I think the full answer is to never trust anything on a page that isn't from the host domain: achievable via the uMatrix plugin. I dont understand why anyone would trust random scripts from a random company (and sometimes just an unnamed cloudfront endpoint).

A less intense version is to use a PiHole or otherwise block bad domains at the DNS level via a regular ad blocker.