This is less of an issue and more of a question - how does one set duplicate headers in the HTTP response?

I am trying to set 2 cookies on the HTTP response, and according to the Headers class in the Goliath framework, Set-Cookie is an allowed duplicate header. However the Goliath framework requires that headers are set as a hash which does not allow duplicate keys (i.e. header names like Set-Cookie). Any sample code revealing if/ how this can be done will be greatly appreciated.

You can just set it multiple times. The header code has a list of allowed duplicates which skips the check for previously setting the header. The duplicate header will then be set into the array of output headers.

      return if @sent.has_key?(key) && !(ALLOWED_DUPLICATES.include?(key))

Thanks I saw that code as well, but as an application developer I assume one is not meant to access the Goliath::Header class directly. There are no samples or tests indicating direct access of the Goliath::Header class. All the code samples indicate the response method must be implemented to return the HTTP status code, headers and response body like so:
def response(env) ... ... [code, headers, resp] end

In the above code snippet, the headers variable is a hash, which does not allow duplicates. I have even enabled duplicates in this header hash by using headers.compare_by_identity, which does work and allows the duplicate key in the headers hash, but this does not get carried through into the HTTP response returned by Goliath. So that header code you mention is not achieving the desired goal. Hence my request for a code sample which illustrates how one takes advantage of this feature, as presumably there is another way.