Cashfree

Cashfree

Cashfree Payments is an Indian payment gateway for processing online payments and disbursing payouts. Scripts render secure payment forms and handle transaction authentication flows. Cookies maintain checkout session state and support fraud detection during payment processing.

Back to Vendor Library

Overview

Cashfree Payments is one of India's leading payment gateways, supporting UPI, net banking, cards, wallets, and EMI options popular in the Indian market. The platform handles both payment collection (accepting payments from customers) and payouts (disbursing money to vendors, employees, or customers). Cashfree is particularly notable for its deep integration with India's Unified Payments Interface (UPI), including support for UPI AutoPay for recurring mandates.

What This Script Does

Cashfree's client-side integration loads scripts from sdk.cashfree.com to render payment forms and handle transaction authentication flows. The checkout experience varies by payment method:

  • UPI payments: The script generates a QR code or deep-links to UPI apps (GPay, PhonePe, Paytm) and polls for payment confirmation
  • Card payments: Renders PCI-compliant card input fields via iframes and handles 3D Secure authentication redirects
  • Net banking: Redirects the user to the selected bank's login page and handles the callback
  • Wallets/EMI: Manages the respective provider's authentication flow

Cookies set during payment processing:

  • cfpl_session — session cookie maintaining checkout state during the payment flow
  • cf_fraud — device fingerprint cookie used for fraud detection across transactions

The scripts communicate with api.cashfree.com and payments.cashfree.com. Data collected includes the payer's email, phone number (standard in Indian e-commerce), selected payment method, and device characteristics for fraud screening. Card data is handled within Cashfree's PCI DSS Level 1 certified environment and never reaches the merchant's servers.

Consent & Compliance

Cashfree is classified as essential. Its scripts are strictly necessary for processing payment transactions that the user has explicitly initiated. Under India's Digital Personal Data Protection Act (DPDPA) 2023, processing for fulfilling an obligation (completing a purchase) has a lawful basis. For sites with European visitors, ePrivacy Directive Article 5(3) exempts strictly necessary cookies from consent requirements.

Under CCPA/CPRA, Cashfree's transaction processing constitutes a business purpose. The fraud detection data collection falls under security operations exceptions in all major privacy frameworks.

Should You Block This Without Consent?

No. Cashfree scripts are essential for processing payments. Blocking them would prevent customers from completing purchases. Payment processing cookies are exempt from consent requirements as strictly necessary for a service the user has requested.

Visit website

Consent Categories

Essential

Also Known As

Cashfree PaymentsCashfree gatewayIndian payment gatewayCashfree checkoutCashfree UPI

Industries

Finance

Tracked Domains (1)

cashfree.comEssential

Frequently Asked Questions

Do I need consent to use Cashfree on my website?

No. Cashfree scripts are strictly necessary for processing payments the user has explicitly initiated. Session and fraud detection cookies are essential for checkout security. Under ePrivacy Directive Article 5(3) and India's DPDPA, payment processing cookies are exempt from consent requirements.

What cookies does Cashfree set?

Cashfree sets cfpl_session (session cookie maintaining checkout state during the payment flow) and cf_fraud (device fingerprint cookie for fraud detection across transactions). Scripts communicate with api.cashfree.com and payments.cashfree.com. Card data is handled within Cashfree's PCI DSS Level 1 environment.

How does ConsentStack manage Cashfree consent?

ConsentStack classifies Cashfree as essential and never blocks its scripts regardless of consent state. Payment processing and fraud detection are strictly necessary for the transaction the user has initiated. ConsentStack ensures Cashfree loads on all pages where it is present without any consent gate applied.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Cashfree

ConsentStack automatically detects and manages Cashfree trackers so your site stays compliant with global privacy regulations.

Get started free