
Why your QR code takes so long to redirect (and how to fix it)
Why does a QR code take so long to redirect? A breakdown of redirect hops, 301 vs 302, DNS and TLS overhead, and how to audit your own redirect chain before your next print run.
ScanKit · Organization
· 14 min read
Why your QR code takes so long to redirect (and how to fix it)
A scanner opens their camera, the QR code decodes in a fraction of a second, and then... a spinner. Two seconds. Three. The page finally loads, or it doesn't, and the scanner has already put their phone away. If you've ever watched a client's campaign underperform despite a well-designed code in a good location, redirect speed is one of the most overlooked reasons why.
Every dynamic QR code depends on a chain of small technical steps between the scan and the page appearing. Most agencies never look at that chain, because it's invisible unless you go looking for it. This guide breaks down what actually happens in that gap, which parts are worth worrying about, and how to audit your own redirect stack before you print ten thousand codes that all point at the same slow link.
What actually happens between a scan and a loaded page
A static QR code, one that encodes a destination URL directly with no tracking layer, sends the scanner's phone straight to that address. A dynamic QR code, the kind ScanKit and most serious campaign tools generate, encodes a short tracking URL instead. That's what makes the destination editable after printing, and it's also what introduces the redirect chain this article is about.
The sequence looks like this:
- The camera decodes the QR code and hands the URL to the operating system.
- The OS opens either the phone's default browser or, if the scan happened from inside an app like Instagram, TikTok, or a messaging app, that app's built-in in-app browser.
- The browser resolves the domain name (DNS lookup) and negotiates a secure connection (TLS handshake).
- The browser requests the tracking URL. The server logs the scan, then responds with an HTTP redirect pointing to the real destination.
- If there's a second tracking layer in the chain, for example a separate analytics pixel or a third-party link shortener sitting between the QR platform and the destination, steps 3 and 4 repeat.
- The browser follows the final redirect and starts loading the destination page.
None of these steps are slow in isolation. The problem is that they're sequential, not parallel, and each one adds a full round trip to a server before the next one can start. Two or three hops stacked together is where a scan that should feel instant starts to feel broken.
301 or 302: the redirect type most people get wrong
Every redirect carries an HTTP status code that tells the browser (and search engines) what kind of redirect it is. For QR campaigns, the two that matter are 301 and 302, and agencies frequently reach for the wrong one.
A 301 (Moved Permanently) tells the browser the destination has changed for good. Browsers are allowed to cache that response indefinitely and skip the redirect entirely on the next visit, jumping straight to the cached destination without re-checking the server.
A 302 (Found), or its stricter cousin 307 (Temporary Redirect), tells the browser the move is temporary. The browser is expected to check back with the server every time rather than caching the destination.
This distinction matters enormously for dynamic QR codes, because the entire point of a dynamic code is that you can change where it points after it's printed. If your QR platform (or a link shortener you've bolted on) serves a 301, a phone that scanned the code once can get the old destination cached locally and simply never see your update, even after you've changed the campaign in your dashboard. The scanner isn't looking at a bug in your campaign; they're looking at a stale cache that has no expiry you control.
Use 302 or 307 for any QR code whose destination might change. Reserve 301s for the rare case where a code's target is genuinely permanent and you want search engines or aggregators to treat it as authoritative. If you're auditing an existing QR platform or a redirect service you've stacked in front of one, check the response headers, not just the marketing copy, to confirm which one it's actually sending.
How much does each hop actually cost?
This is where a lot of the advice online gets vague or invents numbers that don't hold up. Here's what's actually measurable, and what isn't.
DNS lookup and TLS handshake are real, measurable costs, but they vary too much to quote a single number. They depend on the scanner's network (4G, 5G, public Wi-Fi), whether the domain is already cached by their carrier's resolver, and whether your redirect service sits behind a CDN. The one thing the data does show clearly: TLS handshakes complete meaningfully faster when a domain sits behind a CDN edge than when the connection has to reach an origin server directly, and mobile connections tend to add noticeably more overhead than fixed broadband on both counts. Treat any specific millisecond figure you see quoted for "average DNS lookup time" as a rule of thumb at best, not a spec.
