diff --git a/src/pages/Checkout.tsx b/src/pages/Checkout.tsx
index 3a36311..50741f0 100644
--- a/src/pages/Checkout.tsx
+++ b/src/pages/Checkout.tsx
@@ -230,11 +230,9 @@ export default function Checkout() {
         navigate(data.checkout_url);
         return;
       }
-      // If backend returned a Stripe client secret, navigate to a route that can handle it
       const clientSecret = data.clientSecret ?? data.client_secret;
       if (clientSecret) {
-        // Navigate to the payment page which loads Stripe Elements and completes confirmation
-        navigate(`/payment?client_secret=${encodeURIComponent(clientSecret)}`);
+        navigate(`/payment`, { state: { clientSecret } });
         return;
       }
       // Fallback: optionally navigate if order id provided
diff --git a/src/pages/Payment.tsx b/src/pages/Payment.tsx
index 2bec04c..498ce7f 100644
--- a/src/pages/Payment.tsx
+++ b/src/pages/Payment.tsx
@@ -66,7 +66,9 @@ function PaymentForm() {
 export default function PaymentPage() {
   const loc = useLocation();
   const q = useMemo(() => new URLSearchParams(loc.search), [loc.search]);
-  const clientSecret = q.get("client_secret");
+  // Prefer router state (in-memory) to avoid exposing secrets in the URL.
+  const state = (loc.state as { clientSecret?: string } | null) ?? null;
+  const clientSecret = state?.clientSecret ?? q.get("client_secret");
 
   if (!publishableKey) {
     return (