diff --git a/ghost/core/core/server/services/members/content-gating.js b/ghost/core/core/server/services/members/content-gating.js
index 69e153475e..206a71fc19 100644
--- a/ghost/core/core/server/services/members/content-gating.js
+++ b/ghost/core/core/server/services/members/content-gating.js
@@ -8,12 +8,6 @@ const BLOCK_ACCESS = false;
 
 // TODO: better place to store this?
 const MEMBER_NQL_EXPANSIONS = [{
-    key: 'labels',
-    replacement: 'labels.slug'
-}, {
-    key: 'label',
-    replacement: 'labels.slug'
-}, {
     key: 'products',
     replacement: 'products.slug'
 }, {
@@ -21,6 +15,16 @@ const MEMBER_NQL_EXPANSIONS = [{
     replacement: 'products.slug'
 }];
 
+const rejectUnknownKeys = input => nql.utils.mapQuery(input, function (value, key) {
+    if (!['product', 'products', 'status'].includes(key.toLowerCase())) {
+        return;
+    }
+
+    return {
+        [key]: value
+    };
+});
+
 /**
  * @param {object} post - A post object to check access to
  * @param {object} member - The member whos access should be checked
@@ -50,7 +54,7 @@ function checkPostAccess(post, member) {
         }).join(',');
     }
 
-    if (visibility && member.status && nql(visibility, {expansions: MEMBER_NQL_EXPANSIONS}).queryJSON(member)) {
+    if (visibility && member.status && nql(visibility, {expansions: MEMBER_NQL_EXPANSIONS, transformer: rejectUnknownKeys}).queryJSON(member)) {
         return PERMIT_ACCESS;
     }