Razorpay

Razorpay

Razorpay is an Indian payment gateway for processing online transactions. Scripts embed checkout flows supporting cards, UPI, netbanking, and digital wallets on e-commerce sites. Handles payment tokenization and fraud detection. Sets session cookies during checkout to maintain transaction state.

Back to Vendor Library

Overview

Razorpay is India's leading payment gateway, processing transactions for over 8 million businesses. It supports a wide range of payment methods specific to the Indian market including UPI, netbanking across 50+ banks, credit and debit cards, and digital wallets like Paytm and PhonePe. On e-commerce and SaaS websites, Razorpay's checkout scripts handle the entire payment flow — from displaying the payment modal to tokenizing card data and processing the transaction. As a payment processor handling financial transactions, Razorpay's scripts are classified as essential.

What This Script Does

Razorpay's checkout is loaded via the checkout.razorpay.com script, which renders either a standard checkout modal or a custom payment form on the merchant's page.

Payment flow:

  • Renders the Razorpay checkout modal with configured payment method options
  • Handles PCI-DSS compliant card tokenization (card data never touches the merchant's servers)
  • Processes UPI intent flows and QR code generation for UPI payments
  • Manages netbanking redirects and wallet payment flows
  • Handles 3D Secure authentication when required by the issuing bank

Cookies set:

  • rzp_checkout_session — session cookie maintaining checkout state during the payment flow
  • Fraud detection cookies that fingerprint the device and browser for risk scoring
  • Session cookies scoped to razorpay.com domain for maintaining authentication state during bank redirects
  • No persistent marketing or analytics cookies are set

Data collected:

  • Payment instrument details (tokenized, PCI-DSS compliant)
  • Device fingerprint and browser attributes for fraud prevention
  • IP address for geographic risk assessment
  • Transaction metadata (amount, currency, order ID)

All data processing is governed by PCI-DSS Level 1 compliance requirements and RBI (Reserve Bank of India) payment processing regulations.

Consent & Compliance

Razorpay falls under the essential consent category. Under GDPR and the ePrivacy Directive, cookies that are strictly necessary for a service explicitly requested by the user — in this case, completing a payment — are exempt from consent requirements. The fraud detection cookies are also considered essential for the security of the transaction.

Under CCPA/CPRA, payment processing data is covered by the financial data exemption and is necessary to fulfill the consumer's transaction request. Razorpay should be disclosed as a payment processor in the privacy policy.

Razorpay operates under RBI regulations for payment data storage and processing, including the data localization mandate requiring payment data to be stored within India.

Should You Block This Without Consent?

No. Razorpay processes payments — a service explicitly requested by the user. Blocking the checkout script would prevent customers from completing purchases. The cookies set are essential for transaction security and fraud prevention. Payment processing scripts are universally recognized as strictly necessary under GDPR, ePrivacy, and CCPA frameworks.

Visit website

Consent Categories

Essential

Also Known As

razorpayrazor payIndian payment gatewayUPI paymentsrazorpay checkout

Industries

Computers Electronics and TechnologyProgramming and Developer Software

Tracked Domains (1)

razorpay.comEssential

Frequently Asked Questions

Is consent required for Razorpay on my website?

No. Razorpay processes payments explicitly requested by users. Its cookies are strictly necessary for transaction security, fraud detection, and checkout state. Payment processing scripts are exempt from consent requirements under GDPR and ePrivacy.

What cookies does Razorpay set?

Razorpay sets rzp_checkout_session to maintain checkout state, fraud detection cookies that fingerprint the device for risk scoring, and session cookies scoped to razorpay.com for authentication during bank redirects. No marketing cookies are set.

How does ConsentStack handle Razorpay?

ConsentStack classifies Razorpay as essential and allows it to load without visitor consent. Blocking a payment gateway would prevent purchases, so ConsentStack never blocks Razorpay scripts regardless of the visitor's consent choices.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Razorpay

ConsentStack automatically detects and manages Razorpay trackers so your site stays compliant with global privacy regulations.

Get started free