You can manage the Strict-Transport-Security header here:
However, that max-age does not look like one of the options available in the Cloudflare dashboard, so it is probably being set elsewhere.
There are also some apps (like Fortify) that can manage headers. You can manage your Cloudflare apps here: https://dash.cloudflare.com/?to=/:account/:zone/apps
If you have not used the HSTS setting in the dashboard, and have no apps or Workers running, then this is coming from your origin. You can confirm by running a command like the following, replacing the IP Address with the IP address of your origin.
curl https://www.alzheimer-research.eu --dump-header - -o /dev/null --resolve www.alzheimer-research.eu:443:**OriginIPAddress**
If you are using SSL Flexible (not recommended) then the command will look like this:
curl http://www.alzheimer-research.eu --dump-header - -o /dev/null --resolve www.alzheimer-research.eu:80:**OriginIPAddress**