diff --git a/TODO.md b/TODO.md
index fdbdb6c..36a07f6 100644
--- a/TODO.md
+++ b/TODO.md
@@ -11,13 +11,13 @@
 - >Logout popup :
    - >Are you sure want to logout?
 - >Home page password Expiry message
-- Set userId and login with userID
+- >Set userId and login with userID
 - Limit of transaction daily  --Asif
 - >Statement Download
 - >In Every OTP page "Resend button" & 3 min timing of expiry.
 - >OTP binding with actual mobile number.
 - >Beneficiary delete feature
-- IN settings page NOTE position Fixing.
+- >IN settings page NOTE position Fixing.
 - >Admin page 
    - >give rights
    - >view rights 
@@ -25,7 +25,7 @@
 <!-- - >For Migration if user not have password -->
 - E-mandate
 <!-- - Make every page responsive (need to check settings and payment tab) -->
-- Locked (3 times wrong password in time of login)
+- >Locked (3 times wrong password in time of login)
 - >session timeout
 - >login time otp
 <!-- - narration   (in statement) Last 10 transaction the remarks not comes from subham sites-->
diff --git a/next.config.mjs b/next.config.mjs
index dd7ab8a..ac51b85 100644
--- a/next.config.mjs
+++ b/next.config.mjs
@@ -1,21 +1,66 @@
 /** @type {import('next').NextConfig} */
-
 import os from "os";
 const isWindows = os.platform() === "win32";
 
+// Security headers
+const securityHeaders = [
+    {
+        key: "Content-Security-Policy",
+        value: `
+      default-src 'self';
+      script-src 'self' 'unsafe-inline' 'unsafe-eval';
+      style-src 'self' 'unsafe-inline';
+      img-src 'self' data:;
+      font-src 'self';
+      connect-src 'self' http://localhost:8080 https://yourdomain.com;
+      frame-ancestors 'none';
+      object-src 'none';
+      base-uri 'self';
+      form-action 'self';
+    `.replace(/\n/g, ""), // remove newlines
+    },
+    {
+        key: "Referrer-Policy",
+        value: "strict-origin-when-cross-origin",
+    },
+    {
+        key: "X-Content-Type-Options",
+        value: "nosniff",
+    },
+    {
+        key: "X-Frame-Options",
+        value: "DENY",
+    },
+    {
+        key: "Permissions-Policy",
+        value: "camera=(), microphone=(), geolocation=()",
+    },
+];
+
 const nextConfig = {
+    // Hide "X-Powered-By: Next.js"
+    poweredByHeader: false,
     experimental: {
         serverComponentsExternalPackages: ["typeorm", "knex"],
     },
     reactStrictMode: true,
-    // For port transfer
+
     async rewrites() {
         return [
             {
-                source: '/api/:path*',
+                source: "/api/:path*",
                 destination: isWindows
-                    ? "http://localhost:8080/api/:path*"       // For Windows
-                    : "http://localhost:8080/api/:path*",  // For Linux/Mac/Server
+                    ? "http://localhost:8080/api/:path*" // For Windows
+                    : "http://localhost:8080/api/:path*", // For Linux/Mac/Server
+            },
+        ];
+    },
+
+    async headers() {
+        return [
+            {
+                source: "/(.*)", // Apply to all routes
+                headers: securityHeaders,
             },
         ];
     },
diff --git a/src/app/(main)/funds_transfer/page.tsx b/src/app/(main)/funds_transfer/page.tsx
index 1abb5bb..14f7ba2 100644
--- a/src/app/(main)/funds_transfer/page.tsx
+++ b/src/app/(main)/funds_transfer/page.tsx
@@ -286,20 +286,14 @@ export default function QuickPay() {
           message: "Transaction successful",
           color: "green",
         });
-        setShowTxnPassword(false);
-        setTxnPassword("");
-        setShowOtpField(false);
-        setOtp("");
-        setValidationStatus(null);
-        setBeneficiaryName(null);
-        setTimerActive(false);
-        setCountdown(180);
+        return;
       } else {
         notifications.show({
           title: "Error",
           message: result?.error || "Transaction failed",
           color: "red",
         });
+        return;
       }
     } catch {
       notifications.show({
@@ -314,6 +308,8 @@ export default function QuickPay() {
       setBeneficiaryName('');
       setConfirmBeneficiaryAcc('');
       setBeneficiaryType(null);
+      setTxnPassword("");
+      setOtp("");
       setAmount('');
       setRemarks('');
       setIsVisibilityLocked(false);
diff --git a/src/app/_util/otp.ts b/src/app/_util/otp.ts
index 0e1fc67..7a70463 100644
--- a/src/app/_util/otp.ts
+++ b/src/app/_util/otp.ts
@@ -14,8 +14,8 @@ interface SendOtpPayload {
 }
 
 function getStoredMobileNumber(): string {
-  // const mobileNumber = localStorage.getItem('remitter_mobile_no');
-  const mobileNumber = "7890544527";
+  const mobileNumber = localStorage.getItem('remitter_mobile_no');
+  // const mobileNumber = "7890544527";
   if (!mobileNumber) throw new Error('Mobile number not found.');
   return mobileNumber;
 }
diff --git a/src/app/login/page.tsx b/src/app/login/page.tsx
index 8916ba7..137eadf 100644
--- a/src/app/login/page.tsx
+++ b/src/app/login/page.tsx
@@ -45,8 +45,8 @@ export default function Login() {
         }
 
         try {
-            // await sendOtp({ type: 'LOGIN_OTP', username: CIF, mobileNumber: mobile });
-            await sendOtp({ type: 'LOGIN_OTP', username: CIF, mobileNumber: "7890544527" });
+            await sendOtp({ type: 'LOGIN_OTP', username: CIF, mobileNumber: mobile });
+            // await sendOtp({ type: 'LOGIN_OTP', username: CIF, mobileNumber: "7890544527" });
             notifications.show({
                 color: 'orange',
                 title: 'OTP Required',
@@ -67,8 +67,8 @@ export default function Login() {
     async function handleVerifyOtp(mobile?: string) {
         try {
             if (mobile) {
-                // await verifyLoginOtp(otp, mobile);
-                await verifyLoginOtp(otp, '7890544527');
+                await verifyLoginOtp(otp, mobile);
+                // await verifyLoginOtp(otp, '7890544527');
                 return true;
             }
         }