Are Your PDF View Counts Real? What 3,036 Recorded Sessions Reveal About Bot Inflation

By Oleh Tsyupa, Founder of PDFTrackr · Published 2026-07-14 · Updated 2026-07-14

10 min read

14.4% of all recorded PDF views — 436 of 3,036 sessions — contained zero page engagement. Only 12 of those 436 identified themselves as automation.

A visitor that opens a tracked link but never reads a single page still registers as a view in most tracking tools. The share of such sessions is a hard floor on how much of a typical view count is junk — the real figure is higher, because well-behaved scanners that render pages are not in it.

Based on 3,036 recorded viewing sessions across 233 documents (PDFTrackr production data, 2025-09-22 to 2026-07-13, extracted 2026-07-14, no filtering applied). Shares are exact counts, not estimates.

How much of a PDF view count is junk? At least one view in seven

In our data, 14.4% of every recorded “view” showed zero engagement — the link was opened, a session was recorded, and then nothing: no page rendered long enough to register, no reading time, no scrolling. Of 3,036 sessions recorded across 233 documents over ten months, 436 were of this kind. One tracked “view” in seven represented nobody reading anything.

Two honest caveats, in both directions. First, not every zero-engagement session is a bot: a few are humans who closed the tab before the first page rendered, or page loads that failed. What they share is that no one read anything, yet each one added +1 to a view counter. Second — and this is the direction that matters — the 14.4% is a floor, not the total. An email scanner that fully renders the page to inspect it, or a preview bot that loads page one, generates engagement and escapes this measurement entirely. Sessions that rendered a page but lasted under one second — 65 more, or 2.5% of the engaged sessions — are the next layer. Counting both, 16.5% of all recorded views (501 of 3,036) showed no meaningful human engagement.

For context, this is not a PDF-specific anomaly. Imperva's 2026 Bad Bot Report found that automated traffic passed half of all web traffic in 2024 and reached more than 53% of all web traffic in 2025. A tracked PDF link is a URL like any other: everything that scans, previews, and crawls URLs hits it too.

How we measured it — the exact query, so you can check us

The measurement is one SQL query over our own production analytics: count the recorded viewing sessions that have no page-view rows at all, against all recorded sessions. No sampling, no model, no filtering — every recorded session since tracking began is included, junk and all.

SELECT
  count(*) FILTER (WHERE NOT EXISTS (
    SELECT 1 FROM page_views pv
    WHERE pv.session_id = vs.session_id
  )) AS zero_engagement,
  count(*) AS total
FROM view_sessions vs;

-- Result (2026-07-14): zero_engagement = 436, total = 3,036

Three rules we hold ourselves to. Every number on this page is an exact count from that one dated extract, not an estimate. Where this article reports a distribution anywhere, it reports medians and 90th percentiles, never a bare mean — because a mean is exactly the statistic that bot inflation distorts (more on that below). And the dataset includes our own contamination: these are PDFTrackr's own production sessions, measured before any filtering. This article is the “before” picture of our own dashboards, not a claim about somebody else's.

One scope note: our published reading-behaviour statistics (a 45.7-second median session, first-page drop-off — from that article's own dated extract of 3,017 validated sessions) are computed over validated, engaged sessions only. This study deliberately uses the opposite frame — every recorded session, junk included — because the junk is the subject.

Where do phantom PDF views come from? Scanners, previewers, and crawlers

The biggest source is corporate email security. When you email a tracked link to anyone whose company uses Microsoft Defender for Office 365, Proofpoint, Mimecast or a similar gateway, software opens your link before the recipient can. Microsoft's own documentation for Safe Links is explicit: “As long as Safe Links protection is turned on, URLs are scanned prior to message delivery, regardless of whether the URLs are rewritten or not” — and URLs without an established reputation “are detonated asynchronously in the background.” A “detonation” is a machine visiting your link. If your tracker counts it, you have a view no human made, timestamped before your recipient even saw the email.

The second source is link previewers. Paste a tracked link into Slack, iMessage, WhatsApp, LinkedIn or Teams, and the app fetches the URL to build the preview card — another recorded open, made by infrastructure. The third is ordinary crawlers, which find share links wherever they are posted. None of these visitors reads page four of your proposal; all of them can increment a view counter.

