[SalesForce] Visualforce: Why the display of an PDF-File inside an IFRAME works on a Sandbox but not in Production

On a Visualforce page I have an IFRAME like this:

<iframe class="viewer" src=""></iframe>

It starts up an shows nothing because src is blank. Good. To store the actual PDF I upload it as File (not the old Attachment). So technically I have a DocumentVersion which holds the blob of the pdf.

Now I use JS to update the src tag to show a PDF like this (where Id is set to a valid DocumentVersion id )

$('.viewer').attr('src',/sfc/servlet.shepherd/document/download/'+id)

On the sandbox, it works like a charm: the pdf will be loaded inside the iframe as expected.

Now if I deploy the same code on Production, the following happens: the IFRAME is not updated, but the PDF is downloaded by the browser.

The code I use is 100% identical – but behaves differently !!

I found so far, that the code is NOT the reason for this. The difference is caused just by the link I use. This itself is behaving differently:

/sfc/servlet.shepherd/document/download/ANY_VALID_CONTENTVERSION_ID_HERE

• On sandbox, chrome is using the internal PDF-Viewer to display the file. Which is what I want.
• On Production for a very short time (seconds only!) a new tab is opened and closed again and the PDF is downloaded instead of shown with the internal viewer.

I could not track it down, but I expect some headers are set differently by Salesforce causing that result.

Does anyone know more about the backgrounds on that or has encountered similar effects?

EDIT 1

I was able to dig deeper inside this issue inspecting the headers in detail as shown here: Files: Why ContentVersion /sfc/servlet.shepherd/document/download/ sometimes sets Content-Disposition=attachment and sometimes =inline

Basic issue is, that Content-Disposition needs to be inline but on production it gets attachment.