Disable HTTP OPTIONS method and Disable TCP Timestamp responses

a. Like what iaine mentioned, you can use the known methods setting in the HTTP profile to reject/reset the connection. Alternatively you can use an iRule to either reject or return a HTTP 501 response. For more information, refer to https://support.f5.com/csp/article/K34769490. Also if you have ASM module licensed and provisioned, the ASM security policy would block OPTIONS method by default.

b. There is a potential performance tradeoff when TCP Timestamp is disabled in either the TCP profile (Timestamps Extension for High Performance (RFC 1323) setting) or the FastL4 profile (TCP Timestamp Mode setting). You may want to consider randomising the TCP Timestamp instead by enabling this db key tm.tcpsendrandomtimestamp. For more details, you may want to take a look at https://support.f5.com/csp/article/K8072.