Can't you just filter bots by user-agent? No — 97% look like normal browsers

The obvious fix — discard visitors whose user-agent says “bot” — barely works. Of our 436 zero-engagement sessions, only 12 (2.8%) self-identified as automation in the user-agent string (names containing bot, crawler, preview, scan, headless and similar). The other 424 — 97.2% — presented ordinary browser user-agents. Across the full 3,036 sessions, declared bots were just 2.5%. In other words: if user-agent filtering were enough, our junk floor would be under 3%, not 14.4%.

This is by design. A security scanner that wants to see what a phishing victim would see must look like the victim's browser, so it announces itself as Chrome or Safari. Catching this traffic requires behavioural signals — did any page render, did any reading time accrue, did the session last longer than a second — which is exactly the measurement this article is built on, and something a tracker can only do if it records page-level engagement in the first place.

Is bot inflation steady? No — it arrives in bursts, from 0% to 42% of a month's views

You cannot correct for junk traffic by discounting a fixed percentage, because it does not arrive at a fixed rate. Here is the zero-engagement share of every month in the dataset. In our worst month, June 2026, 42.4% of all recorded views — 238 of 561 — were zero-engagement; three months earlier it was 1.7%.

Zero-engagement share of recorded PDF views by month (PDFTrackr production data, extracted 2026-07-14; July 2026 is partial, through 07-13).
MonthRecorded viewsZero-engagement viewsShare
2025-094500.0%
2025-1076810.5%
2025-112114621.8%
2025-1210932.8%
2026-01250145.6%
2026-021631710.4%
2026-0335561.7%
2026-04627396.2%
2026-054976012.1%
2026-0656123842.4%
2026-07 (partial)14253.5%

The burstiness matters more than the average. A crawler discovering a batch of share links, or one recipient's employer turning on a new email gateway, can double a document's apparent readership in a week. If you compared June's raw view counts to May's and concluded interest was surging, the data would be lying to you — nearly half of June's “views” read nothing.

What does junk traffic do to your analytics? It corrupts exactly the numbers you act on

Three practical consequences follow from the data above. First, the first “view” after you send a document is the least trustworthy number on your dashboard — scanners open links before delivery, so an open within seconds of sending is evidence of a security gateway, not an eager reader. Chasing it with a follow-up call embarrasses you. Second, averages break: hundreds of zero-second sessions drag every “average time spent” figure toward zero, which is why we report medians and 90th percentiles instead of means anywhere we publish reading statistics. Third, trends break: because the junk arrives in bursts, a raw view-count trend line measures scanner activity as faithfully as it measures readers.

The one metric automated traffic almost never fakes is per-page reading time. A scanner detonates a link and leaves; it does not spend ninety seconds on your pricing page. That asymmetry is the entire practical answer to bot inflation: track reading behaviour, not opens.

How to audit your own PDF view counts in four steps

You can estimate your own junk share with data most tracking dashboards already show. One prerequisite is honest to state: a PDF sent as a plain email attachment cannot be tracked at all — everything below assumes you shared the document as a tracked link, with a tool whose plan records page-level data.

  1. Compare total opens against sessions with page-level reading time. Views that never registered a single page are your zero-engagement floor. Ours was 14.4%.
  2. Check the timing of opens right after you hit send. An open within seconds of sending — especially to a corporate address — is the signature of a security scanner, not a reader.
  3. Look for sub-second sessions. Technically engaged, humanly meaningless. In our data they added 2.5 percentage points of junk on top of the floor.
  4. Treat the open count as a ceiling, and per-page dwell time as the signal. The view count is the maximum number of people who might have read your document; reading time tells you who actually did.

Which PDF tracking tools even address bot filtering? Almost none, openly

For a problem that touches every seventh view, the category is strikingly quiet. Checking vendors' own pricing and product pages: HummingDeck is the only competitor that markets automated-view filtering (screening email security scanners such as SafeLinks and Proofpoint), and its pages are ambiguous about whether that applies to its free tier. PDF Deck is sometimes credited with bot-filtered counts, but the claim appears nowhere on its own pricing page or homepage. Papermark, Peony and TrackPDF — the other free tools with page-level analytics — do not mention automated-view filtering on their pages at all. Nobody in the category publishes data on how big the problem is; that silence is why this article exists, and why we measured our own traffic first. Our free PDF tracking tools comparison scores every tool on this axis alongside the usual volume limits.

