Use NoScript ABE feature to disallow hidden services access to clearnet
Some hidden services have some tracking (or non-tracking) scripts from clearnet included, which allows a clearnet party to track HS users. I suggest to use NoScript Application Boundaries Enforcer (https://noscript.net/abe/) to disallow hidden services access to clearnet resources (especially included scripts).
It could look like Site *.onion Accept from SELF++ #Anonymize from *.onion Deny
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information