Requiring webassembly will break the website for most privacy hardened browsers (arkenfox, Librewolf, cromite, Mullvad, etc). Webassembly is disabled for security and privacy reasons in these browsers. Not worth IMO. See a short snippet of Arkenfox’s reasoning here: https://arkenfox.github.io/gui/?s=javascript.options.wasm
I very much recommend Kicksecure hardened Debian as a daily driver. Eventually I will test gaming on Kicksecure making use of the steam flatpak, but I currently dont have the time.
IIRC, there is a way to force hardened_malloc for flatpaks, but this breaks many flatpak applications. For another hardened by default OS distromorph (the process of turning one distro into another closely related derivative OS) check out secureblue