_web.config

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <httpProtocol>
            <customHeaders>
                <add name="X-UA-Compatible" value="IE=edge" />
                <add name="Cache-Control" value="Public" />
            </customHeaders>
        </httpProtocol>
        <rewrite>
            <rules>
                <clear />

                <rule name="TYPO3 - Block access to composer files">
                    <match url="composer\.(?:json|lock)" ignoreCase="true" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
                </rule>
                <rule name="TYPO3 - Block access to flexform files">
                    <match url="flexform[^.]*\.xml" ignoreCase="true" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
                </rule>
                <rule name="TYPO3 - Block access to language files">
                    <match url="locallang[^.]*\.(?:xml|xlf)$" ignoreCase="true" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
                </rule>
                <rule name="TYPO3 - Block access to static typoscript files">
                    <match url="ext_conf_template\.txt|ext_typoscript_constants\.txt|ext_typoscript_setup\.txt" ignoreCase="true" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
                </rule>
                <rule name="TYPO3 - Block access to miscellaneous protected files">
                    <match url="/.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|dist|fla|in[ci]|log|sh|sql)$" ignoreCase="true" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
                </rule>
                <rule name="TYPO3 - Block access to recycler and temporary directories">
                    <match url="_(?:recycler|temp)_/" ignoreCase="false" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
                </rule>
                <rule name="TYPO3 - Block access to configuration files stored in fileadmin">
                    <match url="fileadmin/(?:templates)/.*\.(?:txt|ts)$" ignoreCase="false" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
                </rule>
                <rule name="TYPO3 - Block access to libaries, source and temporary compiled data">
                    <match url="^(?:vendor|typo3_src|typo3temp/var)" ignoreCase="false" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
                </rule>
                <rule name="TYPO3 - Block access to protected extension directories">
                    <match url="(?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/" ignoreCase="false" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
                </rule>
                <rule name="TYPO3 - Static File Directories" stopProcessing="true">
                    <match url="^/(typo3|typo3temp|typo3conf|t3lib|tslib|fileadmin|uploads|showpic\.php|favicon\.ico)$" />
                    <action type="None" />
                </rule>
                <rule name="TYPO3 - If the file/directory does not exist => Redirect to index.php." stopProcessing="true">
                    <match url="^.*$" ignoreCase="false" />
                    <conditions logicalGrouping="MatchAll">
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                    </conditions>
                    <action type="Rewrite" url="index.php" appendQueryString="true" />
                </rule>

            </rules>
        </rewrite>
        <staticContent>
            <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="8.00:00:00" />
        </staticContent>
    </system.webServer>
</configuration>