I'm trying to set X-frame-options to ALLOW-FROM uri. No success through HAC and local.properties/recipes.

Is there a way to change it using backoffice or is there anything else I can do it to simply change that parameter?

Obs.:By the way, it all is required to allow Hybris Sales to perform singlesigon in Hybris Commerce.

Add the property to your local.properties and restart the server:

 xss.filter.header.X-Frame-Options=ALLOW-FROM https://somewhere.else.com
If this doesn't work (and it should, I've changed this property for countless projects) you have some other problem...
Are you 100% sure the out-of-the-box XSSFilter is the only thing that sets the X-Frame-Options header?
						
You are right, seems we got a confusion due working with multiple environments.
Have you ever used:  ??
I believe I ll still need it to perform a mashup/singlesignon between Hybrys Sales and Hybris Commerce right?
						
 By the way, it all is required to allow Hybris Sales to perform singlesigon in Hybris Commerce.
If you use a mashup (= iframe), then yes, you need to fiddle with the X-Frame-Options header. 
Or you just provide a link to Commerce in the Sales frontend, which spares you all the hassle (AFAIK, that's how works OOTB). So the user has a link that opens the storefront and performs SSO for him/her automatically
						
Thank you Markus. Seems my comment got the extension name I was referring to removed. So let me complement my questions to finish my doubts.
Is it still necessary to implement the extension: "samlsinglesignon" to be able to log into commerce from sales interface ?