I thought this was an interesting question, so I looked into how this could be possible. This is my opinion on your goal, but if others can weigh in with more experienced information then you may be better informed. Obviously not all VTs are HTTP so I will assume you mean HTTP-based VTs - not scan tasks.
Adding custom headers could be hard to universally accomplish on the VT level such as within NASL because VTs do not have a universal method for making HTTP requests. They use an variety of related functions. Most of those functions are imported to the VT via the http_func.inc file which includes:
http_send_recv()
http_get_remote_headers()
http_get()
http_open_socket()
http_get_req() // Which has a parameter to add custom headers but is not used by all VTs
As I said above, there is no single method that could be modified to add custom headers. To do it this way, you would have to audit and modify so many NASL files.
Also, while these all have one thing in common, they are passed to the NASL send() function, but this handles a raw socket for all protocols not only HTTP so it cannot be easily modified in this way. In the end, I BELIEVE it links back to gnutls_handshake() in openvas-scanner here.
Another possible way may be to pass all OpenVAS traffic through a content proxy that can modify only HTTP requests and then add your custom header. Of course this would need to handle HTTPS layer as well. OpenVAS uses gnutls functions which accept a list of CAs (cafile) to determine cert verification to complete the handshake. You would have to add your content proxy’s root certificate to that, which I believe is stored in the PostgreSQL database and loaded to Redis.
Anyway, this is just what I could determine from a brief investigation. Maybe this information would get you started, but unfortunately it is far from an exact answer - only a contribution to the community.
http_get() is a scanner internal function which is the “main” function to create HTTP requests and would require changes to the scanner code base (This probably will unlikely happen from Greenbone side and you would need to do own research and modifications)
Any modifications to sent out requests could cause e.g. a missing detection of a vulnerability (if e.g. a target is dropping requests if an unexpected HTTP header is received)
thus i would suggest to re-think this approach and solve it differently without the requirement to modify the requests.