Each additional redirect hop adds a full round trip, not just processing time. The browser has to send a request, wait for a response, then start the whole connection process over again for the next server in the chain if it's a different domain. Industry guidance from search engines on redirect chains (originally written for SEO crawl budgets, but the underlying mechanic is identical for a scanning phone) consistently recommends keeping chains as short as possible and treats anything beyond three or four hops as a sign something is misconfigured, not a deliberate design choice.
What this means in practice: a QR code that goes straight from scan to a single tracking redirect to the destination is fast. A QR code that goes through a QR platform's redirect, then a separate URL shortener, then a marketing analytics pixel, then finally the landing page has stacked three or four sequential round trips before the scanner sees anything. Each one of those hops is invisible in a screenshot of the final page, but very visible in how long the scanner had to wait to get there.
Why the wait matters more than it seems
It's tempting to treat an extra second of load time as a minor inconvenience. The data on mobile behaviour says otherwise. In one of the largest studies of its kind, Google and DoubleClick analysed roughly 900,000 mobile landing pages and found that 53% of visits are abandoned if a mobile page takes longer than three seconds to load. The same body of research found that bounce probability rises sharply, more than doubling, as load time stretches from one second to ten.
A QR scan is an even less forgiving moment than a typical mobile ad click. The scanner has already done the work of pulling out their phone, opening the camera, and lining up the code. They're standing in front of a poster, a menu, or a product, often without a strong reason to wait around if nothing happens fast. Every redirect hop you add between the scan and the page is spending down goodwill you can't easily get back, and it's happening before your landing page's own load time even enters the picture.
In-app browsers add a wildcard you don't control
If someone scans your QR code from within an app rather than their phone's camera or a dedicated QR scanner, for instance a code shared inside an Instagram Story or opened via a QR scanner built into TikTok, the destination often opens inside that app's built-in browser rather than the phone's default one. These in-app browsers are not identical to a normal mobile browser. Security researcher Felix Krause's widely cited 2022 analysis found that several major apps, including Instagram and Facebook, inject their own JavaScript into every page loaded in their in-app browser, and that TikTok's iOS in-app browser at the time subscribed to every keystroke and tap made on external websites opened through it.
There isn't solid public benchmarking on exactly how much latency that injected code adds; treat any specific number you see for "in-app browser overhead" with scepticism. What's well established is that in-app browsers are a black box you don't control, running extra code you didn't write, on a rendering engine that may behave differently from Safari or Chrome. If a meaningful share of your campaign's scans are likely to come from inside social apps, for example a QR code promoted primarily through an Instagram post, it's worth testing your landing page specifically inside those in-app browsers rather than assuming a normal browser test covers it.
How to audit your own redirect chain
You don't need specialist tools to see what's actually happening between a scan and a loaded page. A few practical checks:
- Follow the chain manually. Paste your QR code's tracking URL into a browser's network panel (Chrome DevTools' Network tab, with "Preserve log" enabled) and watch each redirect fire. Count the hops. Anything beyond your QR platform's own tracking redirect and the final destination is worth questioning.
- Check the status codes, not just the destination. In the same network panel, click each redirect request and confirm whether it returned 301, 302, or 307. If you're seeing 301s on a link you expect to update later, that's a caching problem waiting to surface.
- Time it with curl. Running
curl -w "%{time_redirect} %{time_total}\n" -o /dev/null -s -L <your-tracking-url>from a terminal gives you the actual time spent following redirects versus the total request time, without any browser overhead muddying the numbers. - Test from a real phone on a real connection. Desktop broadband and office Wi-Fi will make almost any redirect chain look fine. Test on 4G, and if a meaningful share of your audience scans from inside social apps, test inside those apps' in-app browsers specifically.
- Ask what each hop is actually for. If your QR platform's redirect leads to a separate analytics redirect before the destination, ask whether that analytics layer could log the scan and forward it in a single step instead of two. Fewer hops isn't just faster, it also means fewer places where a broken integration can drop or duplicate a scan record, which matters just as much for reporting accuracy as it does for scan metrics you can defend to a client.
The short version
A dynamic QR code's redirect chain is invisible in a screenshot but very visible in how long a scanner waits before anything happens. Use 302 or 307 redirects, never 301, for any code whose destination might change, because a cached permanent redirect can silently strand repeat scanners on an old destination. Keep the chain to a single tracking hop wherever you can; every extra redirect between the QR platform and the landing page is a full round trip the scanner has to sit through before your landing page even starts rendering. Treat specific millisecond figures for DNS or in-app browser overhead with scepticism, but take the underlying mechanic seriously: fewer hops, correctly typed, is both faster for the scanner and more reliable for your tracking. Before your next print run, follow your own QR code's redirect chain in a browser's network panel and count the hops. If it's more than two, that's the fix.
