Restrict PDF Download from Browser While Allowing Preview in Pega

General
1

Hi Team,

I have a requirement where a PDF file is generated in a Pega case and needs to be displayed to the user for preview only.

Currently:

  • The PDF is being opened/viewed successfully in the browser.

  • However, the user is also able to download the PDF using the browser’s download option, which is not controlled by Pega.

Requirement:

We need to:

  • Allow users to view (preview) the PDF

  • Restrict or disable download options from the browser side (not Pega UI controls)

Challenges:

  • Even after restricting download options within Pega (like disabling actions in UI), the browser PDF viewer still provides options such as:

    • Download

    • Print

  • These controls are part of the browser, not Pega.

Ask:

  • Is there any approach in Pega or integration layer to:

    • Prevent or restrict download from the browser PDF viewer?

    • Render PDF in a secured viewer where download/print options can be controlled?

  • Has anyone implemented a secure document preview mechanism for such cases?

2

If the browser is able to preview the PDF, it means the file has already been loaded into the user’s local directory. Because of this, it is technically impossible to completely prevent a determined user from downloading it.

You can try hiding or restricting the visibility of the download button by using specific attributes or tags within your iframe (for reference on how this is handled on the browser side, check out this Stack Overflow discussion on hiding the Chrome PDF viewer download button). However, keep in mind that if a user is tech-savvy, they will still be able to find a way to extract and download the file.

3

In a standard browser-based PDF preview, it is generally not possible to fully prevent download or print once the PDF is rendered in the browser. The toolbar and actions such as Download/Print are controlled by the browser’s PDF viewer, not by Pega, and the document has already been delivered to the client at that point.

What Pega can do is improve the design by streaming the PDF inline, avoiding attachment persistence where possible, disabling caching, and using a short-lived secured URL. If you need stronger control, use an in-app secured PDF viewer or enterprise document-protection solution, but even those usually only reduce or discourage download rather than guaranteeing prevention.