We see a lot of websites including Google Analytics or Facebook Pixel Tracking or similar JavaScript URLs called before cookie banners are displayed. By GDPR, users, at first, must give their consent on advertising or analytics tracking before calling external services i.e. from Google or Facebook.
Displaying a cookie banner with only one button like “Accept” or “Got it” is not legal. It does not give your users a free choice to reject unnecessary cookies.
Make sure that non-essential cookie groups are displayed as not pre-checked by default in the advanced cookie settings window. Explicit consent requires a very clear and specific statement of consent.