A site supports Public key length of 256 bits while best practice is 1024+ - what does this mean?

It's an up-to-date website using elliptic curve cryptography (ECC). ECC key sizes are not directly comparable with RSA, and a 256-bit key is more than enough for security -- 112-bit is the most that has ever been cracked. It's equivalent to a 3072-bit RSA key.

In short, 256-bit public key is from ECC, i.e. elliptic curve cryptography.

The 1024-bit public key refers to bit length of the RSA modulus N.

Now we are at late 2018, the best practice is a 2048-bit or higher modulus.

You can check https://en.wikipedia.org/wiki/Key_size for a detailed explanation regarding to key size.