This feature uses the Joomla 'raw' document format, if you receive an error when opening this kind of links it's likely your Joomla 'raw' format has been broken by other extensions or a PHP error is generated under the hood. In particular check if you have installed a well known bugged plugins that has broken thousands of websites named 'System - Google Analytics', and in such case unpublish it immediately.
It's recommended to enable the error reporting in the Joomla global configuration, the debug mode under the GDPR component configuration and finally open the URL used for the popup directly in the browser for example: 'https://www.youtsite.com/index.php?option=com_gdpr&task=user.getCookieCategoryDescription&format=raw&lang=en&gdpr_cookie_category=1&fancybox=true' In this way it's possible to display PHP errors if any.

Additionally this error can be the effect of a mixed domains usage along with Joomla! configured with a hardcoded single domain URL. Browser won't allow scripts to work across different domains such as http://mysite.com and http://www.mysite.com, thus for security policy scripts are blocked accordingly.

Normally Joomla uses dynamic base address for the site, having a look at the Joomla configuration.php you can check that the variable named '$live_site' has empty value as by default.

Keep in mind that you should always use only 1 domain for your website to have good SEO, so it's recommended that you redirect from one domain to another using the htaccess.

When Joomla routing resolves dynamically the site base address this will affect also the scripts, for this reason if the '$live_site' variable is not forced to a specific domain also scripts will work in any case.