They are not being added as headers of the message, as defined by https://tools.ietf.org/html/rfc5322 (which would not affect the DKIM signature). They're being added as MIME body part headers within a multipart construct, as defined by https://tools.ietf.org/html/rfc2045 (DKIM does not have a mechanism for signatures to survive this type of modification.)
Elements in the mail system that verify signatures are referred to as
Verifiers. These may be MTAs, Mail Delivery Agents (MDAs), or MUAs.
In most cases, it is expected that Verifiers will be close to an end
user (reader) of the message or some consuming agent such as a
mailing list exploder.