Once the domain is onboarded the WAF goes into application profiling period where it learns the application, and web attacks are not blocked during this period, it is on detection mode only, this period is required by the WAF to learn the application and reduce the false-positives and to better protect against non-signature-based attacks.