The Security Level is the preferred user-friendly method to configure your security and anonymity, and out of the three options, two are relevant to your question:
Standard
Safer
Standard has all browser and website features enabled for maximum compatibility, while Safer changes these settings:
JavaScript is disabled on non-HTTPS sites.
Some fonts and math symbols are disabled.
Audio and video (HTML5 media), and WebGL are click-to-play.
Focusing on only the first point out of these three, this makes your question easy to answer:
On websites that serve mixed content, use Standard.
On websites that only use HTTPS/HSTS, use Safer.
No, (temporarily) whitelisting domains only means one thing: trusting its code.
It is not. Additionally, editing about:config can lead to deanonymization.