I prefer to use HTTP Basic Authentication to protect development/staging content from indexing. this gives googlebot a 401 status code. as suggested by LifeinAsia using a 403 Forbidden status code works just as well. the meta robots noindex solution is effective for keeping the dev urls out of the index but uses more server resources.
Msg#: 4596059 posted 12:39 am on Jul 25, 2013 (gmt 0)
Move your test server to a different subdomain and set up HTTP Basic Authentication on it.
On the indexed test subdomain set up a site-wide page-by-page redirect to the main site. Leave the redirect in place for at least 3 months after the last request from anywhere is received.
The "noindex" meta tag is not enough to get you out of trouble. A few years back a company fulfilled several orders before they realised the price paid by the customer was way too low. Turns out the customer had noticed that the prices on the test subdomain were quite old and the site allowed you to place an order!