Tangential: I’ve long been mystified by sites that deploy their own server-provided PDF reader, especially if they also offer (maybe in hidden ways) a simple download of the PDF.
It seems like deploying a bunch of JS that may be broken by browsers *or their security config* is far more fragile than just offering a PDF for the browser to handle in whatever way it can.
The only logically sound rationales I can come up with are evil. Every other excuse is just stupid.