I’m surprised this works, but then Hetzner tends to use device routing (i.e not requiring ARP resolution) so perhaps this is why it works.
However there are still problems with the way you have configured br0.
If this is the info that Hetzner gave you:
Additional IP: 213.239.211.94
Gateway: 213.239.211.65
Netmask: 255.255.255.224
Broadcast: 213.239.211.95
Then you should never be configuring the gateway IP on your own server(s). That is Hetzner’s router and will not be reachable if you configure the IP on your own machine.
Additionally you imply that you only have been allocated a single additional IP 213.239.211.94 and yet the way you have configured br0 means that you won’t be able to reach any of the IPs in that IP’s wider subnet (probably owned by other customers of Hetzner) which may cause strange connectivity issues if you ever need to communicate with them.
My suggestion would be to remove br0 interface entirely and use routed NIC type which allows you to pass individual external IPs into an instance.
See How to get LXD containers get IP from the LAN with routed network