Because AppContainer has less rights than Untrusted and disabling JIT also removes the nessecity to make working memory writeable you are better protected against vulnabilities and exploits. But it is overhyped to make people endure the bloat Edge adds to your browser. Chrome can be configured to run with similar additional protection.
For more common threats using two profiles is a better approach. One for visiting trusted websites and one for visiting risky websites. In the risky website profile, you can disable (set to block or deny) all site permissions except images, sound/video play, javascript and cookies (leave those on default).
Two user profiles also allows you to use two different DNS services. I have sort of copied Tairiki's approach to limit the allowed TopLevelDomains in the DNS for the risky surfing profile to com, io, net, org and EU plus NL(because I am living in the NL).