Yeah, i use a sriptblocker which is prepared for xss, generally block everything just enabling the most necessary (custom whitelist)While those good policies and all but the problem is XSS. Numbers suggest up to one in three sites are vulnerable to XSS attacks which means perfectly trust worthy sites get taken advantage of by bad actors. Your firewall and router likely won't help you either unless they have great packet inspection abilities which I would not bet money on.