What you’re asking for would not be simple one liners due to the many possible scenarios. That’s why googling and researching them is recommended.
As a general rule, if you’re using SWAG to host a public website, like a company website and/or reverse proxy company nextcloud, etc. then turn all of those on for extra security.
But if you’re running a home lab where everything is behind something like Authelia and not publicly accessible, you don’t really need those.
With HSTS, once you turn it on, you can’t hit http sites anymore. So no more testing direct http connections like we recommend in this article, or apps that need http access like synclounge.