recommended security headers missing?

Since about a week I get this message:

Uw site verstuurt niet alle aanbevolen beveiliging headers.

Upgrade Insecure Requests
X-XSS protection
X-Content Type Options
Referrer-Policy
Expect-CT
X-Frame-Options
Permissions-Policy
HTTP Strict Transport Security

When I open .htaccess, all heders are there:

# Really Simple SSL
Header always set Strict-Transport-Security: "max-age=31536000" env=HTTPS
Header always set Content-Security-Policy "upgrade-insecure-requests"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
Header always set Expect-CT "max-age=7776000, enforce"
Header always set Referrer-Policy: "no-referrer-when-downgrade"
# End Really Simple SSL

And Redirect checker returns:

>>> https://www.kunstlokaalno8.nl
> --------------------------------------------
> 200 OK
> --------------------------------------------
Status:
200 OK
Code:
200
Date:
Mon, 27 Dec 2021 11:05:25 GMT
Content-Type:
text/html; charset=UTF-8
Connection:
close
Server:
Apache
Strict-Transport-Security:
max-age=31536000
Content-Security-Policy:
upgrade-insecure-requests
X-Content-Type-Options:
nosniff
X-XSS-Protection:
1; mode=block
Expect-CT:
max-age=7776000, enforce
Referrer-Policy:
no-referrer-when-downgrade
X-Pingback:
https://www.kunstlokaalno8.nl/xmlrpc.php
Link:
<https://www.kunstlokaalno8.nl/>; rel=shortlink
X-Dynamic-Cache:
1
Cache-Control:
max-age=600
X-Varnish-Host:
ip-172-16-1-103
X-Varnish:
6932960
Age:
0
Via:
1.1 varnish (Varnish/5.0)
Accept-Ranges:
bytes

So, all seems OK.

I refreshed the settings in Really Simple SSL, but nothing changed and the warning is still there.

What can I do?

The page I need help with: [log in to see the link]