console.log("Respuesta del servidor: ", respuesta);
Note: It is recommended that you make use of the scripts in directions outside of your HTML root document, due to better programming practices.
Second, if your error persists since the return of your server, it throws the following to what you mention in one of your comments:
Failed to load website.com/un%20pedido: Redirect from
'website.com/un%20pedido'; to 'website.com/un%20pedido'; has been
blocked by CORS policy: No 'Access-Control-Allow-Origin' header is
present on the requested resource. Origin 'website.com'; is therefore
not allowed access.
the data that comes via AJAX must belong to the same domain. In the event that this is not the case, the application will not be able to load the data due to security limitations. The problems begin when we have applications that need access to that data but are not under the same domain. A very common example is a Mobile application packaged with PhoneGAP or in Ionic with Angular. So when you upload your app to a server it will respond correctly, it is only a limitation when you are working locally (this as an example in an environment similar to the one mentioned)
You can download an add-on for the browser either Chrome (it's easier) or another one of your preference. Look for it by that name CORS and it will help you, you just have to link the web address to which you make your request with ajax. And in this way you allow the connection between both parties.
Another possibility is that the document or file to which you point is coded to avoid security problems, and in this way can not be used from an external application (A domain X to a domain Y).
So, what you would do is use this type of headers so that you can receive the request correctly (If in your case you have access to such a file and of course, that is the backend in PHP):
//* es un comodin para desplegar la información a cualquier servidor que realice la peticion.
//Debemos dar permisos de acuerdo a la llamada o metodo que necesites GET,POST,UPDATE.
header('Access-Control-Allow-Methods', 'GET, POST');
//Para formatos JSON se debe asignar el encabezado correspondiente.