You can also check for various headers to determine (with quite good accuracy) if a link was clicked by a human or fetched programatically. Here's a list I've accumulated over the years for virtually the same feature as yours:
- `sec-fetch-dest` header is present (HUMAN)
- `accept` header is present (HUMAN)
- `from` header is bingbot(at)microsoft.com (AUTOMATED)
- `user-agent` header includes BingPreview (AUTOMATED)
Also most humans do use browsers, so if you don't have any following requests for resources like scripts, images or just the favicon, you probably got visited by a bot.
- `sec-fetch-dest` header is present (HUMAN)
- `accept` header is present (HUMAN)
- `from` header is bingbot(at)microsoft.com (AUTOMATED)
- `user-agent` header includes BingPreview (AUTOMATED)
HTH