You can't reliably protect your content without coming up with a password-based system (or something else like that, involving the client presenting some secure credentials). The "REFERER" header is unreliable, but fairly useful if you're not trying to use it for security purposes.
"Referer" shows up as a request header, with that odd spelling. It provides the URL of the page from which the GET request was generated. It's not secure because it's completely under control of the client browser. It may be missing, or it may contain bogus data.