Now both nsIContentPolicy and on-http-* observers are used for net request
monitoring.
Reasons:
- In many cases, nsIContentPolicy.shouldLoad is invoked twice for the same
resource, because of the speculative parsing.
- nsIContentPolicy.shouldLoad don't have information about the channel,
so it can't redirect the request, nor change its headers, however
on-http-opening-request can.
Also, local mirroring and inline-script blocking has been implemented.
vAPI.sessionId - random ID generated every time when a page loads.
Having the dialog in an iframe lowers the chance of interference with the
styling of the page, also avoids using innerHTML (AMO complaint).