This is an example of how you can embed CORS proxy browser in invisible iframe and send remote commands to it via HTML5 postMessage().
You can send commands to fetch cross origin URLs and receive the responses. In fact, even this remote controller page can be cross-origin to browser.html