As part of the upcoming GDPR every website must now seek permission from all visitors prior to setting ANY cookies on their computer. If the visitor does not give consent then all cookies must be blocked. Cookies must also be clearly defined and described so the visitor can make an informed decision. This applies to all third-party embedded content, which brings me onto my query.
After running a cookie audit on our website using Cookiebot (one of the only fully GDPR compliant cookie plugins - checkout their website for lots of useful info: www.cookiebot.com) I can see that Sketchfab sets and uses a number of cookies that create a unique ID for tracking purposes. Do you intend to update your embed code to provide more control over the cookies that are created, or at least provide some way of preventing these cookies from being set if a website visitor declines them?