You could do the same with a POST by just running the following in a hidden iframe on your site:

  <form id="form" method="post" action="https://accounts.google.com/Logout"></form>
  <script>$('#form').submit()</script>

The correct way of dealing with this issue is to rely on CSRF tokens.

I believe that would be the point of <meta http-equiv="X-Frame-Options" content="deny">

That's like trying to duct tape your arm back on after losing a fight with a chainsaw.

<img src="https://accounts.google.com/Logout" style="display:none">

"X-Frame-Options" is used to defend against click-jacking attacks, not to defend against CSRF.