When you enabled the WAF test cookie functionality the first request a client makes to your site will have a cookie inserted a redirect sent to load the page again.
When the client returns if they have the cookie they will pass through without any interruptions. If not, they will be blocked.
For your typical user they will not even notice this happening. However, many spam bots and DoS attack tools will not accept and then return a cookie and this can cause an immediate 100% block of an attack.