Question:
Which policies should I create?

Answer:
The default values for this plugin are a good start and in most cases you just need to define some additional policies. Just make sure not to weaken the policies by enabling unsafe-inline etc. Try finding the secure way to do these things.

1. Record what you use: https://addons.mozilla.org/en-US/firefox/addon/laboratory-by-mozilla/
2. Generate full list: https://www.cspisawesome.com/
3. Set it up with this plugin
4. Validate if it works: http://securityheaders.com/