Most don't. A surprising amount do - any page that embeds a Facebook 'like' button loaded from Facebook servers with a referrer header ... or JQuery hosted by Google or a Doubleclick advert or a reTweet button, and on and on.
Strictly: that's not "most websites", it's "many services".
Facebook "likes", Google analytics, New Relic monitoring, and any of numerous other tools can do this.
Which is why I'm loaded for bear with noscript, adblock, Privacy Badger, Ghostery, and numerous entries in my /etc/hosts file for particularly noxious / ubiquitous sites.
This is why I stay logged out of facebook and don't allow third party cookies. Trying to move off of gmail also so I am not always logged in there either. Probably not perfect but hopefully it foils a lot of attempts at tracking.
I block all scripts globally, flash heavy sites do not load and I consider that a 'feature'. Frankly, surfing the web without NoScript & AdBlock is an experience I do not want and have learned to do without. IF I need drivers or need access or ecommerce I'll allow the main site to run temporarily in Sandboxie or use tools/alt approaches to get the data without 7 or 8 ad servers running. The false promise of the internet is easily eschewed when you take a pragmatic approach to it.
Also: I was looking for something on mainstream retailer sites and was amazed at the list of servers. How many TargetImg servers does it take to load a product page? Answer: At least four, plus all the other tracking/ad loading detritus. Just wow.
