diff --git a/services/cogeco-checker/lib/cogeco-session.js b/services/cogeco-checker/lib/cogeco-session.js
index 1625c8f..69ae06a 100644
--- a/services/cogeco-checker/lib/cogeco-session.js
+++ b/services/cogeco-checker/lib/cogeco-session.js
@@ -52,7 +52,10 @@ async function getBrowser () {
   if (_browser && _browser.isConnected()) return _browser
   _browser = await chromium.launch({
     headless: true,
-    args: ['--no-sandbox', '--disable-dev-shm-usage', '--disable-blink-features=AutomationControlled'],
+    args: [
+      '--no-sandbox', '--disable-dev-shm-usage', '--disable-blink-features=AutomationControlled',
+      '--disk-cache-size=0', '--media-cache-size=0', // no on-disk HTTP cache
+    ],
   })
   return _browser
 }
@@ -122,8 +125,21 @@ async function checkAddress (address, { debug = false } = {}) {
     locale: 'en-CA',
     userAgent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36',
     viewport: { width: 1280, height: 900 },
+    serviceWorkers: 'block', // a SW could intercept/cache the register + API calls
   })
   const page = await ctx.newPage()
+
+  // DISABLE the HTTP cache for this session. /boutique/api/register is a GET,
+  // so a warm Chromium cache can re-serve an already-consumed/expired token
+  // instead of letting the page mint a fresh one — which makes the protected
+  // address/search call 401 even though register "succeeded". Forcing every
+  // request (incl. register) onto the network keeps the token fresh. CDP is
+  // Chromium-only; best-effort (don't fail the check if it's unavailable).
+  try {
+    const cdp = await ctx.newCDPSession(page)
+    await cdp.send('Network.setCacheDisabled', { cacheDisabled: true })
+  } catch { /* CDP unavailable under this driver — continue uncached-best-effort */ }
+
   const captured = []
   // Track the serviceability call specifically; keep the best (200 wins over 401).
   let serviceResp = null