I use a defence-in-depth strategy to block unwanted content:
1: on the router (OpenWRT running in a container on Proxmox), network blocking using nftables sets. This includes both advertising-related networks as well as emerging threats.
2: on the router, DNS blocking using several block lists as well as my own custom lists.
3: on the router, DNS masquerading to enforce the use of my own DNS server. This only works for applications which use normal DNS so I tend to disable DoH (DNS over HTTP) and other such things when possible. If applications insist on trying to force me to use their own idea of what a DNS service looks like I will stop using those applications if there are useable alternatives. This is my network, these are my computers, this is my domain, this is my internet connection and I am the one who controls which traffic goes where.
3: on client devices, network blocking using nftables sets or (on some devices) ipset lists.
4: on client devices, DNS blocking using the host file
5: on some Android client devices, content blocking through a device-local VPN
6: on client applications like browsers, content blocking through either extensions like uBlock Origin and/or by using native content blocking capabilities (e.g. the Cromite browser on Android which I use when I have to test something with a non-Firefox browser)
7: as a last resort, my hands and eyes. If somehow advertising makes it way past all the hurdles I throw in its path I just close the page/application/window/. Thou Shall Not Pass and that's it.
While all this may sound like a lot of work it actually is not. I set up the blocking on the router once and keep the lists up to date automatically using a cron job. The same is true for client devices. Once installed the stuff mostly does its job without bothering me apart from some pages not working - so what, there's enough alternatives out there. I don't like ads, get it? No ads, zip, nada, zilch. Don't Advertise On Me.