All custom headers used by auth-vir.
Used to track if the current user is signed in only with a sign-up cookie, which prevents us from prematurely wiping their CSRF token.
All custom headers used by auth-vir.