Third party security audit firm's report shows that there is a vulnerability with NetSuite on port 80, IP 22.214.171.124 (shopping.netsuite.com).
Point to be noted here is that shopping.netsuite.com is http meaning that it is not secure. Shoppers are automatically directed to secure pages, checkout.netsuite.com (https), as soon as they click on the "Proceed to checkout" button. Therefore when the security audit is executed on shopping.netsuite.com, it shows it as a vulnerability.
Contact the third party security audit firm and inform them that shopping.netsuite.com is not a secure domain and therefore they need to perform a re-scan keeping this in mind.