That doesn't really help you as if you want to use the website you already allow connections to that host and as far as I know these are mostly aimed at hostnames not the endpoint where the "creepy" request is being fired at.
Correct. You could always have JS disabled by default in uBlock Origin to mitigate JS snooping on sensitive info, so there is that. You can blacklist specific domains in uBlock too. We need something like Portmaster[0], but inside the browser as an extension.
Apart from a few of us nerds on HN nobody will do that. In reality people have a hard time seeing the problem with re-using a password, making people decide which hostnames are okay or vet javascript files before allowing them is unrealistic and not the solution to the problem.
(TCP View is not really a firewall however, it just lets you inspect traffic, but not block it or filter it)
https://github.com/evilsocket/opensnitch (Linux)
https://www.obdev.at/products/littlesnitch/index.html (Mac)
https://www.glasswire.com/ (Windows)
https://docs.microsoft.com/en-us/sysinternals/downloads/tcpv... (Windows)