[Solved] Help with header security

i was checking my site with https://securityheaders.com/ and got this Screenshot by Lightshot
with my other sites i only get a warning about strict-transport-security.
im successfully getting a SSL certificate from lets encrypt.
whats your recommendation?
Edit: mostly solved this already, the remaining parts is cross-origin and an issue with authellia lacking strict-transport-security(asking them about it)