we have configured a json profile and applied to a bunch of URLs that have been provided to us from the application team. My question here is - what if they missed any of the URLs that use Json? What happens in that case if the policy is in transparent OR blocking mode?
You can allocate a JSON profile to the wildcard URL (*) and use the Content-Type header accordingly.
To answer the question of what will happen. If you have a URL that is passing data in JSON format and do not have a profile applied, you will get blocks for like Illegal Parameters. However when you look at them you will see that in fact it is not a parameter but rather JSON formatted data that is not being parsed correctly because there is no profile attached.