Until the category treats this as a disclosed, measured property of the data, the practical defence is the one in the audit steps above: insist on page-level engagement data, and read dwell time instead of the open counter. That is true whichever tool you use — including free PDF tracking on PDFTrackr, whose historical counts contain the exact junk share documented on this page.

Frequently asked questions

Why does my PDF show views but nobody responded?

Some of those views were likely never human. In our production data (3,036 sessions, measured 2026-07-14), 14.4% of recorded PDF views contained zero page engagement — typically email security scanners, link previewers, or crawlers opening the link. Check whether the views include any per-page reading time; a view with no reading time is not evidence anyone read the document.

Do email security scanners open links before the recipient does?

Yes. Microsoft's Safe Links documentation states that URLs are scanned prior to message delivery, and that URLs without a valid reputation are “detonated asynchronously in the background.” Proofpoint, Mimecast and similar gateways behave comparably. An open recorded seconds after you send an email is usually a scanner, not your recipient.

What percentage of PDF views are bots?

In our dataset of 3,036 tracked sessions (measured 2026-07-14), at least 14.4% of recorded views showed zero page engagement, and the monthly share ranged from 0% to 42.4% — it arrives in bursts, not at a steady rate. That is a floor, not the total: scanners that render pages escape the measurement. Industry-wide, Imperva's 2026 Bad Bot Report puts automated traffic at more than 53% of all web traffic in 2025.

How can I tell a bot view from a human view?

Not by user-agent: in our 2026-07-14 measurement, 97.2% of zero-engagement sessions presented ordinary browser user-agents. The reliable signals are behavioural — no page ever rendered, no reading time accrued, a sub-second session, or an open timed seconds after the email was sent. Per-page reading time is the strongest human signal, because automated visitors almost never generate sustained dwell.

Do link previews in Slack or iMessage count as PDF views?

Often, yes. When you paste a tracked link into Slack, iMessage, WhatsApp, LinkedIn or Teams, the app fetches the URL to build a preview card, and a tracker that counts every open records that fetch as a view. Unless your tool filters automated traffic, preview fetches inflate the count.

Can I trust the first view notification after sending a PDF?

Treat it with suspicion. Email security gateways scan links before or at delivery, so the first recorded open frequently precedes any human seeing the message. The trustworthy signal is a session with real per-page reading time, not the first open event.

Do PDF tracking tools filter out bot views?

Mostly no, and few even discuss it. Of the tools we track, HummingDeck is the only competitor marketing automated-view filtering (with unclear free-tier coverage); PDF Deck is often credited with it but makes no such claim on its own pages; Papermark, Peony and TrackPDF do not mention it. No vendor publishes data on the size of the problem — the 14.4% figure on this page is our own production measurement (2026-07-14), taken before any filtering.

Sources

  1. Microsoft Learn — Complete Safe Links overview for Microsoft Defender for Office 365 (URL scanning prior to delivery; background detonation) (accessed 2026-07-14)
  2. Imperva — 2026 Bad Bot Report announcement (automated traffic >53% of all web traffic in 2025) (accessed 2026-07-14)
  3. HummingDeck — Pricing (automated-view filtering marketing) (accessed 2026-07-13)
  4. PDF Deck — Pricing (no bot-filtering claim on its own pages) (accessed 2026-07-13)
  5. Papermark — Pricing (no automated-view filtering mentioned) (accessed 2026-07-13)
  6. Peony — Pricing (no automated-view filtering mentioned) (accessed 2026-07-12)

See who actually reads your PDFs

Create a free tracked link in under a minute — 500MB, 25 files, no credit card.

Start tracking free

Keep reading: how free PDF tracking works, the best free PDF tracking tools compared, and how to track PDF views step by step.

Oleh Tsyupa

Founder, PDFTrackr

Has analysed over 3,000 tracked document-viewing sessions on PDFTrackr.