These new headers increase the size of an HTTP request and coupled with attacker-controlled headers or header values could be used to carry out certain cookie-size sniffing attacks.

Privacy measures in browsers might invalidate some of these attacks, but the privacy boundary is typically not the origin, at least in today's implementations.