diff -ruN squid-2.7.STABLE5/src/cf.data.pre squid-2.7.STABLE5-extaclheader/src/cf.data.pre
--- squid-2.7.STABLE5/src/cf.data.pre	2008-09-25 04:33:37.000000000 +0200
+++ squid-2.7.STABLE5-extaclheader/src/cf.data.pre	2008-12-12 15:38:20.000000000 +0100
@@ -457,6 +457,7 @@
 			(error also understood)
 	  log=		String to be logged in access.log. Available as
 			%ea in logformat specifications
+	  header=	Custom HTTP header(s) to add to the forwarded request.
 
 	If protocol=3.0 (the default) then URL escaping is used to protect
 	each value in both requests and responses.
diff -ruN squid-2.7.STABLE5/src/client_side_rewrite.c squid-2.7.STABLE5-extaclheader/src/client_side_rewrite.c
--- squid-2.7.STABLE5/src/client_side_rewrite.c	2008-07-21 22:18:50.000000000 +0200
+++ squid-2.7.STABLE5-extaclheader/src/client_side_rewrite.c	2008-12-12 15:40:00.000000000 +0100
@@ -137,6 +137,7 @@
 	    new_request->extacl_user = xstrdup(old_request->extacl_user);
 	if (old_request->extacl_passwd)
 	    new_request->extacl_passwd = xstrdup(old_request->extacl_passwd);
+	new_request->custom_header = stringDup(&old_request->custom_header);
 	requestUnlink(old_request);
 	http->request = requestLink(new_request);
     } else {
diff -ruN squid-2.7.STABLE5/src/external_acl.c squid-2.7.STABLE5-extaclheader/src/external_acl.c
--- squid-2.7.STABLE5/src/external_acl.c	2007-05-22 03:02:50.000000000 +0200
+++ squid-2.7.STABLE5-extaclheader/src/external_acl.c	2008-12-12 15:38:20.000000000 +0100
@@ -72,6 +72,7 @@
     char *passwd;
     char *message;
     char *log;
+    char *header;
     external_acl *def;
 };
 
@@ -582,6 +583,8 @@
     }
     if (entry->log)
 	stringReset(&ch->request->extacl_log, entry->log);
+    if (entry->header)
+	stringReset(&request->custom_header, entry->header);
     return result;
 }
 
@@ -813,10 +816,11 @@
     safe_free(entry->user);
     safe_free(entry->message);
     safe_free(entry->log);
+    safe_free(entry->header);
 }
 
 static external_acl_entry *
-external_acl_cache_add(external_acl * def, const char *key, int result, char *user, char *passwd, char *message, char *log)
+external_acl_cache_add(external_acl * def, const char *key, int result, char *user, char *passwd, char *message, char *log, char *header)
 {
     external_acl_entry *entry = hash_lookup(def->cache, key);
     debug(82, 2) ("external_acl_cache_add: Adding '%s' = %d\n", key, result);
@@ -836,6 +840,9 @@
 	safe_free(entry->log);
 	if (log)
 	    entry->log = xstrdup(log);
+	safe_free(entry->header);
+	if (header)
+	    entry->header = xstrdup(header);
 	external_acl_cache_touch(def, entry);
 	return entry;
     }
@@ -855,6 +862,8 @@
 	entry->message = xstrdup(message);
     if (log)
 	entry->log = xstrdup(log);
+    if (header)
+	entry->header = xstrdup(header);
     entry->def = def;
     hash_join(def->cache, &entry->hash);
     dlinkAdd(entry, &entry->lru, &def->lru_list);
@@ -908,6 +917,7 @@
  *   user=        The users name (login)
  *   message=     Message describing the reason
  *   log=         A string to be used in access logging
+ *   header=      Custom headers
  *
  * Other keywords may be added to the protocol later
  *
@@ -930,6 +940,7 @@
     char *passwd = NULL;
     char *message = NULL;
     char *log = NULL;
+    char *header = NULL;
     external_acl_entry *entry = NULL;
 
     debug(82, 2) ("externalAclHandleReply: reply=\"%s\"\n", reply);
@@ -955,6 +966,8 @@
 		    message = value;
 		else if (strcmp(token, "log") == 0)
 		    log = value;
+		else if (strcmp(token, "header") == 0)
+		    header = value;
 		else if (strcmp(token, "password") == 0)
 		    passwd = value;
 		else if (strcmp(token, "passwd") == 0)
@@ -965,7 +978,7 @@
     dlinkDelete(&state->list, &state->def->queue);
     if (cbdataValid(state->def)) {
 	if (reply)
-	    entry = external_acl_cache_add(state->def, state->key, result, user, passwd, message, log);
+	    entry = external_acl_cache_add(state->def, state->key, result, user, passwd, message, log, header);
 	else {
 	    external_acl_entry *oldentry = hash_lookup(state->def->cache, state->key);
 	    if (oldentry)
diff -ruN squid-2.7.STABLE5/src/http.c squid-2.7.STABLE5-extaclheader/src/http.c
--- squid-2.7.STABLE5/src/http.c	2008-09-25 04:33:37.000000000 +0200
+++ squid-2.7.STABLE5-extaclheader/src/http.c	2008-12-12 15:38:20.000000000 +0100
@@ -1415,6 +1415,9 @@
 	httpHeaderClean(&hdr);
 	packerClean(&p);
     }
+    /* append custom headers */
+    if (strLen(orig_request->custom_header))
+	memBufAppend(mb, strBuf(orig_request->custom_header), strLen(orig_request->custom_header));
     /* append header terminator */
     memBufAppend(mb, crlf, 2);
     return mb->size - offset;
diff -ruN squid-2.7.STABLE5/src/HttpRequest.c squid-2.7.STABLE5-extaclheader/src/HttpRequest.c
--- squid-2.7.STABLE5/src/HttpRequest.c	2007-12-13 02:20:48.000000000 +0100
+++ squid-2.7.STABLE5-extaclheader/src/HttpRequest.c	2008-12-12 15:38:20.000000000 +0100
@@ -74,6 +74,7 @@
     if (req->range)
 	httpHdrRangeDestroy(req->range);
     stringClean(&req->extacl_log);
+    stringClean(&req->custom_header);
     if (req->vary) {
 	if (req->etags == &req->vary->etags)
 	    req->etags = NULL;
diff -ruN squid-2.7.STABLE5/src/structs.h squid-2.7.STABLE5-extaclheader/src/structs.h
--- squid-2.7.STABLE5/src/structs.h	2008-09-25 04:33:37.000000000 +0200
+++ squid-2.7.STABLE5-extaclheader/src/structs.h	2008-12-12 15:38:20.000000000 +0100
@@ -1963,6 +1963,7 @@
     void *body_reader_data;
     struct in_addr out_ip;
     String extacl_log;		/* String to be used for access.log purposes */
+    String custom_header;	/* Custom headers to add to the request */
     const char *extacl_user;	/* User name returned by extacl lookup */
     const char *extacl_passwd;	/* Password returned by extacl lookup */
 #if FOLLOW_X_FORWARDED_FOR