This directive works in conjunction with header_access. If you use header_replace, Squid replaces HTTP headers that are denied (removed) by an header_access rule. In other words, an HTTP header must be filtered out by header_access before it can be replaced by header_replace.
header_replace isn’t especially flexible. You can only define one replacement value for each header. You can’t, for example, use one value for some requests and a different value for others.
Changing HTTP request and response headers is a violation of HTTP.
header_replace User-Agent Nutscrape/1.0 (CP/M; 8-bit)