I highly recommend disabling JavaScript by default in your browser and then whitelisting the websites that you use frequently and need JavaScript to function.
The privacy benefit of this is that when you read articles online or visit new websites, most of the time it will not need JavaScript to function which will stop loading a lot of ads and tracking scripts.
The security benefit here is massive, first if you visited a bad link that contains a malware that is dependent on JavaScript it would not work, secondly if you visited a link for a service that you use and JavaScript did not work there, then you can see in real time that this is a fake page and not the real websitewebsite you intended to visit.
Bonus tip: try to replace the unnecessary websites that can’t work without JavaScript and you need by JavaScript free websites or open source apps.
Disclaimer: Stay cautious. This recommendation will improve your privacy and security, but it does not protect you from everything.
I’ve been doing this for a few years and eventually got tired of whitelisting websites. I’ve went as far as using NoScript for fine-grained control, but what’s the point? If you need a single feature JS, or a single article on a domain, you will let everything run if you grant the permissions, so why bother?
Better keep JS on and run an up-to-date browser with a custom DNS to filter out known malicious websites. Also, don’t visit random links, that’s an actually good advice.