Anything in the HTML is going to be accessible to users. The same holds true for hidden input elements. Never reveal sensitive data in html via hidden form inputs or otherwise. Doing so is a huge security vulnerability. Like others have stated there is a more appropriate way to solve your problem.
but if it was done using an ajax in a function you could set the secret bit in the php page the ajax is calling, without the user seeing what it is. If someone looked at the html they would just see the ‘onlick function’
I have a really simple ajax function that just inserts a vote into a table when someone clicks a link, but it could do anything like set a cookie or variable.
“I want people to be able to download content to their browser, but not to be able to have the content on their computer.”
Maybe <input type="hidden" would more accurately be <input type="not_rendered"
I imagine a good number of people don’t know about “view source” or “F12”, but I would not rely on that in keeping something hidden.
In terms of links, there are GET variables.
These can be obvious such as index?lang=en or less obvious as “friendly” URLs index/en/