Pro tip for hosters.

If you're hosting a service that might require or allow users to download assets from 3rd party services (like a CDN), but that don't need for your use case. You can set a Content Security Policy for the service that controls what your user's will download, possibly disabling unnecessary CDN tracking connections. Generally it's easiest to set a header in your L7 load balancer config (reverse proxy), or your ingress controller if supported.

Yes there are better ways, but this is a dang easy first step.

For example, I host a web service called cgit, which attempts to fetch avatar files from a cdn. Avatars are neat, but not at the expense of my user's privacy (leaking connection info) and also security (3rd party content that I don't monitor could be malicious with a number of basic attacks). I set a CSP that tells the client what content to load and where, breaking these requests.