Sinatra uses Rack::Protection, in particular the frame_options option, which is what is setting the X-Frame-Options header.
You can configure which protections are used. Sinatra turns most of them on by default, (some are only enabled if you also are using sessions, and Rack::Protection itself doesn’t enable some by default).
To prevent sending the X-Frame-Options header you need to disable frame_options like this:
set :protection, :except => :frame_options