How can I prevent it?
Set a strong Content-Security-Policy, the strongest your website can function with
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
then go through the other recommendations here:
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP