This applies to fetch API at least.
Based on bug 158565, this may be applicable to XHR as well.
XHR somehow gives this information by adding a debug message on the console log.
This is removed in bug 158565 as filtering is done at DocumentThreadableLoader level.
We could add a message on the console log detailing which headers are filtered out.
The inspector could also be enhanced to display all response headers and which are visible/not visible.