How to Prevent Duplicate Scan Notifications — and What Triggers a Real Alert

Introduction

Getting notified every time a bot or a search engine crawler hits your scan page would make QR notifications useless. ScanItUp uses a multi-layer verification system to ensure every notification you receive represents a real human scan. Here is exactly how it works.

Why Notification Quality Matters

Imagine receiving 50 “scan alerts” per day for a vehicle QR sticker — only to discover that 48 of them were bots, social media preview scrapers, or your own accidental refreshes. You would stop trusting the notifications entirely. ScanItUp was built to prevent this from day one.

Layer 1: No Notification on Page Load

Many basic QR systems trigger a notification the moment the URL is accessed. ScanItUp does not. The scan is logged and the data is stored, but no WhatsApp or email notification is sent at this stage.

This single design decision eliminates all bot traffic, search engine crawlers, and automated link previewers from ever triggering your alerts.

Layer 2: Human Interaction Required

The notification is only queued after the system detects a genuine human interaction on the scan page. Qualifying interactions include:

• Scrolling down the page
• Tapping or clicking any element
• Swiping on a touchscreen
• Moving a mouse cursor
• Pressing any keyboard key

Bots and crawlers do not perform these interactions. Humans almost always do — even if only to scroll down to read the contact information.

Layer 3: Minimum Dwell Time

Even after interaction is detected, ScanItUp waits a minimum of 2 seconds before confirming the notification. This eliminates accidental scans — for example, if someone’s phone accidentally scans your QR code from a distance and the page flickers open before closing.

Layer 4: Session-Based Deduplication

ScanItUp stores a record in the browser’s session storage after the first confirmed notification is sent for a given tag. If the same person refreshes the page, navigates back, or accidentally scans again within the same browsing session, no second notification is triggered.

This means you receive one notification per visit — not one per page load.

Layer 5: Single-Use Notification Tokens

Each scan page load generates a unique, one-time-use token. The notification AJAX request requires this token to process. Once used, the token is deleted from the database. Even if a request were replayed, it would be silently ignored.

Conclusion

Every WhatsApp scan alert you receive from ScanItUp represents a real person who landed on your page, read your content, and was present for at least two seconds. That is the quality standard every smart notification system should hold itself to.

Upgrade to Pro and receive verified WhatsApp scan alerts at scanitup.com.