If Javascript is enabled there’s ultimately very little that can be done to prevent fingerprinting. If you don’t want to be fingerprinted then only allowing JS to run on allowlisted websites is the only way to truly be safe
Well, and stuff like the resistFingerprinting=True option in Firefox. As described in the article. You can make your browser to just lie to the JS API.
There is a price, of course. Lying about screen resolution might mess up how the website looks. Lying about which fonts are installed might make the site a bit uglier.
As someone said already, 'resistFingerprinting' option should be configurable per-domain. Then we could have it enabled (randomized) for most of the web and disable it (allow fingerprinting) for payment processors and similar 'trusted' websites.
