Maybe providing the HTTP_POINT_ADDL_HEADER exit point was a bad idea. But, it was quite a long time ago that I added that (I don't remember when, but more than 15 years ago...) But the concept was to put all of the power in your hands. You can actually write your own data that's directly inserted into the HTTP protocol at the appropriate time, so anything you want to do, you can.
Problem with that is that you have to observe the rules of the HTTP protocol. HTTP standards for Headers are 'NAME: VALUE<CRLF>' so you have to have a CRLF at the end. It's what separates this header from the next one. To me this seemed very very simple, something that wasn't hard and gave you a lot of power. But, that was 15+ years ago -- today, I feel like it's more important to make things so simple that people can't screw them up.
This was part of the impetus for proving the HTTP_AUTH_USRDFN option... so you could just set values and not worry about the syntax of the HTTP protocol.