You can detect the HTTP referer in customer_info.php by $SERVER['HTTPREFERER']. If it's from your own site, then it's OK to display the information. If there's no referer or a different referer other than your own site, deny access. But this can be forged. You don't have confidentiality of anything you send to the client.