The problem is because you are making a cross-domain AJAX request, which prevented by browser security - see the Same Origin Policy.
The request is expecting you to be making a request to a CORS enabled domain, hence why it is complaining about the non-existant header.
You either need to change your request to jsonp
type, or use a server-side proxy to get the data.