Web-developer here.
I have built Cookie-Acceptance menus.
It’s worth mentioning that Cookie-Acceptance is a very new standard. Like.. within my career.
When I started, GDPR and Cookie-Acceptance weren’t things, and there were no real rules.
There are still no rules. Every project is bespoke, there are no hard-and-fast standards or common standard plugin modules for this.
We build the menu and functionality in our own way and with our own ideas about how it should work.

In principle, there are sections of tracking code on the site which are locked until you press Accept on the cookies.
However it’s possible that it’s on by default and only disables the cookie after you press the No button.
This is a workaround, making it opt-out rather than opt-in technically fulfills the GDPR requirements, but by the time you turn it off, your tracked data is already up on the website’s analytics database and turning it off is mostly irrelevant.
If the developers are lazy, or there’s someone unscrupulous in charge, the buttons might not even do anything other than close the popup, which is in defiance of GDPR, but takes effort to prove. If you catch a company doing this you should definitely call them out on it.
If you really don’t want 3rd party cookies then you should disable them in your browser settings, because every website is different and you cannot trust that they’re operating in a sensible or scrupulous fashion.