HSTS is the official way to force HTTPS (aside 301 redirects), if you have the best certificate in the world, but the client is using HTTP, then there is no point.
If you only have CT logs you are just catching the issue (if... the CT log servers themselves are not blocked by the rogue actor), but it's still too late.
Cert Pinning is here to prevent the issue, whether browsers or not wants to follow it is another question.
