Hi Ronald,
I did not get what you said...could you be more clear as i am a beginner at all this. If that is not the right way what is the other way i can use??
He's just saying that you can manually submit the referrer and trick the page to thinking another page requested it. So if your header_1 was public, and your header_2 was private, it would be reasonably easy to get to your header_2 by making a fake request name. Not exactly sure how it works, but just becareful what you put in your headers if you use that method, as they are not very secure.
Another way would be to check the logins... Do you use a login system? As in can people register on your site?