Ah ha. A clue!
You may be right...since the documentation is a separate web page, it's possible that your tech setup isn't blocking the page, per se, but doesn't like the way the connection is being made to the documentation page since it's essentially a being pulled from a different website with a different domain - code.org v. studio.code.org. This might align with behavior of suspicious activity under some strict rules, or something.
This is interesting. I'll ask our engineers about it too. Thanks for investigating.