New application security features in Clarion - Clarion

I’m curious, as far as I know (and I haven’t looked at this in years), isn’t this just implemented as flags in the PE header? If I’m right then in theory any CW app can support ASLR and DEP, you just have to know which bits to twiddle.