That could be easily spoofed by requiring just some username on the server side, assuming you set up your web presence such that these links always include some username. The HEAD request won't help you there.
This won't help that much, because this means you can only visit the website with some authentication string, otherwise the browser will prompt for your credentials.