Note that NSS isn’t an Inrupt product, it is a legacy community project that preceded CSS.
The Inrupt product, ESS (for Enterprise Solid Server) implements the latest Solid-OIDC, and returns an UMA-compliant WWW-Authenticate header with an as_uri parameter on unauthenticated requests. If you have a Pod on Podspaces, you can use any REST client to check this by issuing a GET request to your Pod root.
Podbrowser is using @inrupt/solid-client-authn-browser, so what is relevant to your question is the behaviour of the library. For the time being, it does not implement reactive authorization, where an unauthenticated request is sent in order to discover authentication mechanisms based on the WWW-Authenticate header of the 401 response. Instead, it implements the legacy behaviour that was in place before the current version of then Solid-OIDC specification, namely it relies on the Resource Server accepting the Access Token issued by the OpenId Provider. In other words, it implements preemptive authorization, by sending a token along the request without the initial round-trip. This legacy behavior is currently supported by all major Solid Server implementations, and it isn’t mutually exclusive with the mechanism described in Solid-OIDC, so there is no plan I’m aware of to remove this mechanism in the short term. We will be working in the future on implementing reactive authentication in @inrupt/solid-client-authn-*.