Frequently asked questions
Why does my QR code take so long to redirect?
Most delay comes from stacked redirect hops rather than any single slow step. A dynamic QR code encodes a tracking URL, which redirects to the destination. If a separate analytics service, URL shortener, or additional tracking layer sits between the QR platform and the landing page, each one adds a full round trip before the page starts loading. Check the redirect chain in a browser's network panel to see exactly how many hops your code goes through.
How many redirects should a QR code have?
One hop, from the tracking URL straight to the destination, is ideal. Two is usually still fine. Beyond that, treat it as a sign something in the stack is misconfigured or redundant, similar to how search engines flag long redirect chains as a crawl-efficiency problem. Every additional hop is a full network round trip a scanner has to wait through.
Should a QR code use a 301 or 302 redirect?
Use 302 (or 307) for any QR code whose destination might change, which is the whole premise of a dynamic QR code. A 301 tells browsers the move is permanent, and browsers are allowed to cache that and skip contacting the server again, which means a phone that scanned the code once can get stuck on an old destination even after you update the campaign.
Does a slow redirect actually affect QR code conversion rates?
The underlying mechanic, mobile page load speed, has been studied directly. Google and DoubleClick's analysis of roughly 900,000 mobile landing pages found that 53% of visits are abandoned once a page takes longer than three seconds to load, and that bounce probability rises sharply as load time increases. A QR scan adds an extra layer of impatience on top of a normal mobile visit, since the scanner has already taken the physical step of scanning before the page even starts loading.
Do in-app browsers like Instagram's or TikTok's slow down QR code redirects?
There's no solid public benchmark quantifying the exact latency in-app browsers add, so treat specific numbers with scepticism. What is documented is that several major apps inject their own JavaScript into pages opened in their built-in browser, which makes them behave differently from a normal mobile browser in ways beyond speed alone. If a meaningful share of your scans come from inside social apps, test your landing page inside those specific in-app browsers rather than assuming a standard mobile browser test is representative.
How do I test how fast my QR code's redirect chain actually is?
Open your tracking URL in Chrome DevTools with the Network tab and "Preserve log" enabled, and count each redirect that fires before the final page loads. For a number instead of a visual trace, run curl -w "%{time_redirect} %{time_total}\n" -o /dev/null -s -L <url> from a terminal, which reports time spent on redirects separately from total request time. Test on an actual mobile connection, not office Wi-Fi, since fixed broadband will make almost any chain look fine.
Is a static QR code faster than a dynamic one?
A static QR code that points straight at a URL with no tracking layer skips the redirect step entirely, so in theory it's marginally faster. In practice the difference is usually too small to notice against everything else affecting a mobile page's load time, and it comes at the cost of losing the ability to change the destination after printing or track scans at all. For most agency campaigns, a well-configured dynamic code with a single clean redirect hop is the better trade.
Can I fix a slow QR code without reprinting it?
Yes, and it's one of the advantages of a dynamic code. Because the printed code only ever points at the tracking URL, you can remove unnecessary redirect hops, switch a misconfigured 301 to a 302, or move to a faster redirect service entirely, all without touching the physical code. If your tracking metrics show scans dropping off before reaching the destination, that's worth investigating alongside your broader QR analytics and UTM setup, since a slow redirect can look identical to a scan that simply never converted.
Keep reading

· 21 min read
QR code retargeting: turning print scans into ad audiences on Meta, Google, and TikTok
QR code retargeting isn't cookieless, whatever the vendor pages claim. A precise, sourced guide to the pixels, GDPR consent, what ATT and ITP actually restrict, why scans go missing, and how to build a compliant Meta, Google, TikTok and LinkedIn setup.
Read more
· 19 min read
Can a QR code open an app directly? Universal Links, App Links, and why most scans still land in a browser
Why a QR scan often opens a browser instead of an already-installed app. How Universal Links, App Links, assetlinks.json and deferred deep linking actually work, and where the chain breaks.
Read more