I have been beta testing blocking request (head, options, etc, but not get and post) and it seems to be going well with no downside. I have also been trying out normalizing the URLs to the origin and see no issues. If anyone has recommendations on the changes especially in Wordpress, I would definitely appreciate it and want to know before going live on all of my websites.
I would say it cannot be stated as a general rule of thumb, as far as some WordPress websites do not have to use like POST or PUT (WP REST API, wp-json, plugins etc.), while other have to - just an example.
You could try to block TRACE & TRACK for example.
Or, if you could for example, limit HEAD, GET and POST for some specific IP or some similar scenario, where you protect your Website from bad bots, possible attacks, etc. in terms of security measurements.
Furthermore, for better security, HTTP/1.0 too as follows on some useful #tutorials here: