The earliest recollection of this bug is traced back to PAN-OS 9.1.11 - July 29, 2024.
This bug is fixed in PAN-OS versions 9.1.11.
Fixed an issue where, when the CLI command oscp-exclude-nonce-yes was enabled for a certificate profile, a nonce value was still included in the Online Certificate Status Protocol (OCSP) request.
For more information:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-11-addressed-issues