The solution doesn’t differentiate between first-party or third-party servers. As long as any servers are outside Europe, it marks the site as in violation.
You explain this in the "how does this website work?" FAQ, but you could be even more up front about it. I expected this to try to do something interesting about cookie management or privacy policies (which is pretty hard TBH).
You're asserting that embedding any content hosted outside the EU is a GDPR violation. That is HUGE NEWS. I had no idea. That seems crazy.
It’s a violation if it happens without consent. If PII (which IP address counts as) is shared (for example by fetching Google Fonts from a US-based CDN) regardless of consent, that is a violation.
Many sites have a consent wall but will throw out third-party requests even if consent is not explicitly given.
If you do those requests only for logged in users who have individually consented (oh, and grandfathering in old users who did not consent will require the same new consent), that does not in itself count as a violation.
Also, explicit consent is not required for strictly necessary things. "Because this way is easier and cheaper and almost everyone else in our industry is doing it" is not sufficient reason.
You're asserting that embedding any content hosted outside the EU is a GDPR violation. That is HUGE NEWS. I had no idea. That seems crazy.