ASM - enforcing rules for DCV parameters

Assume i have no interaction with the webdeveloper, i am confused how to get parameters secured in a web app in the most efficient way.

 

I woud think to these best practices:

 

1. If i see a parameter in just 1 URL, i define it as URL? more than 2 URLs, Global?
2. When do I use Navigation parameters?
3. If i see a parameter with multiple values in a webpage depending on the session, then its type is DCV? Extraction are the URLs where this parameter can be initially found so that it is enforced afterwards during the current session. Where do i specify enforcement rules?

Sorry for the many Q's but i couldnt find much examples on this...thanks for providing some real examples to make it easier...