diff --git a/src/PowderCoating.Web/Program.cs b/src/PowderCoating.Web/Program.cs
index 473b941..acb97e9 100644
--- a/src/PowderCoating.Web/Program.cs
+++ b/src/PowderCoating.Web/Program.cs
@@ -653,6 +653,11 @@ app.Use(async (context, next) =>
     context.Response.Headers.Append("Permissions-Policy",
         "geolocation=(), microphone=(), camera=()");
 
+    // Prevent browsers from caching authenticated pages — avoids stale data and
+    // browser-specific cache corruption bugs (e.g. Firefox caching a partial load).
+    if (context.User.Identity?.IsAuthenticated == true)
+        context.Response.Headers.Append("Cache-Control", "no-store");
+
     await next();
 });
 
diff --git a/src/PowderCoating.Web/Views/Invoices/Details.cshtml b/src/PowderCoating.Web/Views/Invoices/Details.cshtml
index df65817..884d1e1 100644
--- a/src/PowderCoating.Web/Views/Invoices/Details.cshtml
+++ b/src/PowderCoating.Web/Views/Invoices/Details.cshtml
@@ -409,7 +409,7 @@
                                                     @if (!isVoided)
                                                     {
                                                         <button type="button" class="btn btn-sm btn-outline-secondary me-1" title="Edit payment"
-                                                                onclick="openEditPaymentModal(@p.Id, @Model.Id, '@p.PaymentDate.ToString("yyyy-MM-dd")', @((int)p.PaymentMethod), '@(p.Reference ?? "")', '@(p.Notes ?? "")', @(p.DepositAccountId?.ToString() ?? "null"))">
+                                                                onclick="openEditPaymentModal(@p.Id, @Model.Id, '@p.PaymentDate.ToString("yyyy-MM-dd")', @((int)p.PaymentMethod), @Json.Serialize(p.Reference ?? ""), @Json.Serialize(p.Notes ?? ""), @(p.DepositAccountId?.ToString() ?? "null"))">
                                                             <i class="bi bi-pencil"></i>
                                                         </button>
                                                         <form asp-action="DeletePayment" asp-route-invoiceId="@Model.Id" asp-route-paymentId="@p.Id"