I particularly annoyed by banks doing this. I assume can trust the bank itself, but why would I want to also pull down content and scripts from cdn.whoknowswhere.com or tangentialservice.com?
If I'm signed in, doing monetary transactions, I don't want to deal with any other domain but the primary.
I installed a firewall at a doctor's office last week. I set the defaults to block pretty much everything so I could whitelist sites the office staff truly needed. The following Monday, I sat around and whitelisted things as the staff stumbled on what they needed. I was amazed at how many third party sites were being hit from health insurance and government sites. This stuff is supposed to be secure, but everything from login to home page to submitting claims had requests to third party domains. I'd say less than half of these third party requests appeared to CNDs.
If I'm signed in, doing monetary transactions, I don't want to deal with any other domain but the primary.