How can I securely transmit JWT between microservices across different domains without exposing the token in the URL? What secure mechanisms can I use to enable cross-domain authentication?