Anyone using ublock origin hardmode will know what I’m talking about.
Pretty much all websites (I’d say at least 75% from experience) use one of the following scripts:
google (.com)
gstatic
Google fonts
googletagmanagers (disabling this one, never breaks any websites)
Mostly because of recaptacha.
How can we know that these scripts only contain recaptacha fonctionality and nothing else?
You can inspect them.
I don’t have that knowledge unfortunately. Are you implying that Google (.com) and gstatic are safe and only contain the recaptcha scripts?
No, I’m lazy and just trust my content blocker to block known trackers. I don’t inspect them unless the website failed to function properly.
As for the gstatic.com CDN, I trust Google not to provide malicious JS, and their security is good enough to prevent hijacking. If you are really worried about the CDN, see nobody/LocalCDN: A web browser extension that emulates Content Delivery Networks to improve your online privacy. It intercepts traffic, finds supported resources locally, and injects them into the environment. - Codeberg.org. Note that the last time I checked, it didn’t work properly on Firefox and provided no benefits with hardened settings or mitigated with other software.
To me, the whole de-googling thing sounds ironic when you’re aware that Google is pretty much on every website.
Good news, today’s improvements to the Web platform makes making websites without bloated JS/3rd party scripts very easy.
Bad news, most people do not care indeed. 
But it is definitely doable to have a “healthy” website with none of that fluff. 
Hm…not really. Most of the time, the code shipped into production especially 3rd party scripts like here will be minified and hence not readable even for a seasoned web developer because just machine-optimized gibberish[1].
Takes time to bring some giants down to their knees indeed. 
for fair performance reasons tho ↩︎