hotlink protection check header 200 is coming but page is protected

Question

"hotlink" detection is normally performed on the referrer header. Your example won't send a referrer so the remote side is assuming it's a direct request.

You can add a referrer header to the get_headers() call using stream_context_set_default(). Example below. There's not really even a need to change the header value I've provided... I'd think it can be anything.

<?php
$default_opts = array(
  'http'=>array(
    'method'=>"GET",
    'header'=>"Referer: http://www.fakesite.com/hotlink-check/",
  )
);

stream_context_set_default($default_opts);

$url = 'http://s.wallpaperhere.com/thumbnails/preview/20130702/51d3b5478d616.jpg';
print_r($headers = get_headers($url, 1));

if (preg_match('/200 OK$/', $headers[0])) {
        echo 'OK';
}
else {
        echo 'Not OK';
}

I've tested this with your example URL and it works as expected. Output below:

Array
(
    [0] => HTTP/1.1 403 Forbidden
    [Server] => cloudflare-nginx
    [Date] => Wed, 18 Dec 2013 16:57:54 GMT
    [Content-Type] => text/html; charset=UTF-8
    [Connection] => close
    [Set-Cookie] => __cfduid=de5cd2750b3e7c528e277df1e584c3a6c1387385874336; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.wallpaperhere.com; HttpOnly
    [Cache-Control] => max-age=10
    [Expires] => Wed, 18 Dec 2013 16:58:04 GMT
    [CF-RAY] => ded65129fde0610
)
Not OK