Thank you for reaching out to Constant Contact API Developer Support, and for your patience. My team is here to assist outside software developers with questions about building into Constant Contact's API.
It looks like you are using the V2 version of our API. Switching to our V3 API should resolve the issue you are having. In V3, CORS is supported and the response should include an Access-Control-Allow-Origin header.
Unfortunately we do not support CORS on our V2 API and it can only be called from the back end of a website. There are no current plans to implement cross-origin resource sharing on V2, so you would need to use a server-side process to make the actual calls to our API or switch to the V3 API. Solutions that others have used with V2 is to have a separate server and pass data via AJAX to that separate server, then make the API calls on your server behind the scenes.
Getting Started with V3 API https://v3.developer.constantcontact.com/api_guide/index.html
... View more