I highly recommend disabling JavaScript by default in your browser and then whitelisting the websites that you use frequently and need JavaScript to function.
The privacy benefit of this is that when you read articles online or visit new websites, most of the time it will not need JavaScript to function which will stop loading a lot of ads and tracking scripts.
The security benefit here is massive, first if you visited a bad link that contains a malware that is dependent on JavaScript it would not work, secondly if you visited a link for a service that you use and JavaScript did not work there, then you can see in real time that this is a fake page and not the real websitewebsite you intended to visit.
Bonus tip: try to replace the unnecessary websites that can’t work without JavaScript and you need by JavaScript free websites or open source apps.
Disclaimer: Stay cautious. This recommendation will improve your privacy and security, but it does not protect you from everything.
NoScript
I had to switch to uMatrix after NoScript broke all embedded media. It seems to still block all the 3rd party scripts, but allows 1st party by default so less severe website breakage.
Umatrix did not get update since very long time, is there is a active fork you use?
Unfortunately no, I haven’t found a fork under active development.
UMatrix still works fine though. I think Palemoon has their own fork of UMatrix they maintain.
Should be on by default lol