I use ASP.NET MVC's AntiForgeryToken and ValidateForgeryToken for anti-CSRF for POSTs (AJAX POSTs and form POSTs).
Does WebSharper have something that does the same job?
(I can't consider using a web framework that doesn't have this, so knowing up-front whether the ability exists or not dictates whether I can look into WebSharper further.)
It didn't, but CSRF support was recently added for RPC. The current release (3.3) is the first release with support for it, so as long as you're up to date, it's supported.
I've linked to the commit below in case you want to see the internals, but it's your standard CSRF token.
https://github.com/intellifactory/websharper/commit/409dcaae9bb26de19815e633776fe9196d0e2263