Strange Issue With Electricity Bill API Request Caching on Shared Hosting — Need Help

Hey developers,
I’m facing a very rare issue and I’m genuinely stuck. Hoping someone here has experienced something similar.

I run a small web project in Pakistan called lescobil.pk, which lets users check their monthly LESCO bill online by entering their reference number. The data is fetched from the official LESCO website endpoints.

*## How it’s supposed to work
*
When users enter their reference number, my backend makes a request to the LESCO server (non-official internal API endpoints) and returns the latest bill data:

• Consumer name
• Issue date
• Due date
• Units consumed
• Arrears
• Bill payable

Everything works perfectly… until recently.

*## The problem (very weird & hard to replicate)
*
For some specific reference numbers, the response being returned is cached incorrectly.

Example:
If USER A checks their bill first, and seconds later USER B (different reference number) checks theirs, USER B sometimes receives USER A’s bill data — but only under these conditions:

• During peak traffic hours (20–22:00 PKT)
• When both use the same ISP (PTCL)
• When both are using mobile data networks (Jazz/Zong)
• If I test on my Wi-Fi, the problem doesn’t happen.

*## Observed patterns
*
After 2 weeks of debugging:

• Seems like response caching somewhere in the chain
• Happens ONLY with shared hosting (Hostinger, Singapore region)
• Happens only on POST requests
• Adding random query parameters reduces the frequency, but doesn’t fully fix it
• Cloudflare is OFF, so no caching rules there

I also tried:

• Disabling Laravel response caching
• Adding Cache-Control: no-store
• Forcing header("Pragma: no-cache")
• No improvement.

*## My suspicion
*
Pakistan’s ISPs sometimes perform transparent caching on public utility endpoints.
Meaning: if two people hit the same endpoint within milliseconds, the ISP returns a cached HTML.

This would explain ISP + time-slot correlation. But if that’s true… how do I force fresh data?

*## Security concern
*
This is very dangerous. Someone could see another person’s bill:

• CNIC digits
• Address
• Previous dues
• Meter type

Even if accidental, it’s a privacy leak.

*## More interesting findings
*
When I artificially delay the request by 450–600ms on the server:

The issue disappears completely.

When the request is too fast (60–80ms round-trip):

Issue reappears.

It’s almost like some caching layer is trying to “optimize” repeated requests.

*## My Questions
*

1. How do I force no caching across all layers (ISP/CDN/middle-boxes)?
2. Is adding unique random timestamps to requests the only fix?
3. Can I prevent Pakistan ISP caching using HTTP headers only?
4. Would upgrading to VPS solve this completely?
5. Should I shift the endpoint to a different port (443 → custom)?

*## Tech Stack
*

• Laravel 10 (PHP)
• Shared hosting (Hostinger)
• cURL GET from official LESCO endpoint
• No Cloudflare proxying
• MySQL for history logs

*## Temporary patch
*
Right now, I’m appending a random UUID:

?ref=XXXXXXXXXXXX&rnd=uuidv4()

It reduces the problem but does not guarantee prevention.

*## Why this matters
*
LESCO is the primary electricity provider for millions in Punjab.
Even a slight data leak:

• Violates user privacy
• Breaks trust
• Could be legally problematic

*## What I think
*
Pakistan telecom caching seems to be aggressively caching HTML responses on live government endpoints due to load balancing — not intentional.

But I’m not 100% sure.

*## Need expert-level guidance
*
If anyone here has dealt with:

• ISP transparent caching
• Layer-7 caching middleboxes
• Public utility scraping anomalies
• Pakistan telecom quirks

…your help would be gold.

Thanks in advance