I want to protect my web files and well, everyone knows that when a visitor comes to your website he can just press ctrl+u and see the whole structure of the webpage, but i have a very very very important file linked as an iframe on my website so it can work and i would like none visitor to see that page linked in the src of iframe.
I know that along as i have the iframe link they will be able to access to the doc like this:

HTML Code:
<iframe src=http://myveryimportantdocument.com[B]/document.php[/B] width=0 height=0></iframe>
... So the visitor is going to be able to see the src and to go in, and i dont want them to, not even by curiosity but i i want the iframe link only be accesible by iframe so it loads every time i get a visitor.

Lets say that i have in "document.php" this little code:

HTML Code:
if (!preg_match('/myveryimportantdocument\.com/i', $_SERVER['HTTP_REFERER']))

	exit('<h1>404 Not found</h1>');
That only makes that if a visitor writes "http://myveryimportantdocument.com/document.php" in the url bar of the browser he would only see an "404 error not found", however, if someone clicks the src of the iframe directly in the source code there will be no "404 error not found" (because of the http referer php code) and he would be able to see the document and of course the source code of document.php
Of course, document.php does not show php codes but it does have html codes so thats what i dont want them to see.

The solutions i have been thinking are questions:

┐How can i make document.php only viewable if someone links by iframe?
┐How can i make unaccesible this content from my visitors (It has to work as an iframe everytime i get a visitor)?
Or harder, ┐how can i hide the html codes in this document.php file?

What are your recommendations and advises?

Thank you for your help, ill be attentive to the answers.