Are webpage QR codes private when generated locally?
Local generation helps, but it does not make a link harmless. This is the boundary worth understanding before you share a QR code.
People often hear "local generation" and assume the whole thing is now private. That instinct is not wrong, but it goes too far. The QR code may be generated locally, but it still contains the same link. If the link is sensitive, the code is sensitive too.
What local generation means
Local generation means the QR pattern is created in the browser. The link does not have to be uploaded to a server just to make the code.
For everyday links, that is usually enough. Give the tool a URL, generate the code, and scan or share it.
What local generation does not change
The QR code still carries the link. Anyone who can scan or view it may be able to open that destination. If the URL includes tokens, private document IDs, or internal paths, treat the QR code the same way.
One more boundary matters here: local generation only describes the creation step. It says nothing about whether the destination site logs visits afterward.
A practical privacy checklist
Before you drop a QR code into a slide, a poster, a support message, or a public document, stop and ask whether that audience should really have that link.
- Use public links for public materials.
- Avoid URLs that include personal tokens or one-time access keys.
- For internal pages, share only with people who already have access.
- Regenerate the QR code if the destination link changes.
Local generation is a good default. It solves where the code gets created. It does not solve whether the link itself should be shared.