Apart from what F-ES Sitecore has said, your users can always take screenshots of the file if you lock other options like mouse right-click or iframe save. Then a simple OCR can provide all the content in that PDF. A few years back when I was working on a similar approach I disabled the mouse right-click to prevent most actions using JavaScript — same for
CTRL +
P etc. But this leads to a poor UX for the users. Here is the link for that answer;
html - Protect image download - Stack Overflow[
^], although this is for images but the concept is same for other files too.
A good approach is to trust the users with the content and do not expect anything else, and I highly recommend
letting the users download or print the PDF because that way they trust your website and are likely to return and support your business model.
You can try to authorize the users before rendering the PDF file so that you know who is reading the content. This also depends on the PDF viewer that you are using and you might be able to use JavaScript to disable the save button, but like F-ES Sitecore said the PDF file is already on the machine, and, — wait for it... — you would need to encrypt the file using certificates or other algorithms to prevent off-site previewing.