less bumpy right just forcing all your clients to use pfsense as dns - and then making sure that pfsense does not resolve domain.tld.. This can be done via host overrides, domain overrides sent to nowhere. Or a package like pfblocker that allows you to blacklist stuff.
Proxy would allow you more control where you could allow say url domain.tld/work - but block say domain.tld/game... But this gets more complicated with https, as you can only use domain.tld and not any paths in the url for filtering. And the proxy would for sure have to be explicit and not transparent, etc. etc.
To be honest trying to filter content is always going to be a wack-a-mole game that users find ways around.. It normally works fine when your just blocking them from stuff they don't really want to get to... Say bad malware sites and the such, or ad domains, etc. But when you try and block them getting to where they actually want to go - they will find ways around your blocks.. Can pretty much promise you that ;)