PDF's by their very nature are binary files and thus have no native protection unless the source requires a release code to allow download or the viewer includes a DRM method. Alternatively on, one method is to scramble (encrypt) so athe PDF. So an opener password is needed to unscramble the key PDF readers functionality.
This is why many sites include a challenger mechanism, like a region IP block, cookies, captchas or timer-based limitation.
Likewise, some sites / PDF files may even in the past have tested for Adobe DRM Reader is the viewer.
Since a PDF must download to view the security is often introduced by cookies testing for browsers. Also the URL is not a /file.pdf but an instructive URL. Thus, without Agent cookies or a true filename a PDF reader can not download a file.
The given example is a Public file and in its response has
Content-Disposition: inline; filename="2025_1214_Citizens_Bank_N_A_v_Jose_L_Benitez_SR_et_al_NOTICE_OF_PENDENCY_6.pdf"
This indicates it is not protected at all but does expect a browsers signature (user Agent) to allow for "inline" Dispositioning from server to recipient.
Thus to easily download and view you just need to signal as a browser user. NOTE: This shows that in this case cookies and other automatic challenge bypass is not needed the file is NOT protected, however, may not work for more complex cases.
cURL -Lo file.pdf -A "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/81.0" https://iapps.courts.state.ny.us/nyscef/ViewDocument?docIndex=cdHe_PLUS_DaUdFKcTLzBtSo6zw==
