There are zero buzzwords. I was just being vague because again, the cost of just flipping https on is negligible, it's literally more work to have this conversation and work out all of the details of exactly what attacks you're protected against.
It is never worth asking "should I even do https?" The only variation worth considering is "is https enough?" And even then, start with https and then build on top.