diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index 056f5ddb..b1f572c3 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -28,6 +28,7 @@ import (
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/updater"
 	"github.com/cloudflare/cloudflared/config"
 	"github.com/cloudflare/cloudflared/connection"
+	"github.com/cloudflare/cloudflared/features"
 	"github.com/cloudflare/cloudflared/ingress"
 	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/management"
@@ -398,8 +399,11 @@ func StartServer(
 		}
 	}
 
-	mgmt := management.New(c.String("management-hostname"))
-	localRules := []ingress.Rule{ingress.NewManagementRule(mgmt)}
+	localRules := []ingress.Rule{}
+	if features.Contains(features.FeatureManagementLogs) {
+		mgmt := management.New(c.String("management-hostname"))
+		localRules = []ingress.Rule{ingress.NewManagementRule(mgmt)}
+	}
 	orchestrator, err := orchestration.NewOrchestrator(ctx, orchestratorConfig, tunnelConfig.Tags, localRules, tunnelConfig.Log)
 	if err != nil {
 		return err
diff --git a/cmd/cloudflared/tunnel/configuration.go b/cmd/cloudflared/tunnel/configuration.go
index 8e58a12d..adcc82ef 100644
--- a/cmd/cloudflared/tunnel/configuration.go
+++ b/cmd/cloudflared/tunnel/configuration.go
@@ -25,6 +25,7 @@ import (
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/edgediscovery"
 	"github.com/cloudflare/cloudflared/edgediscovery/allregions"
+	"github.com/cloudflare/cloudflared/features"
 	"github.com/cloudflare/cloudflared/ingress"
 	"github.com/cloudflare/cloudflared/orchestration"
 	"github.com/cloudflare/cloudflared/supervisor"
@@ -40,8 +41,7 @@ var (
 	serviceUrl      = developerPortal + "/reference/service/"
 	argumentsUrl    = developerPortal + "/reference/arguments/"
 
-	secretFlags     = [2]*altsrc.StringFlag{credentialsContentsFlag, tunnelTokenFlag}
-	defaultFeatures = []string{supervisor.FeatureAllowRemoteConfig, supervisor.FeatureSerializedHeaders, supervisor.FeatureDatagramV2, supervisor.FeatureQUICSupportEOF}
+	secretFlags = [2]*altsrc.StringFlag{credentialsContentsFlag, tunnelTokenFlag}
 
 	configFlags = []string{"autoupdate-freq", "no-autoupdate", "retries", "protocol", "loglevel", "transport-loglevel", "origincert", "metrics", "metrics-update-freq", "edge-ip-version", "edge-bind-address"}
 )
@@ -216,13 +216,13 @@ func prepareTunnelConfig(
 		transportProtocol = connection.QUIC.String()
 	}
 
-	features := dedup(append(c.StringSlice("features"), defaultFeatures...))
+	clientFeatures := dedup(append(c.StringSlice("features"), features.DefaultFeatures...))
 	if needPQ {
-		features = append(features, supervisor.FeaturePostQuantum)
+		clientFeatures = append(clientFeatures, features.FeaturePostQuantum)
 	}
 	namedTunnel.Client = tunnelpogs.ClientInfo{
 		ClientID: clientID[:],
-		Features: features,
+		Features: clientFeatures,
 		Version:  info.Version(),
 		Arch:     info.OSArch(),
 	}
diff --git a/features/features.go b/features/features.go
new file mode 100644
index 00000000..eb83c1fc
--- /dev/null
+++ b/features/features.go
@@ -0,0 +1,29 @@
+package features
+
+const (
+	FeatureSerializedHeaders = "serialized_headers"
+	FeatureQuickReconnects   = "quick_reconnects"
+	FeatureAllowRemoteConfig = "allow_remote_config"
+	FeatureDatagramV2        = "support_datagram_v2"
+	FeaturePostQuantum       = "postquantum"
+	FeatureQUICSupportEOF    = "support_quic_eof"
+	FeatureManagementLogs    = "management_logs"
+)
+
+var (
+	DefaultFeatures = []string{
+		FeatureAllowRemoteConfig,
+		FeatureSerializedHeaders,
+		FeatureDatagramV2,
+		FeatureQUICSupportEOF,
+	}
+)
+
+func Contains(feature string) bool {
+	for _, f := range DefaultFeatures {
+		if f == feature {
+			return true
+		}
+	}
+	return false
+}
diff --git a/supervisor/tunnel.go b/supervisor/tunnel.go
index 1b047ee1..320c3ac9 100644
--- a/supervisor/tunnel.go
+++ b/supervisor/tunnel.go
@@ -19,6 +19,7 @@ import (
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/edgediscovery"
 	"github.com/cloudflare/cloudflared/edgediscovery/allregions"
+	"github.com/cloudflare/cloudflared/features"
 	"github.com/cloudflare/cloudflared/h2mux"
 	"github.com/cloudflare/cloudflared/ingress"
 	"github.com/cloudflare/cloudflared/orchestration"
@@ -31,14 +32,7 @@ import (
 )
 
 const (
-	dialTimeout              = 15 * time.Second
-	FeatureSerializedHeaders = "serialized_headers"
-	FeatureQuickReconnects   = "quick_reconnects"
-	FeatureAllowRemoteConfig = "allow_remote_config"
-	FeatureDatagramV2        = "support_datagram_v2"
-	FeaturePostQuantum       = "postquantum"
-	FeatureQUICSupportEOF    = "support_quic_eof"
-	FeatureManagementLogs    = "management_logs"
+	dialTimeout = 15 * time.Second
 )
 
 type TunnelConfig struct {
@@ -112,11 +106,11 @@ func (c *TunnelConfig) connectionOptions(originLocalAddr string, numPreviousAtte
 }
 
 func (c *TunnelConfig) SupportedFeatures() []string {
-	features := []string{FeatureSerializedHeaders}
+	supported := []string{features.FeatureSerializedHeaders}
 	if c.NamedTunnel == nil {
-		features = append(features, FeatureQuickReconnects)
+		supported = append(supported, features.FeatureQuickReconnects)
 	}
-	return features
+	return supported
 }
 
 func StartTunnelDaemon(