| Rank | Domain | Requests |
|---|---|---|
| 1 | wero-wallet.eu | 99 |
| 2 | static.weropay.eu | 49 |
| 3 | start.wero-wallet.eu | 20 |
| 4 | static.zdassets.com | 8 |
| 5 | consent.cookiebot.com | 6 |
| 6 | www.google.com | 6 |
| 7 | www.googletagmanager.com | 3 |
| 8 | consentcdn.cookiebot.com | 3 |
| 9 | cdn.matomo.cloud | 2 |
| 10 | epicompany.matomo.cloud | 2 |
| 11 | wero-support.zendesk.com | 2 |
| 12 | js-eu1.hs-scripts.com | 1 |
| 13 | js-eu1.hs-analytics.net | 1 |
| 14 | js-eu1.hs-banner.com | 1 |
| 15 | ad.doubleclick.net | 1 |
| 16 | ekr.zdassets.com | 1 |
| 17 | pagead2.googlesyndication.com | 1 |
| 18 | track-eu1.hubspot.com | 1 |
| 19 | imgsct.cookiebot.com | 1 |
Doubleclick was the 2nd biggest ad network on the internet when Google bought them about a decade ago
Doubleclick is pretty much used exclusively as an adtech/marketing brand by Google these days. They typically do the kind of stuff you describe under their Google analytics product.
Also I’m 99% sure from the legal perspective of the consent banner legislation, tracking user journeys like you describe is specifically not “essential” functionality and must be consented to.
Pretty much the only stuff in the necessary category is stuff like login cookies, explicit user preferences and things like shopping cart IDs
Article 6, no. 1 lit a) GDPR:
I’ll say it’s at least debatable how the controller’s and the data subject’s interest should be weighed.
Besides complying with the GDPR, to my knowledge, they also need to comply with the stricter German TDDDG, since I am a German user.