Haven't popular browsers made some changes to how CORS works to interfere with attackers using timing attacks on the targeted cross-origins? And won't those interfere with part of the result from Blip (which hasn't been updated for 5 years)?