You can either use the method in this forum topic to whitelist HEAD requests from the UptimeRobot > https://forum.ait-pro.com/forums/topic/security-log-entries-for-uptimerobot-head-requests/#post-41374
Or you can can use the method below.
Copy the htaccess code below to this BPS Root Custom Code text box: 9. CUSTOM CODE REQUEST METHODS FILTERED
Click the Save Root Custom Code button.
Go to the Security Modes tab page, click the Root Folder BulletProof Mode Activate button.
Note: If you are unable to save this custom code to BPS Custom Code (nothing happens, errors or you are redirected to your website home page) click the Encrypt Custom Code button and then click the Save Root Custom Code to bypass/evade ModSecurity installed on your host server.
# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]