Scenario:
I have a php script on my website (website1.com/test.php)
Another website uses an iframe to make it look like my test.php page is on their site (website2.com/smoke-and-mirrors.php)

Question:
I want to stop anyone from browsing to website1.com/test.php, and only allow website2.com to access it. So that it can only be viewed through website2.com/smoke-and-mirrors.php.

More Info
The goal is to sell access to the pages i develop and allow my clients to make it look like the page is on their site.

From my googleing, it sounds like the an .htaccess REWRITE rule might do this?
I would prefer to do it in PHP though as that is what I am best at.
I have tried the $_SERVER['HTTP_REFERER'] global variable, but found that it is not reliable.

Edit: Maybe some type of iframe authentication via an ip address? As the website2.com ip address would be static.

Any help would be much appreciated.