Comment by Borealid

The IPs are Cloudflare, the TLS fingerprint is uTLS Chrome, and the number of connections with xhttp is the same as your normal browsing.

If you are willing to block browsing all ordinary web sites fronted with a CDN, then yes you can block reality/xhttp. You cannot, however, differentially block it via any of the three things you mentioned.