Hi Jaak69
The information you got from 2gdpr.com is pretty normal and there is nothing to worry about. Let me explain.
First, a bit of a background.
The thing is that every developer can create their own, unique cookies that contain some pieces of information.
This results in the fact that there are millions of different cookies out there. And every single one of them contains something and does something.
On the other hand we have cookie databases with lists of cookies that are safe and dangerous.
How big are those databases? It is difficult to say about the commercial ones but community-lead open cookie database.org lists… 1501 of them (as for today, 25th April 2024). Link
So, on one hand we have millions of cookies that do something. And on the other had we have databases that contain (probably) thousands of them.
With that in mind, let’s shink about cookie scanners.
When a cookie scanner encounters cookies that are listed as dangerous or not listed at all, they show you a problem. Because it is much easier to say that a cookie may be dangerous rather than admit that they have no idea what this cookie does.
The result is that almost all websites are listed as having problematic cookies. And so does yours.
The cookies that 2gdpr.com listed are for sourcebuster.js. This script is a part of WooCommerce Analytics module (part of Woo) and it checks what is the source of traffic. It does not collect user IP or anything that could be considered personal information. The only thing it does is that it checks whether someone came to your site from google, bing, an ad, link on facebook or some other place.
With all of this in mind, does that mean that your website is dangerous? No, it does not.
Should you worry? No, you shouldn’t.
In fact people who use CMPs that block cookie should be more worried. This is because tracking tools not only use cookies to collect information about your visitors. There are many different technical solutions (browser’s local Storage for example) and techniques (user sniffing) that let them do it.
So if a CMP blocks only cookies, then it is likely that the data still reaches the tracking tool. It is just saved differently.
WP FP works a bit differently. It does not let tracking tools to load (at all) before visitors make their choices. And since there is no script on the website, they cannot track anything. Simple, useful and safe.
Have a nice day Jaak69!