MRW browsing securityreaction with “security.mixed_content.block_display_content:true”.

..it’s completely useless:

    Content-Security-Policy: default-src ‘self’ ’*’ 'unsafe-inline’ 'unsafe-eval’

“I don’t know what all this IPS brou-hah-hah is about; NAT, Implicit Deny, and Good Password Hygiene is all we needed in the past.”