No-one said you should rely on only these techniques. These should form part of your security approach. Yes use HSTS, but also set you webserver to always redirect http to https, etc.
Remember an attacker only has to find one way in, but you need to defend against everything. You should make it as hard as possible for an attack. Every brick in the wall helps.
Remember an attacker only has to find one way in, but you need to defend against everything. You should make it as hard as possible for an attack. Every brick in the wall helps.