Suppose, your subdomain is book.example.com
and it is pointed to /public_html/book/ path
1st step:-
In the Top directory robots.txt file
add there one line
Disallow: /book/2nd step:
In book folder, add a .htaccess file with below code.
<IfModule mod_headers.c>
Header set X-Robots-Tag "noindex, nofollow"
</IfModule>Please note: It will set no-index and nofollow tag at entire subdomain (will reflect book dir because, .htaccess is there). Dropbox has implemented similar concept to protect user privacy.
How to test it, either it's working or not?
Go to Mozilla Firefox > Press F12 > Then, Browse your subdomain
Now - Go to Network Tab, Click on your sub-domain, verify the header set
All the best 