Oof! Does anyone recommend any tools for protecting against this sort of stuff? I feel like a VPN wouldn’t even be enough here since the MAC address is coming through the headers.
I think the full answer is to never trust anything on a page that isn't from the host domain: achievable via the uMatrix plugin. I dont understand why anyone would trust random scripts from a random company (and sometimes just an unnamed cloudfront endpoint).
A less intense version is to use a PiHole or otherwise block bad domains at the DNS level via a regular ad blocker.
A less intense version is to use a PiHole or otherwise block bad domains at the DNS level via a regular ad blocker.