If XSS is your concern, check out Firefox’s Container Tabs. They allow you to set up tab groups that restrict access to cookies to only tabs in that group, so you can just, eg, set up a group for your bank and restrict it to just your bank’s site. Your session cookie etc are then not available to any other tab groups.
I pair that with the Temporary Containers extension, so any random tab I open is in its own container. Everything is always separate.