I visit the Information Commissioners Office (ICO) https://ico.org.uk/ which is the commissioner who is in charge of things like GDPR and cookies in the UK.
They have the option to opt out of cookies, which I duely did. I then refreshed and I could still see cookies being load for Google Analytics.
A few days later I returned and the cookie must have expired. Were my original findings due to browser cache? And if so, is there a way to force browsers to forget cookies? I would find this more compliant with the users wishes.
I think if a cookie can expire, then perhaps you could set the expiry date to now when a user opts out. Or set the cookie to 1900 or something similar so it expires. Or set it to null if that would make a difference.
Is it possible to remove a cookie instantly when a user opts out, or is that entirely down to the browser settings?
Yes. To force a cookie to expire, return one with your response with a matching path and name, but an expiry time in the past. The browser will consider it expired and delete it.
Pretty much every site using Google Analytics is going to be betraying your wishes (and breaking the law, at least in the EU), since that's what it's default configuration does, and it's very rare than anyone changes it to anything else.