A very simple-minded aproach. Perhaps not nice, but needs only adminship
(if you keep it for trusted people) and the AbuseFilter extension. Create a
subpage called* /header* for each page, and protect it.
Then install a filter that won't let the user to save the page unless itt
begins with the {{/header}} string.
No hooks neccessary.
--
Bináris