It’s unfortunate that Google (dis)services infest so much of the internet, and especially maddening when websites think they provide some kind of “security.” See Google Shadow Profiles
When I have had to get past captchas, I’ve noticed that it’s gstatic that has to be temporarily enabled… but to get the gstatic script to show, I have to enable another Google script first; google.com, I think.
We can only hope that this stuff will eventually become the subject of a privacy-abuse lawsuit.